Extracting prog: 5h6m32.890336109s
Minimizing prog: 2h45m33.927543628s
Simplifying prog options: 14m12.62281705s
Extracting C: 5m5.859388412s
Simplifying C: 0s


extracting reproducer from 38 programs
testing a last program of every proc
single: executing 8 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-socket$inet6_tcp-bpf$PROG_LOAD_XDP-setsockopt$IP6T_SO_SET_REPLACE-ioctl$KVM_CREATE_VCPU-mmap-mlock
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sndseq-socket$tipc-setsockopt$TIPC_GROUP_JOIN-ioctl$KVM_SET_REGS-socket$tipc-openat$ptmx-ioctl$TIOCSETD-ioctl$TCFLSH-socket$tipc-setsockopt$TIPC_GROUP_JOIN-setsockopt$TIPC_GROUP_JOIN-sendmsg$tipc-ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL
detailed listing:
executing program 0:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-bpf$BPF_BTF_LOAD-clock_gettime-ppoll-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-ioctl$TCSETS-mount-sendmsg$NLBL_MGMT_C_ADD-syz_open_pts
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-io_uring_setup-capset-socketpair$unix-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-openat$tun-syz_init_net_socket$bt_hci-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-userfaultfd-ioctl$UFFDIO_API-fcntl$dupfd-ioctl$UFFDIO_CONTINUE-bpf$BPF_BTF_GET_NEXT_ID-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-bpf$PROG_LOAD-bind$bt_hci-write$bt_hci-syz_io_uring_setup-socket$kcm-sendmsg$kcm-mount-syz_init_net_socket$bt_sco-bind$bt_sco-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_S_CTRL-setsockopt$bt_BT_DEFER_SETUP-syz_io_uring_setup-openat$proc_mixer
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-ioctl$sock_SIOCGIFINDEX-sendto$packet
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-ioctl$sock_SIOCGIFINDEX-sendto$packet
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-sendmsg$nl_route_sched-socket$nl_route-poll-mknodat-socket$alg-bind$alg-accept4$alg-io_setup-io_submit-mknodat-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-linkat-sendmsg$nl_route-sendmsg$inet-bpf$BPF_BTF_LOAD
detailed listing:
executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-sendmsg$nl_route_sched-socket$nl_route-poll-mknodat-socket$alg-bind$alg-accept4$alg-io_setup-io_submit-mknodat-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-linkat-sendmsg$nl_route-sendmsg$inet-bpf$BPF_BTF_LOAD
detailed listing:
executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)

program did not crash
single: failed to extract reproducer
bisect: bisecting 38 programs with base timeout 30s
testing program (duration=39s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 12, 11, 25, 7, 18, 18, 3, 5, 4, 30, 2, 3, 3, 6, 27, 30, 30, 30, 30, 4, 10, 21, 8, 20, 8, 17, 7, 40, 16, 29, 28, 8, 27, 12, 13, 3, 8]
detailed listing:
executing program 3:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e1200f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000005000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd2f, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) (async)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x0, 0x1) (async)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
syz_usb_connect(0x3, 0x5d, 0x0, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) (async)
setsockopt$inet_tcp_int(r3, 0x6, 0x3, 0x0, 0x0) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='exfat\x00', 0x0, 0x0) (async)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a00"], 0x44}}, 0x0) (async)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x1000)=nil) (async, rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0x70bd29, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0) (async)
close(r2) (async, rerun: 32)
socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff"], 0x3}}, 0x0) (async)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) (async)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)
executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
r2 = gettid()
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
syz_open_procfs(r3, &(0x7f0000000600)='net/llc/core\x00')
ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000200)={0x0, 0xfffffffffffffe64})
syz_clone3(&(0x7f0000000580)={0x204000, &(0x7f0000000280), &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000300), {0xb}, &(0x7f0000000480)=""/103, 0x67, &(0x7f0000000500)=""/79, &(0x7f0000000340)=[r2, r3, r2, r1, r2, r1, r1, r1, r3], 0x9}, 0x58)
setpgid(r3, r4)
mount$9p_fd(0x0, &(0x7f0000000140)='./file1/file0/file0\x00', 0x0, 0x11024c4, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8000, 0x20)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue1\x00'})
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r5, 0x100)
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000000)=@file={0x1}, 0x6e)
connect$unix(r6, &(0x7f0000000080)=@file={0x1}, 0x6e)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000180))
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1)
recvmsg$unix(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x2001)
recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2)
sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='#', 0x1}], 0x1}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a000000000010108000000000000000002000000240001801400018008000100ac1414aa08000200ac1414aa0c00028005000100000000003c0002802c0001807700030000000000000014000400000000000000000000000000000000010c0002800500010000000000080007400000000024000e8014000180080001007f00000129000200ac1e00010c0002800500010006000000"], 0xa0}}, 0x0)
executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 32:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
executing program 0:
r0 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000010000000068000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c30000000b8adaed8ec6e8fac0000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e6700000000000000000000000000000000000000000004000000000018040000000000000c0000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00000000fa0100000000000000000000000000000000000000000000000000000000004037118bc35d3037960000000000000000000000000000000000000000000000000000000000001f00000000000000000000009300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300020000000000000000006c00000000000000000000000000000000000000000000000000000000000000000000000000892f9284b45f00000000000000000000000000000000a600000000000000000000000000f9ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000800000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5000000000000000000000000000000e21071ce4cc8eaac65a0f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070cc490d0510d30ce90b91aedadb0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd00000000000000000000000000000000009476b0c33efd5e65b7316c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bc1d077b4817d693d02c0000000000000000000000000000000000416cbf6525780f42e3870800000000000000000000000000000000000000000000000000000000000000abcc3311337430270000000000000000000000000000000000000000000000000037ff1cf2f8e52e074300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d65992000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081cc42e042291bc3000000000000200000000000000000000000000000000000000000000000000000000000005de0eab8674f2269845f530928d7000000000000000000000000000000000000000000000000000000000000000000000000000000ee72000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000095dd0000000000000000c1a8a95ba6a3ba677371c303b5426300000000000000000000000000000000000000000000000000000000597924c6edee670300000000000000000000000000000000000000000000080000000000000000e28abc2086f4dcecbcd7aca1775004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000800000000000000000000000000000000000000000000000c81e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000052000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d100"/2376]}, 0x9c0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="7f9b05000200000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=0x1, @ANYBLOB="000000001e000000b70c4602000000000001000000000000080ae3a0bf1206bc4251d69870280a58a16f72f2ff27fc10a2ad464a431f808f0806a682c4e36945a2c976f3244b98"], &(0x7f0000000000)='GPL\x00', 0x1, 0xb5, &(0x7f0000000140)=""/181, 0x40f00, 0x58, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x1, 0x0, 0x10}, 0x10, 0x28f79, 0xffffffffffffffff, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], &(0x7f00000002c0)=[{0x5, 0x2, 0xb, 0xb}, {0x5, 0x1, 0xc, 0xb}], 0x10, 0x2, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000003c0)=r1, 0x4)
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 33:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 2:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000001c0))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000300)={0x60, 0x0, &(0x7f0000182000/0x3000)=nil, &(0x7f0000f70000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={<r2=>0x0, 0xfeb, 0x8001}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000000c0)={r2, 0x1, 0x1, [0x2f]}, 0xa)
executing program 2:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, 0x0)
sendmsg$kcm(r0, 0x0, 0x40000)
sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2d, 'io'}, {0x2d, 'rdma'}]}, 0xa)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
mremap(&(0x7f0000083000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000384000/0x4000)=nil)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
arch_prctl$ARCH_MAP_VDSO_64(0x1001, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="02"], 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r5, r2, 0x0, 0x0, @val=@tracing={0x0, 0x2}}, 0x40)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000680)={r2, &(0x7f0000000600)="70921345000841f626f9f197a5ccb5b25caf7c1ea1", &(0x7f0000000640)=""/57}, 0x20)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000003c0)={&(0x7f0000000180)="08ea514d3873421a4cfea7391fa86bea030b15b03f8353035a7fdea99b8f62b5bed10685532dda5b2703d8e78a567e5fb02f7df58ed33a0a620d7e606394338bb2da476136ea4ff3aa433f34cc15b59ed8f1ed4a8c30a82ffbb204d10d538256cc1c6e616de44b06eb63b9752687f13b139ec470759de3d7e09ac1afebd32239aa766d67f9a9a16383be5b2e296f68a23ab70ec77054b302cce77bd19849ced8", &(0x7f0000000240)=""/174, &(0x7f0000000300)="d93fb463d0bf14b58799b17e9c1cf172f2516cce0ed3c0e320de435e0401382fe8e7acd4d5f20feaf7aff608b098892c2c3ef66709a3c6fc51a8be80ae1c717e24e214ab822992d1792c98bfc8fa76cb85eb6f15b79ca660eec9eefc2b312d1af1b6043b41f778e355c6cb9d8a64935459168c4a93e05cd95c1b4c5b4d2243d37219e5acecfd55aabf", &(0x7f0000000080)="6a55e4ed66a2a25feb1dd754f2c48bb651ed", 0x7, r2, 0x4}, 0x38)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2c000000331800088014006c00fec00000000000000000ef8e2e89224eccefbc6385c63258e981c89c4c12bdeb1eb4dc52131c6e26ec1af8860127c08c00080ffd1440004147483d4dcf910ec8b59c2ba457be5ea6f92d5baf8ce03a6e63872c16c592febf84bf18988198834bcf3aa461f3163e342548e2a90ca0a61d1bcfbe739eda68b46bb2ea5c604628a5d22b3c1828d0dfd6d9c988c29781f40551f34792ce889c87bfe50bfcfadab344c7a6486717ab546d60d2de434757cf91a6bfe1e8844fd29fb39e9ba31fb47de586bfbb37bed3a52158bd8201fa48d96d8b7b71e01135b5e8cb754e3005fe77e700"], 0x2c}, 0x1, 0x0, 0x0, 0x28000}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x12, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xc618, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
executing program 2:
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_open_dev$MSR(&(0x7f0000000040), 0x9, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
memfd_create(&(0x7f00000000c0)='lo\x00', 0x0)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
connect$unix(r3, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e)
sendto$packet(r3, &(0x7f00000001c0)="5891e7ad2b259f2e970021eacc690f709d23471dc3d88a9386aaab543da91991ca7e2d62f8d057dc69d1434c925d03aff7052b883e96e5c089a49d57e8d258210444c8830e86e5889577d06427580cea1875aabb7d4bffe4c1f44ae790e7054872ab0fbb68e1ac15f110d678ca7eefd2c36fb21b1aab58a42f6ce4290a5bd7adcc12b978f385e650d4be728fe7d11928a1d821f6ce200812bbde89732106255f7eff29c423922cdee09ebf72353564eac7d3dc1f55", 0xb5, 0x44840, &(0x7f0000000280)={0x11, 0x19, r2, 0x1, 0x6, 0x6, @local}, 0x14)
connect$bt_l2cap(r3, &(0x7f00000002c0)={0x1f, 0x7, @any, 0xd}, 0xe)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), r3)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r5, 0x10, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xe0c6f1caf20e75f0}, 0x815)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
fcntl$addseals(r4, 0x409, 0x4)
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000480))
fremovexattr(r0, &(0x7f00000004c0)=@random={'user.', '/selinux/avc/hash_stats\x00'})
pwritev(r0, &(0x7f00000005c0)=[{&(0x7f0000000500)="6d5c9439012e20cf6b32f2a078b49ca7cf381047a0a1801a3251fb3a858fb6c59e7a453158a0e19ebc439a96bf6d2ded72d03de20f9498b00f079d0b2eec26282b337cc904e2bdb5d316fd97d3c55e67241169ab018c9b5f19d8b06863789e1bec19e82591d62d595d036675512a0762895f5126691f684c110a87536557fc677a154293dc5158fdada19692d4a0ad00ae20e4c1b6", 0x95}], 0x1, 0x80000001, 0x6)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000680)=<r6=>0x0)
sendto(r0, &(0x7f0000000600)="73d0ea479a58a2a516068ed91db323bcdcd2abe51e4b9cb972a4ed1caab46031d4bb5cce72ebed615671a22bcd352c42eace2e974e44fe4075b1c446ea4ed74dfa7b1da8bf413ab256f6b7a91ef83fe8a7add83a42183ecb55921efffe09776f8c6d6bb5766e50188ba242d5919171a0a179bf3afc17f1e56014", 0x7a, 0x0, &(0x7f00000006c0)=@nfc_llcp={0x27, r6, 0x1, 0x4, 0x6, 0x7, "385a0d2ece80586a5fdb506dfa118a0ef81c8bdee6627772b34293a25a4cbc0670e9603881d5af3db3ee37ce4b3d9fb08ce10d4bf8d4e65434d6b38c39b382", 0x18}, 0x80)
keyctl$set_reqkey_keyring(0xe, 0x6)
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4200042}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffffe}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4080800)
mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1)
fcntl$getownex(r4, 0x10, &(0x7f0000000840)={0x0, <r7=>0x0})
sched_setscheduler(r7, 0x1, &(0x7f0000000880)=0x1)
connect$rose(r3, &(0x7f00000008c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default]}, 0x40)
bpf$ENABLE_STATS(0x20, &(0x7f0000000900), 0x4)
bpf$ENABLE_STATS(0x20, &(0x7f0000000940), 0x4)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000980)={[{0x2, 0x101, 0x5, 0x3, 0x20, 0x0, 0xfd, 0x8, 0x6, 0x7, 0x15, 0x2, 0x8000000000000000}, {0xf156, 0x6, 0x6, 0x1, 0x2, 0x3, 0x7, 0x2, 0xb7, 0x5, 0x6, 0xde, 0x6}, {0x7, 0x9, 0xf, 0x4, 0x19, 0x1, 0x40, 0x9, 0x6, 0x4, 0x1, 0x4, 0x5}], 0x81})
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 5:
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x2, 0x2)
close_range(r0, r0, 0x2)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x17, 0x1, 0x1, "3271bdf0f2f20d55806b26b1d72197edb1439b1c4200"})
executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000140)=<r3=>0x0, &(0x7f00000001c0)=0x4)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x100000001, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000000c0)={0xf0f000, 0x6})
sendmsg$nl_route(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@RTM_NEWMDB={0x18, 0x54, 0x8, 0x70bd2d, 0x25dfdbfd, {0x7, r3}}, 0x18}, 0x1, 0x0, 0x0, 0x40800}, 0x20000080)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (rerun: 64)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) (async)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180)) (async, rerun: 32)
syz_open_dev$ptys(0xc, 0x3, 0x1) (async, rerun: 32)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) (async, rerun: 32)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) (rerun: 32)
write$UHID_INPUT(r5, &(0x7f00000010c0)={0x8, {"eddd025b60fdc30a063f172d718c2bd6b3645eadae0f767eb61f2421975b0064d30faba72ba63ab33c4ee2a6cb2f0cb187830255738dd670e8e178672a7473488a157b83ca0ed9657299e98243c15b6b8e08f34570dda445b526949a9b3aebdb97dda475e54a098f1ae57c4774c8ef81d36c77d309e0c817fba3415591dd26a637e43bec5f0fb193d8671889d89ac77bd90ee5efac63bf9eafc61f393e33aaa503760afad0e395042048defbc27ecc254790f419072feb3d5fb4815364072248a42bb88952f316952ea727ae850143819fb80a77407a2309c90ee7894bee7c5862bf14672cc9036bf0ccba7769b5d57b757b550180000000000000a7f0840d7040084b449eb5445ea40b3b9811a66d5228839907fba91ba8a5ca95b4600fcd98f93af794a412e97404d6f40a61e802f6112ff259a29ca8fb98ffce8fd12509883e812e7edb4a643fe4aac56bb01f69823bd6f4ebd618d81cb3d463eea2c9bae30b888a824043a71d5f3319b146848d63a5415f5ed47b33cafa473cc2c91c425a2d24bf5d8e627e6fc63f58a7b08180ce16e5aa7015478cfbebba3045ec5dd620f69659f3fe11af23b095b43ced6a48afaf3d9a78762d40ada3b1fead7884620e213f28a9a2e6bcda0b88347c8eb3f6be8be3fc2d507eaae0430ccd836d4790038d25d65091e6e7ee9bec612b4a5d90e9e878c9c57fd1aa28ee9fab64d2d3bec12ae68a974c0f64365548a5db8a1d8fc9e32b38df32e826a3d2a88ae824a5faa87d7a25373728da5322ebc73db3d9ac8c64db9c90b18d67b7770966a3b8a1079f5b83f21482ff8b1cc1c699a0a5a135b6fe2791abb556603e3255e89922de5bca02d57ace9f6d486a363891b6c15e3c0000000047e9617351e98a040f2e7019ddee08f2d6cdc9de2f7a32ea65d266513fa7821c24c90ae39268757eefacfe94d53c740747c86429eadbead0a3576549442f4f77d846df8d54b37fc280bd5b9320f872756706357b9813318a6bfeb77d4ddec55ab5592da2c6d05b3c021182485b96a634013c5ad5ba55f07d07211c0db03ccb5981f5955df2e86cd0f62f6ba66fe4abf695ebc6629e42f6ce96a132883f148eeeacdff13b1cbfa73cbc70b8c5b677682d7c60d1a1311b1222aef1edb4e231c869a18f9ae8eeba4eb4cba8a4a56703cd90710b2208bce8e9a18aaf4e7c47474c08ff85c307d660607bddfe49ac714e0fcdfefedddafa452dfe0341c8a8f07e62e4486699a740feda4b7b2bc635308eb6990f3dfa9065aa8b26ad0ac66fe86dbf2dfb5f0c4b0cad557d4fa4b61116aa57a285a705e1d87d3f8d560b5fd3f8c5df3dc22bd4edb36c1c2e78c0b69863f576d3053ceb21ecb287faf64bb7a3cfe3c28eb7c2335a3af5a29308dac5f7d6f48f46da8370124c37e5a3c9fdfd3d78a082030b2233f02fae54012d2ad2b1c1ec2a35a130a5d3f76b5f9a10a4d31ca41c5c2f58a40c058a48e5dd8a71adbabcbca341e46a6ad538491025e79db3c59350b229ae433537e54b62968ff582f041080719fb88778884da1c79ff28398d8edfcd931043b64bf75b944e735d6d0fa62ed1e3550fe9fa5c1f063b06fb8e13909c87efffe72481ada2d01522a93c70266aa3991c7141ecca2bc618fe54d7529a0c2a46469ca4b2086e112fdf4e1266ca6b5fd4b0fbea280dd246f622f0da6d0f3e3b0357dc0744132e66d8b035662ad5cd3faedd2f743e24ecfed2efd6fd3aed1402bdbc66af3c0b77b7962966649591d7d5985c81a063d46ddf07656f2b049f5811b310e567027bc1b6d44fc892d37aeda8cacc704c1dcc1a7ef759937416e01163027b81befa86772ddf576c37f3151792c4358d1fa418bcd250dc41effa988116589b110d31a59486123769e50f5b3985b4660919f08dd5c96ab8ab03322d0c61890f90e56970f0aa13a96bcfa97139d5627ed6a5558dee292bf0a6e5ad23341c7dc3464a05b9045cc3abbfc0448bf9ca044fd188569cc0c57e07105d1fa1efd44529b6592fa718e092c1a3fa3e56689c9c5168a5619bf2109bde2dca59ad16735e597402c1896d4e24f56c9d4bbc1f0b3a0135b7028a402c6a1a78de57a838b1871477d7b43dff3779fdb50b2ec9a3ae11fab7f715e7979e64a0f0d54d025105d1f768cdad112aeb2eac1c8042aff6fb975a16c64080ba4e0de0af9b8a975a2b6af6a05dff8ae848f6b80f2bd80c56e4683e67a3aaad0e72242b0f0f07d7d7a64a8669e75a99ba4fdb2ba239c5ef28c8f1dc0b2459698b374f1035a75eafde3d90d69afa489ee2d7f7958a5cc51e574203bab464ddd4d08abbb77c8874c6ce692d078bdc309d73ccb49c9d60a269c77601e82e1c824fca2a43605f8453943d23794785096da2ff56547389009e27a908cfcea03ede09c392e0bafa30891e23fbacdf08b49cbd2f4083f94c3c71877ffac86d426e5fe08fa9541f837f2de8440e0b2226b664a45a564f1357e804c24cd2cef95564a1e0041736ced508a63af4e9f4ae9f690084f8c67db3b3569fb86225b6cce291da8057200d1f86899081ebfa5274625ada6ee793fe4246d97157d608099a6adf81eb88bb37cdb64a18ed0e13a0cfeea3af2164a59b8a90a4a1dfad6f03cc27ccbcc879c2b54a57a6d81e01dbd9d7440e9f1a1f608617a308214b58a9090022b7c6631cda308a0aa13dd68159bd8578afeb5402b0e227ef709d8c58929fba262ff4ec70c3a8f68b98f92380201112f560c216d5dc61ad466ee08c1af18982617597436c6a0e0077bb2dab8932175fb30aafceb4d63b4b8aa4a1c2f3867a83855d418ae75b3029dff960a5a4fcbe0fb84828633d535413e0c70a26b2485dddaa7c52256ad85d5f71778af39692fb8553850bbac096d8d9c9145e0ed7903b5d530005f29493a5aa7e0c04b62cc07f2bcfa31a48ce7c167abdd145af8c25fb882b64e41a9b51ae77209d82a9095e1d80711e1c802302b92ad8e413bc9b200e57c6038a46bfc9468b5fdda7f3e57e676c99d4dde6b3a86ed2cb9a55cf199835ef9d858f5a692c4036b32ea07c76c29faa5e2241afab129340b6e2ad94baea982429225cfac726dbf137f6477432a31808a281c9af3c4bef4a2f508721ec71fc1c374fca4d4e25ed9754a41ebfcaaac7637caa13791a64ff995d3cd984ed8cecccc491de80596f8db8d3fe6a6f2b208d065fb6fbb5569bf7cd8a8162271ca5e5ed2b3b98f28d81b3b498345c48492c8fe2e6181f527bbe4ce6600f9e33fb65609bc4318ecf4ca151d3095232820a84704311f0bd3532178cf1e6ef9483b1f52ec2992e84aaf1239c99faeab989bd9848223e90093e71eb650660255fce7bd85872e413fe219859d18ef67f1f07a590ceadc1c687820c3c7cf9e2ff9609199c4b49fd74553507c1c7f45b5b1b40c96c0c984977f476ed686f8710248677847f5c0989df0eca6be3df498acfcfbca85bb986c8d844c19f62b06b95d8d6f4e4367040d45e494271f29546f1086f88fdc549402bd669e9aed5fe000000ef7668d3abeadb430d30534aef0a3a9a125bdeaa11647bafe6e1303b967d29718ac301cadbb43654a36b78ff91836584a5e3472db8db4ded526ecfef2efa2279c17639d3aef1587d5b8bbc8abec3a28dba276613c514a50fe243a588ecdb77ab1525088507f5a0537ba59062416beb479538806f04e70bc192c1fd46377c6105116cd21b75f29f91b67317ce4bd67dea18f560765dabf8f0cebfb770339aa2558df698e1ee22adc7b81b16b2e7fb06e7b5c2ca98c71aec18bc23b11d3b84c6a10aa866c5f438fc2d928fc89ce0902492cd79d6a1ffce27a66031cc24d1b82e9e8b6bdcb6b37f89531e048ae5ee10483dccbb734ba20a15b145fdeadfc461e146d8882133b4e6c6ba30d316ee0bf0bf40f26639077d090d1df3b943e78ba5ece82fcd4576cf3a87d7a9ad080b2cce7371e5bd671ad37e35ff03dfb6684ac0d4eda69154444aef2a173ba093bc87839e41388b2101f72a9b6cf675efbb231b007c11a7b452df89a584f459b23340c0dae21a4146968b66ac9b08d2408830ccec4e6fb1dd665c3023a3b32042b1facfb0bd4d5b9861fe5b0abee3313264b5abe61b1e145bc11121dc87bf1a6008433dedd4d7977b082400136bfceb33a2a3ceea9a6b67b8f85b604970c3ad474db7356f802bc840afe833c9056c037b2ea240b5846149682e14e4e126c7f88b9eb2c7384da631fbab63754611d52b4107dfd10fdf46e557be95a07e6ae64cbeb2d420bcfd87a2f52ecbfe5eba301e3c86761c1545b876e5951106e91be75e9d22301674bca4d729fffd9812cb984910b976c2a74966caf3d75ba7dc7f4275d24caf3bc94376a3579e8575c69401ea75d14e27f98eb7a05eccebd36ea89c4ac0dec65eb613d7f052c6b75b398c65249449b0693164a51c0c224ac1bb4f0781d2d10b96519131b6df9541aa1e7511820f71ab1d497234862f475356d9664a9fbbf0285738a143842820d5b795dcca64a24de4bae802fae01d82fec5548e108c4e750e8f1580d2ebd6bde06622db32c1f47eca183a81ecfde3b6a187c47f7984d2c6051f2ace7ac2bfc5da0cd4b0e57e69bf39551cc5443e12e9ce113cff2cecdd2802e5b9c5a1107e1ed982b93b8e986afa379ac1c6a5ee67e966c72bf149f9ba1c169bafe3d58e18e56438ad4a4db4826edb5eb4ff27808ddd7f87eb31cf232effc9bfff7305d91696e17058217d2d5596ae9082a1cc98d60b854b2ff76718d981c20d68ecf4f1a8dcd5f9f06162df324b84b246e5e11d6722003f32e3396e30c11724db17210c37dfa080c1be2fbeea1c92e084f72386fb29856bc25a16a53f97f44a5e81fd55872772eebdd0db3a5bdf0c28d34a48f8d707a97a3b89367c98e30dbe9c02444177a8fbaa605c6051157e41fade8432af5233ee030ad6fb7572ee4e7bd687dd855fe112ac46a7b1abe88771eb3b49e3d583efe7b79394ca4687acfc262af45dbf4736e9e17d39ea5f8e81f6ed7f242c5a09da7f22f37ce9d5e6222fa71aed8ee69e501d30cd98f5c5275d5dcc1f112c3dbd2cca465f7442d952353613ac5b30222cf153c598c15c102b0dd0d99e45595d98ab365fda3f6e3bdf29b66a8d0a43c1c6a109e3056015a49e4f9ed7522163da86b9e2bf14d7c0ff026261f96feabc0b1c64ba130acb2c4927a783bed9f4e1d38f0a1351000334010b99585c24fb9a7a24809e4bffc3448c778dbeeed816225b2173fae0975e1b9c19213dc33bab3a9bbe8f62e306a1aecac5484d3f23421f5064c16aa4fa67de32222115928c0f3b114593dd0c791c590be61e0b97ed0b0e0dcdb238eb1290466d9c10dfaa8c7fcd0bf659897d945df86d936c67e42924d47a4245fb3d6f8ec538d59c100c6e52100317ea41a1fd253ddd54b13b6a2807ea729d3fd7e1b0461cc78b2c7c889b9ad3ec0398399ff645f3ab988b8a52d9f09a430cfa0390c4c5ad3a392ef28a9f4056d77b712df09b69d7d93617c4783133f9abab2d6935d54f59d0c1b5ea4dba28af7bbfeaf29009618c436ddec116f8966b4ae89ceca545daef5a48f1668231731af7abc502df9f7d308998b92adbfdf0937186a9cbcd4267dc1d0e399b27dacc07ca37f76ceb42f13e4de89dd484a91dc8a2bebece95c6400fde8bdc6d2857454f562f04422b632925c84fb501998ab096363acafea06790c298a76267ca63d81763343fa1fbbbeecba24ca939b3f4d577a5129fd3c407cada9151a12b04e76d664b232cf05c9ad000", 0x1000}}, 0x1006) (async, rerun: 32)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async, rerun: 32)
write$binfmt_script(r3, &(0x7f0000002100)={'#! ', './file0', [{0x20, '#'}, {}, {0x20, ':\'.-'}, {0x20, '/dev/kvm\x00'}], 0xa, "8c79cbaaff1a5711ce3c551ef59dfb07c99a23588138fa541974172252c15cd76ef24b04530f228ab3c32079e9beb85ad6d69f0cc34392768af1d01d72b8e9e94b0a16c0da6237812557e90f69238d78a513f29ce91a1c4e3f720599191d973c540b95034a3fc55fc4fcab17ae3a5b9b862c0f0cfabaae846096d401932e906e9660d5ba938dd185b3b7312b629783a2f1e05d38b75c30070399ebb1400e7000708caffae87ef3fecf4e9aca82b4688fda0506e3108281c79ac7d2814546d1eba3ef5fc5ab31a4dcfd3a392aa37427239ffa22c8481cd8a941279c9ef92e0f72f6719fd988f5ea0f7d1b03302a550390980f4a6632af6db250a4e437c4b4e7328a90d3309930a0e09389818dfb7437c4dfbb2cc5cbc98b27d1cf65761b7c2f6da808d0318c356e1bc2c13f693b03563e27af053db0fe53a4d87565ff399a74d88bdeed29fd2fd2a8ee621222ce5aa82601d37415a451f70cf1e9ca1acdf0b83695e1d75dd3a6946fa5d72d990851454682f9129b93c9675f9f11f8d9dc793f8be0088d2f181c2c309fe491b6edfd265177767fc61425ce53131bf2966ec16eaed996bd0e17a76ef53071698daf3f452f4b8209347ec024284e17fb582626cf64a485dfbe1438c7dd2224a3e53f75da41af47233121fab7ced3c2e05f030698f7a12956b345a9f9915a1f8342691b6732617744321067939b4be93b1291668d895c5b6e91e65ecae164fdf30befd934f83516ea58288c4108e6ca623b28b6568aad077c01f707e715aeb1db226ab536782fdf2b058d5c951904ec1f67336b4c219966559db7c48e2200c9fdf359d7de55190fa2de4705228c470aa009dec1e234a0cd7e7430fc63c6494608c0b8c8f781d1b9395896cefaaee4bdf9805a6428b438cefe65aab5531a23c08be29895d4156280145072aa93b7217001046fd7e6725c8e375a284ca6f4aafc2b5bb9fc3914c2cb33a62933f6ae68350a83ab467b9a3be08553734320e925fa2ea99382c15591b391da78c2bd2774f6263714d0e371a18401b6bff2806a8505ee42f686a98ad8ff610d1075b0fc2b45d0c451d91bd8be10722db1036563e9e6b3bec6faf5678f633f7f14672665a9377f3951c1c4d7e894dc958acd683e421ff506b050d9f684d0cfc41ed0b1293d4a50d55179272ceacfb9b3fb776b1235071c49bd37fbe431e3cc884c2477dec7e501c2a7400a69e5ec403c0ee8e6b615c8979b7d1585c1efcc92493dbb233595aebc243ce7369f8aa1ebc68e04e9bd7023263483b1a350633e0cae64fe5a2b9088c0c47c0c6d5ff44fa91280455382193493d05e17fee745d0a3dbac205998dd7517f84b7133cff69929064cbea39b8595ce13d4f18cfe934d7b181ddaa3c0fb1dd30b23d30ea15e1ee3aaf7a5f25d0c06ad13343b215ae7214a16dc8e469485789b5d0365358321950e79b47f6ae06d94d380039709665ac845f0edd62cb37ae43fdae4965e9aed6e2153b8db45498a4c1cbfae2b02741e0bc5fd90419c3c01237ff80c49487b1fda83146d17610b48c18db9f0b8ac89a42e01ca1b8f12b7fc711aaeb04ac158409f75b2e71706dbdcbaf0f09bdc393f80d04469c84ff0cc807803c051d4a033c86cce8a5125d1d1e671d126d9735f657fb5a77822231eeda98f8b5a9fcfd23cb6b9dbc372f2215bf58d7c199b5b62866f972ef017a3d19a8db93d7291404c9eb5c345d4d80fe6a2dee635cfc043f304882ff2bfd5476d87587e152977fda5c5cd91b226ce70f5c68086ff6ba0f8e97021726e56558a5c14ce0d0a1cea1bad7ee81f7b73628382f090b0d455593d79f74e543c37adab2dd31678187ec67f314446e01bb8340dbf51ada98ed25da6ebef4e7f4999167503ba40b083308f919ca4f91fc285f011ab2242f065757fb6d3207a81e894891e148c511885df930b916a9a165bb3ce80f2fc9daf2fe1a8a5b250bb7f1f8a1a0d7cb0125cf441b260b321d35d65ce37318e33ec767eb4102bca25039730ed5a024e0f1c364622a001a049343969a2ef8d3653f5c6d948919ab40320834127e8ead1e840f750245aa6c44772b0d33dd8fe59e7622555ba8817023c6a480d828ffb447c509b0a72b6f6e37da673f580c4be04ddab7fb399da1b4d0803d93f1724299c854f404a7c780e58ddc0ca85ef9ba80d754862de6934e802f24f8cfb2794bb1b6065a7a820c68d0c6f90785b88f55046b369e58bec70537ec591c2f93893d7cdba6e81b4b2a66b474a0e322a403f08d30fc1edc3b86cb1ec84c544359e1336a5319ade4e69dab439f5b689fa9c13f4ff8221249989769c72eb33df064989fa336de1dc8a14770740a0bfddd3d766605606fc2f1ba36db4d5d22d995bf610d36e90566b6e8bfd58a6ea0087ac9e05bc0d96d0a9f036db4c8a447836038431024432c40f75899352f3f5a39635283eefc5ada331e7eb0094e64517b71a9c8dc9cbda5f66e5a68e284acba839d25ea761cd2aed22c2e4e5165b62334deb17a3e2acae6d36d95268ad5704c2de9db20945859213cc5ae6d7db95c875efbb9c926d429a2f85d46faa8187b8b69460d3377a5ef9469b766963ba91949f823830d063d89f327e0e03e915184b5744e8c8a9899e4e416eed55aa8fdb68bc7d887fcb9b1da11dcc0aaed3192fd4a340b89821952736e26e33a8a654ac8849f2c0a74740c815fb39a35f09a7e0b9cc4e983a57494be11770afe7ba63f78e200876e94d691b96b78060ab350958cff2ef1f4b08bbf5b081bce1ed42d079216be81b36bc19485faf558884426cb7245ad4e9d10424fee1e2f4f11d2e46a3ae74c3205036bb9fd80997739a4cb4b6baa27d8651ce1cfdb750de1af6d2594d4e62d9262d60f670e961334463e58560909b9cf0dba5da35a274467e6bed1db178870306869cdb2dc68963f0b58c9c220778492c949beb55a5bf84405c86adbef100c316f0ce7bf6af95510d2d5f463737089503fcefd440841fe518e91f371e1b25975b0cf1460eed8f8bea6564036d9c33416c2428d9116503fb353f97d60c7e609e684c543cf58ddd8a8efa35b3c43c00a57bb6f88ef431fa872513b2876d727bc5872b122504ba63cc22555201ad05c04a49b6f22178dc847b39cc5c218e1d13288e3282aded908ecf25bba27bc52faa65852e2bbc9c698348dfff20b458eb03601e73cb3892e0bd6d0868256fe6628b489a86b18cc29c07253ae04e2287e353fd7496243cac5423be69184f78434ed50f772be96e8c4193526920b06fcad9c69e2021dde90dfab2e9cf11bee012550ebd2c45756289d0f7714ff14973e13abf92e5ba5d66c5b50ca52bce85d178662bd322be519ba6e3d15835f243bba96a85f4ada7df9c82aebaf9378196763be0fac249655277d921b9ea72c240f9cbe28befdefe926a7341ebd86ae0c01e8ec313c0719fc7b2363c2854f4f2b4c74863bf39d54b19d12e26b0098b0f28cbd2c4b6638d31b4b07345285021cde52e6a6a8249c914520fc295a88e290ce68cf6325eccc0b0c8aae3cffec277cb104e040f226b0dcd6ff3d197a226a8e8a7016e243a9b9b75bc161aa9506d54c3cb1cfd066b0231e8efcc237a1d67d070eaa7f179d372497c521aed2e1004acabe8c89aaf36f145344532cd3c971bd6ab8c689424adb0702546dccbefeea307fe58618f87182e0e6201153a93686a0b9ba6ff2d84b845e3b3d65b1e1693279bfd28d31fdb40510083b4c285081616bb1a78a44b440775cf5281153ef7f43964259e48eec2e40149e6417f3d6285aa9ffe5e6301432bb7837aeae71033c52b34f18e7e108e8629b0401abd61cc8d36825438ecff50f9c335c51f5a554d0bc8f2aa4647e7f85b12707f78c39e03d113b685d053ca9eacef6ef2ed6375c690decdc0e2f20b56d0c61814edbd37c15a8dbcad7fd48b05b49d21055c6324cc1ec83a5b6f1474e9eac1c7ad9ac1d07d7572c2a7c57922be50b4b9240968a8a7f556332d9178c504a162a5cc2a3faa7cfd35c04e27aef84415bb1f70f1e19b5185761bf760e5539785cb233b5ed8bc885cf70b2c6d3ec41bcfb3b5bfefc4b241b8a34b5abd2ee380812ddc08f083af41d4fd3feb766c21f5eab87deaf24103185a80366b8a427d12e32897ad3c8e0ff0e1c44b2205b19dfd801146bf48ca5035d4d49ce9723f9ec0d61172e1e0b09c1dd9f1fab9c306e53b61a9e802dcc1a13224c328c610e2578444a66a1561a2080f46434989218227e1bba577c2f751e557ed43d5f77e9b36558e8bee005d61a4609efbbe8edf71b51e174266e0c624fa60164e807174c7374b3e8ae83bd68a8ad4d5aad7622642d92a4d78f37c5d0e06f9cd9740a8d530e3a5071ac90b34ccfe50361e621aba87aa23d162126d760e0ea93e7501d09d2bbe1ab022888f64c2793e782d5ec2f9ce0a8d332041e05278820cf5b1bbd7496a45301e019ba58b133ecfa989133501afa7b7f3cba92e22ddb1bf4681a928b3101b57e630edc21dbf7e9a33312cc3d41f672ac2544ddd89077efe93e9c3a3849538b52c8e7348d4825db9a0e07043e99fc35705bac5483cfec6304475ee228de2e1268d622c9cc561c9b849dfdea16a5c265efa14f9eb2a9f9afd48ab68e7d20f440ce3048bb84234b46a028d42335b7fde610d1205d8e86d956a8bd3ed4c0defff3c48c883819d28f0889698a2b95d7317310e734f08952bd8959cc8541ea90d3a343dbef86c3ffb12d70d831d10fba0cf9094750cb76ea9938f2e04df450cc5de7beae977ff2baecf6936fb2280a5283173b7d127e4f3888f9706b289ced76db8f44ffbcedca123f6f87fb85880506c2895e5d725a40d33bb3325ddb6a5aec6b349199898d36ecc5aaff507d0d1d7ab55301205a1dea4b81003114f298ca827b7edf6e58facb64590dbf69e1630e149b00768e14d630c86c4165ceb3a2e71cd204585e2c2b6ccec409b2d8460658eaed7ccde0a4d1fdec8792438804b69e4e76e0a8791c1357a39907bc293cd6e986f0dc41d2ac3d383936a883e9f76b473fa40b5737ff3e689848a6e5c858db053f22a61e630ca5f423f5b144bbf5eb39bb4f75cd77889b0ab9e3b1fd8e65275a0d1eff6d9b581efbd2453ff1be27b9cab31f55d1b837669181309328aed92beb6c2e4f6be51c93d23250ee5b7b66c9648dd736ffea00dfe6f7d5d6442de14af10b098066d43772ceba71dc48fc0612eb0331130b0aee25a710c84f15287f7702d58ea84ac2b060ee17d759824f7d86dfd95c605529b9505a01df788316f12235bb3b4ea0d38c5e2243952858cb1765f9b2679ce090486d8774a566e9f70213bdd198413112e11e5947eac871cd7ac1375aa05bdfccbcd6ade5c63ad5664431f884b12315ed56f4a3cf838236485365203d125395391729856e04d0a68afe260533751466f39c830e54fb4cfe34aa81a933418b7c313cd8fc10cf7a4f42a60c90fc113f270d163b350459c84cb40ce2485e5ddd3fa656dc324718f568d5d16d61c8a93036f205b5ed7ae7e9505783a9faeb6ff2cbe41d2676513ada47e5a6fc9095f0e81e34da8a32a4812fa2c96fdbebd4be5d5c465afb627fd7f2a48add05cce7fc4a6a6bc655103049bb2f532cd04360cd4d46e232b31bcb1e6ac9447787d952e097ed77a80898e2fb5fd3bba3de99014a704e5dc1467061b31d23ee531c6ccc4bc5ea52fa9940c327e7b4b5616cf0291629daca9027fb1ee2da18eeda883bfcbda18c39da97123ef6074fc7ff1ec473f380916ee812690ccd42ec27ab6189bb4d88e"}, 0x101d) (async)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000100)=0xa)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000001c0)=0xfe) (async)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"])
executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe)
keyctl$chown(0x4, r2, 0xffffffffffffffff, 0xee01)
keyctl$chown(0x4, r2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000240)={'wg2\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRESHEX=r0, @ANYBLOB="21000000000000002800128008000100687372001c00028008000100", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r4, @ANYBLOB="0500060000000000"], 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
executing program 5:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r3}]}, 0x34}}, 0x0) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="010001"]) (async, rerun: 32)
close(r8) (async, rerun: 32)
socket(0x400000000010, 0x3, 0x0) (async)
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000600)=@newsa={0x144, 0x10, 0x1, 0x0, 0x25dfdbfd, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, @in6=@local, 0x200, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast2, 0x4d2, 0x6c}, @in6=@remote, {0x0, 0x0, 0x0, 0x1, 0x0, 0x8000000000000000, 0x0, 0xffffffffffffffff}, {0x0, 0x4}, {}, 0x0, 0x3501, 0x2, 0x0, 0xfd}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x1}}]}, 0x144}}, 0x2004c840) (async)
read$FUSE(r0, &(0x7f0000000900)={0x2020}, 0x25)
executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3c)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700)
executing program 1:
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r0 = userfaultfd(0x80801)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0xb)
r2 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f00000000c0)={0x80, 0xa, 0x303, 0x0, 0x0, 0x6e9, 0x0})
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='pmap_register\x00', r2, 0x0, 0x1}, 0x18)
executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
close_range(r1, r2, 0x2) (async)
close_range(r1, r2, 0x2)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa) (async)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000200)={0x5001, 0x11000, 0x1})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000700)={{r5}, 0x0, 0xc, @inherit={0x48, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x5, {0x12, 0x5, 0x8, 0x8, 0x9}}}, @subvolid=0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0) (async)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000300)={0x80})
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffb6)
executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e0020f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 1:
setregid(0x0, 0xee01)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r0=>0x0)
getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
setresgid(0xffffffffffffffff, 0x0, r1)
setregid(0x0, r0)
r2 = syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x400)
ioctl$RTC_WKALM_RD(r2, 0x40187013, &(0x7f0000000200))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x15)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, r7, 0x0, 0x440}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000440)={{{@in6=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
r10 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000180)='(', 0x1, 0xfffffffffffffffb)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000280)={0x0, <r11=>0x0}, &(0x7f00000002c0)=0xc)
keyctl$chown(0x4, r10, r11, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
statx(r4, &(0x7f0000000340)='./file0\x00', 0x7100, 0x20, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
r14 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r15=>0x0}, &(0x7f0000cab000)=0xc)
lchown(&(0x7f0000000340)='./bus\x00', r15, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000740)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8)
fsetxattr$system_posix_acl(r5, &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="2b000000006e800ab371c9172fbf51ff", @ANYRES32=r7, @ANYBLOB="02000600", @ANYRES32=r8, @ANYBLOB="02000300", @ANYRES32=r11, @ANYBLOB="02000100", @ANYRES32=r12, @ANYBLOB="02000100", @ANYRES32=r13, @ANYBLOB="02000100", @ANYRES32=r15, @ANYBLOB="02000100", @ANYRES32=r16, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="040005000000000008000000", @ANYRES32=r0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32, @ANYBLOB="10000600000000002000010000000000"], 0x74, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="500000000104010800000000000000000a00000808000440000000060500010004000000080005400000800008000540000000030500010001"], 0x50}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000040)
executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449})
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) (async)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4) (async)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) (async)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) (async)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 8 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-socket$inet6_tcp-bpf$PROG_LOAD_XDP-setsockopt$IP6T_SO_SET_REPLACE-ioctl$KVM_CREATE_VCPU-mmap-mlock
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sndseq-socket$tipc-setsockopt$TIPC_GROUP_JOIN-ioctl$KVM_SET_REGS-socket$tipc-openat$ptmx-ioctl$TIOCSETD-ioctl$TCFLSH-socket$tipc-setsockopt$TIPC_GROUP_JOIN-setsockopt$TIPC_GROUP_JOIN-sendmsg$tipc-ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL
detailed listing:
executing program 0:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-bpf$BPF_BTF_LOAD-clock_gettime-ppoll-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-ioctl$TCSETS-mount-sendmsg$NLBL_MGMT_C_ADD-syz_open_pts
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-io_uring_setup-capset-socketpair$unix-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-openat$tun-syz_init_net_socket$bt_hci-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-userfaultfd-ioctl$UFFDIO_API-fcntl$dupfd-ioctl$UFFDIO_CONTINUE-bpf$BPF_BTF_GET_NEXT_ID-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-bpf$PROG_LOAD-bind$bt_hci-write$bt_hci-syz_io_uring_setup-socket$kcm-sendmsg$kcm-mount-syz_init_net_socket$bt_sco-bind$bt_sco-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_S_CTRL-setsockopt$bt_BT_DEFER_SETUP-syz_io_uring_setup-openat$proc_mixer
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-ioctl$sock_SIOCGIFINDEX-sendto$packet
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-ioctl$sock_SIOCGIFINDEX-sendto$packet
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-sendmsg$nl_route_sched-socket$nl_route-poll-mknodat-socket$alg-bind$alg-accept4$alg-io_setup-io_submit-mknodat-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-linkat-sendmsg$nl_route-sendmsg$inet-bpf$BPF_BTF_LOAD
detailed listing:
executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-sendmsg$nl_route_sched-socket$nl_route-poll-mknodat-socket$alg-bind$alg-accept4$alg-io_setup-io_submit-mknodat-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-linkat-sendmsg$nl_route-sendmsg$inet-bpf$BPF_BTF_LOAD
detailed listing:
executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)

program did not crash
single: failed to extract reproducer
bisect: bisecting 38 programs with base timeout 1m40s
testing program (duration=1m49s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 12, 11, 25, 7, 18, 18, 3, 5, 4, 30, 2, 3, 3, 6, 27, 30, 30, 30, 30, 4, 10, 21, 8, 20, 8, 17, 7, 40, 16, 29, 28, 8, 27, 12, 13, 3, 8]
detailed listing:
executing program 3:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e1200f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000005000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd2f, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) (async)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x0, 0x1) (async)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
syz_usb_connect(0x3, 0x5d, 0x0, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) (async)
setsockopt$inet_tcp_int(r3, 0x6, 0x3, 0x0, 0x0) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='exfat\x00', 0x0, 0x0) (async)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a00"], 0x44}}, 0x0) (async)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x1000)=nil) (async, rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0x70bd29, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0) (async)
close(r2) (async, rerun: 32)
socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff"], 0x3}}, 0x0) (async)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) (async)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)
executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
r2 = gettid()
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
syz_open_procfs(r3, &(0x7f0000000600)='net/llc/core\x00')
ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000200)={0x0, 0xfffffffffffffe64})
syz_clone3(&(0x7f0000000580)={0x204000, &(0x7f0000000280), &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000300), {0xb}, &(0x7f0000000480)=""/103, 0x67, &(0x7f0000000500)=""/79, &(0x7f0000000340)=[r2, r3, r2, r1, r2, r1, r1, r1, r3], 0x9}, 0x58)
setpgid(r3, r4)
mount$9p_fd(0x0, &(0x7f0000000140)='./file1/file0/file0\x00', 0x0, 0x11024c4, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8000, 0x20)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue1\x00'})
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r5, 0x100)
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000000)=@file={0x1}, 0x6e)
connect$unix(r6, &(0x7f0000000080)=@file={0x1}, 0x6e)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000180))
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1)
recvmsg$unix(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x2001)
recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2)
sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='#', 0x1}], 0x1}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a000000000010108000000000000000002000000240001801400018008000100ac1414aa08000200ac1414aa0c00028005000100000000003c0002802c0001807700030000000000000014000400000000000000000000000000000000010c0002800500010000000000080007400000000024000e8014000180080001007f00000129000200ac1e00010c0002800500010006000000"], 0xa0}}, 0x0)
executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 32:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
executing program 0:
r0 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000010000000068000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c30000000b8adaed8ec6e8fac0000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e6700000000000000000000000000000000000000000004000000000018040000000000000c0000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00000000fa0100000000000000000000000000000000000000000000000000000000004037118bc35d3037960000000000000000000000000000000000000000000000000000000000001f00000000000000000000009300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300020000000000000000006c00000000000000000000000000000000000000000000000000000000000000000000000000892f9284b45f00000000000000000000000000000000a600000000000000000000000000f9ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000800000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5000000000000000000000000000000e21071ce4cc8eaac65a0f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070cc490d0510d30ce90b91aedadb0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd00000000000000000000000000000000009476b0c33efd5e65b7316c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bc1d077b4817d693d02c0000000000000000000000000000000000416cbf6525780f42e3870800000000000000000000000000000000000000000000000000000000000000abcc3311337430270000000000000000000000000000000000000000000000000037ff1cf2f8e52e074300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d65992000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081cc42e042291bc3000000000000200000000000000000000000000000000000000000000000000000000000005de0eab8674f2269845f530928d7000000000000000000000000000000000000000000000000000000000000000000000000000000ee72000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000095dd0000000000000000c1a8a95ba6a3ba677371c303b5426300000000000000000000000000000000000000000000000000000000597924c6edee670300000000000000000000000000000000000000000000080000000000000000e28abc2086f4dcecbcd7aca1775004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000800000000000000000000000000000000000000000000000c81e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000052000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d100"/2376]}, 0x9c0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="7f9b05000200000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=0x1, @ANYBLOB="000000001e000000b70c4602000000000001000000000000080ae3a0bf1206bc4251d69870280a58a16f72f2ff27fc10a2ad464a431f808f0806a682c4e36945a2c976f3244b98"], &(0x7f0000000000)='GPL\x00', 0x1, 0xb5, &(0x7f0000000140)=""/181, 0x40f00, 0x58, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x1, 0x0, 0x10}, 0x10, 0x28f79, 0xffffffffffffffff, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], &(0x7f00000002c0)=[{0x5, 0x2, 0xb, 0xb}, {0x5, 0x1, 0xc, 0xb}], 0x10, 0x2, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000003c0)=r1, 0x4)
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 33:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 2:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000001c0))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000300)={0x60, 0x0, &(0x7f0000182000/0x3000)=nil, &(0x7f0000f70000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={<r2=>0x0, 0xfeb, 0x8001}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000000c0)={r2, 0x1, 0x1, [0x2f]}, 0xa)
executing program 2:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, 0x0)
sendmsg$kcm(r0, 0x0, 0x40000)
sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2d, 'io'}, {0x2d, 'rdma'}]}, 0xa)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
mremap(&(0x7f0000083000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000384000/0x4000)=nil)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
arch_prctl$ARCH_MAP_VDSO_64(0x1001, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="02"], 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r5, r2, 0x0, 0x0, @val=@tracing={0x0, 0x2}}, 0x40)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000680)={r2, &(0x7f0000000600)="70921345000841f626f9f197a5ccb5b25caf7c1ea1", &(0x7f0000000640)=""/57}, 0x20)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000003c0)={&(0x7f0000000180)="08ea514d3873421a4cfea7391fa86bea030b15b03f8353035a7fdea99b8f62b5bed10685532dda5b2703d8e78a567e5fb02f7df58ed33a0a620d7e606394338bb2da476136ea4ff3aa433f34cc15b59ed8f1ed4a8c30a82ffbb204d10d538256cc1c6e616de44b06eb63b9752687f13b139ec470759de3d7e09ac1afebd32239aa766d67f9a9a16383be5b2e296f68a23ab70ec77054b302cce77bd19849ced8", &(0x7f0000000240)=""/174, &(0x7f0000000300)="d93fb463d0bf14b58799b17e9c1cf172f2516cce0ed3c0e320de435e0401382fe8e7acd4d5f20feaf7aff608b098892c2c3ef66709a3c6fc51a8be80ae1c717e24e214ab822992d1792c98bfc8fa76cb85eb6f15b79ca660eec9eefc2b312d1af1b6043b41f778e355c6cb9d8a64935459168c4a93e05cd95c1b4c5b4d2243d37219e5acecfd55aabf", &(0x7f0000000080)="6a55e4ed66a2a25feb1dd754f2c48bb651ed", 0x7, r2, 0x4}, 0x38)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2c000000331800088014006c00fec00000000000000000ef8e2e89224eccefbc6385c63258e981c89c4c12bdeb1eb4dc52131c6e26ec1af8860127c08c00080ffd1440004147483d4dcf910ec8b59c2ba457be5ea6f92d5baf8ce03a6e63872c16c592febf84bf18988198834bcf3aa461f3163e342548e2a90ca0a61d1bcfbe739eda68b46bb2ea5c604628a5d22b3c1828d0dfd6d9c988c29781f40551f34792ce889c87bfe50bfcfadab344c7a6486717ab546d60d2de434757cf91a6bfe1e8844fd29fb39e9ba31fb47de586bfbb37bed3a52158bd8201fa48d96d8b7b71e01135b5e8cb754e3005fe77e700"], 0x2c}, 0x1, 0x0, 0x0, 0x28000}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x12, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xc618, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
executing program 2:
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_open_dev$MSR(&(0x7f0000000040), 0x9, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
memfd_create(&(0x7f00000000c0)='lo\x00', 0x0)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
connect$unix(r3, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e)
sendto$packet(r3, &(0x7f00000001c0)="5891e7ad2b259f2e970021eacc690f709d23471dc3d88a9386aaab543da91991ca7e2d62f8d057dc69d1434c925d03aff7052b883e96e5c089a49d57e8d258210444c8830e86e5889577d06427580cea1875aabb7d4bffe4c1f44ae790e7054872ab0fbb68e1ac15f110d678ca7eefd2c36fb21b1aab58a42f6ce4290a5bd7adcc12b978f385e650d4be728fe7d11928a1d821f6ce200812bbde89732106255f7eff29c423922cdee09ebf72353564eac7d3dc1f55", 0xb5, 0x44840, &(0x7f0000000280)={0x11, 0x19, r2, 0x1, 0x6, 0x6, @local}, 0x14)
connect$bt_l2cap(r3, &(0x7f00000002c0)={0x1f, 0x7, @any, 0xd}, 0xe)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), r3)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r5, 0x10, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xe0c6f1caf20e75f0}, 0x815)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
fcntl$addseals(r4, 0x409, 0x4)
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000480))
fremovexattr(r0, &(0x7f00000004c0)=@random={'user.', '/selinux/avc/hash_stats\x00'})
pwritev(r0, &(0x7f00000005c0)=[{&(0x7f0000000500)="6d5c9439012e20cf6b32f2a078b49ca7cf381047a0a1801a3251fb3a858fb6c59e7a453158a0e19ebc439a96bf6d2ded72d03de20f9498b00f079d0b2eec26282b337cc904e2bdb5d316fd97d3c55e67241169ab018c9b5f19d8b06863789e1bec19e82591d62d595d036675512a0762895f5126691f684c110a87536557fc677a154293dc5158fdada19692d4a0ad00ae20e4c1b6", 0x95}], 0x1, 0x80000001, 0x6)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000680)=<r6=>0x0)
sendto(r0, &(0x7f0000000600)="73d0ea479a58a2a516068ed91db323bcdcd2abe51e4b9cb972a4ed1caab46031d4bb5cce72ebed615671a22bcd352c42eace2e974e44fe4075b1c446ea4ed74dfa7b1da8bf413ab256f6b7a91ef83fe8a7add83a42183ecb55921efffe09776f8c6d6bb5766e50188ba242d5919171a0a179bf3afc17f1e56014", 0x7a, 0x0, &(0x7f00000006c0)=@nfc_llcp={0x27, r6, 0x1, 0x4, 0x6, 0x7, "385a0d2ece80586a5fdb506dfa118a0ef81c8bdee6627772b34293a25a4cbc0670e9603881d5af3db3ee37ce4b3d9fb08ce10d4bf8d4e65434d6b38c39b382", 0x18}, 0x80)
keyctl$set_reqkey_keyring(0xe, 0x6)
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4200042}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffffe}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4080800)
mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1)
fcntl$getownex(r4, 0x10, &(0x7f0000000840)={0x0, <r7=>0x0})
sched_setscheduler(r7, 0x1, &(0x7f0000000880)=0x1)
connect$rose(r3, &(0x7f00000008c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default]}, 0x40)
bpf$ENABLE_STATS(0x20, &(0x7f0000000900), 0x4)
bpf$ENABLE_STATS(0x20, &(0x7f0000000940), 0x4)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000980)={[{0x2, 0x101, 0x5, 0x3, 0x20, 0x0, 0xfd, 0x8, 0x6, 0x7, 0x15, 0x2, 0x8000000000000000}, {0xf156, 0x6, 0x6, 0x1, 0x2, 0x3, 0x7, 0x2, 0xb7, 0x5, 0x6, 0xde, 0x6}, {0x7, 0x9, 0xf, 0x4, 0x19, 0x1, 0x40, 0x9, 0x6, 0x4, 0x1, 0x4, 0x5}], 0x81})
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 5:
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x2, 0x2)
close_range(r0, r0, 0x2)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x17, 0x1, 0x1, "3271bdf0f2f20d55806b26b1d72197edb1439b1c4200"})
executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000140)=<r3=>0x0, &(0x7f00000001c0)=0x4)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x100000001, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000000c0)={0xf0f000, 0x6})
sendmsg$nl_route(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@RTM_NEWMDB={0x18, 0x54, 0x8, 0x70bd2d, 0x25dfdbfd, {0x7, r3}}, 0x18}, 0x1, 0x0, 0x0, 0x40800}, 0x20000080)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (rerun: 64)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) (async)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180)) (async, rerun: 32)
syz_open_dev$ptys(0xc, 0x3, 0x1) (async, rerun: 32)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) (async, rerun: 32)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) (rerun: 32)
write$UHID_INPUT(r5, &(0x7f00000010c0)={0x8, {"eddd025b60fdc30a063f172d718c2bd6b3645eadae0f767eb61f2421975b0064d30faba72ba63ab33c4ee2a6cb2f0cb187830255738dd670e8e178672a7473488a157b83ca0ed9657299e98243c15b6b8e08f34570dda445b526949a9b3aebdb97dda475e54a098f1ae57c4774c8ef81d36c77d309e0c817fba3415591dd26a637e43bec5f0fb193d8671889d89ac77bd90ee5efac63bf9eafc61f393e33aaa503760afad0e395042048defbc27ecc254790f419072feb3d5fb4815364072248a42bb88952f316952ea727ae850143819fb80a77407a2309c90ee7894bee7c5862bf14672cc9036bf0ccba7769b5d57b757b550180000000000000a7f0840d7040084b449eb5445ea40b3b9811a66d5228839907fba91ba8a5ca95b4600fcd98f93af794a412e97404d6f40a61e802f6112ff259a29ca8fb98ffce8fd12509883e812e7edb4a643fe4aac56bb01f69823bd6f4ebd618d81cb3d463eea2c9bae30b888a824043a71d5f3319b146848d63a5415f5ed47b33cafa473cc2c91c425a2d24bf5d8e627e6fc63f58a7b08180ce16e5aa7015478cfbebba3045ec5dd620f69659f3fe11af23b095b43ced6a48afaf3d9a78762d40ada3b1fead7884620e213f28a9a2e6bcda0b88347c8eb3f6be8be3fc2d507eaae0430ccd836d4790038d25d65091e6e7ee9bec612b4a5d90e9e878c9c57fd1aa28ee9fab64d2d3bec12ae68a974c0f64365548a5db8a1d8fc9e32b38df32e826a3d2a88ae824a5faa87d7a25373728da5322ebc73db3d9ac8c64db9c90b18d67b7770966a3b8a1079f5b83f21482ff8b1cc1c699a0a5a135b6fe2791abb556603e3255e89922de5bca02d57ace9f6d486a363891b6c15e3c0000000047e9617351e98a040f2e7019ddee08f2d6cdc9de2f7a32ea65d266513fa7821c24c90ae39268757eefacfe94d53c740747c86429eadbead0a3576549442f4f77d846df8d54b37fc280bd5b9320f872756706357b9813318a6bfeb77d4ddec55ab5592da2c6d05b3c021182485b96a634013c5ad5ba55f07d07211c0db03ccb5981f5955df2e86cd0f62f6ba66fe4abf695ebc6629e42f6ce96a132883f148eeeacdff13b1cbfa73cbc70b8c5b677682d7c60d1a1311b1222aef1edb4e231c869a18f9ae8eeba4eb4cba8a4a56703cd90710b2208bce8e9a18aaf4e7c47474c08ff85c307d660607bddfe49ac714e0fcdfefedddafa452dfe0341c8a8f07e62e4486699a740feda4b7b2bc635308eb6990f3dfa9065aa8b26ad0ac66fe86dbf2dfb5f0c4b0cad557d4fa4b61116aa57a285a705e1d87d3f8d560b5fd3f8c5df3dc22bd4edb36c1c2e78c0b69863f576d3053ceb21ecb287faf64bb7a3cfe3c28eb7c2335a3af5a29308dac5f7d6f48f46da8370124c37e5a3c9fdfd3d78a082030b2233f02fae54012d2ad2b1c1ec2a35a130a5d3f76b5f9a10a4d31ca41c5c2f58a40c058a48e5dd8a71adbabcbca341e46a6ad538491025e79db3c59350b229ae433537e54b62968ff582f041080719fb88778884da1c79ff28398d8edfcd931043b64bf75b944e735d6d0fa62ed1e3550fe9fa5c1f063b06fb8e13909c87efffe72481ada2d01522a93c70266aa3991c7141ecca2bc618fe54d7529a0c2a46469ca4b2086e112fdf4e1266ca6b5fd4b0fbea280dd246f622f0da6d0f3e3b0357dc0744132e66d8b035662ad5cd3faedd2f743e24ecfed2efd6fd3aed1402bdbc66af3c0b77b7962966649591d7d5985c81a063d46ddf07656f2b049f5811b310e567027bc1b6d44fc892d37aeda8cacc704c1dcc1a7ef759937416e01163027b81befa86772ddf576c37f3151792c4358d1fa418bcd250dc41effa988116589b110d31a59486123769e50f5b3985b4660919f08dd5c96ab8ab03322d0c61890f90e56970f0aa13a96bcfa97139d5627ed6a5558dee292bf0a6e5ad23341c7dc3464a05b9045cc3abbfc0448bf9ca044fd188569cc0c57e07105d1fa1efd44529b6592fa718e092c1a3fa3e56689c9c5168a5619bf2109bde2dca59ad16735e597402c1896d4e24f56c9d4bbc1f0b3a0135b7028a402c6a1a78de57a838b1871477d7b43dff3779fdb50b2ec9a3ae11fab7f715e7979e64a0f0d54d025105d1f768cdad112aeb2eac1c8042aff6fb975a16c64080ba4e0de0af9b8a975a2b6af6a05dff8ae848f6b80f2bd80c56e4683e67a3aaad0e72242b0f0f07d7d7a64a8669e75a99ba4fdb2ba239c5ef28c8f1dc0b2459698b374f1035a75eafde3d90d69afa489ee2d7f7958a5cc51e574203bab464ddd4d08abbb77c8874c6ce692d078bdc309d73ccb49c9d60a269c77601e82e1c824fca2a43605f8453943d23794785096da2ff56547389009e27a908cfcea03ede09c392e0bafa30891e23fbacdf08b49cbd2f4083f94c3c71877ffac86d426e5fe08fa9541f837f2de8440e0b2226b664a45a564f1357e804c24cd2cef95564a1e0041736ced508a63af4e9f4ae9f690084f8c67db3b3569fb86225b6cce291da8057200d1f86899081ebfa5274625ada6ee793fe4246d97157d608099a6adf81eb88bb37cdb64a18ed0e13a0cfeea3af2164a59b8a90a4a1dfad6f03cc27ccbcc879c2b54a57a6d81e01dbd9d7440e9f1a1f608617a308214b58a9090022b7c6631cda308a0aa13dd68159bd8578afeb5402b0e227ef709d8c58929fba262ff4ec70c3a8f68b98f92380201112f560c216d5dc61ad466ee08c1af18982617597436c6a0e0077bb2dab8932175fb30aafceb4d63b4b8aa4a1c2f3867a83855d418ae75b3029dff960a5a4fcbe0fb84828633d535413e0c70a26b2485dddaa7c52256ad85d5f71778af39692fb8553850bbac096d8d9c9145e0ed7903b5d530005f29493a5aa7e0c04b62cc07f2bcfa31a48ce7c167abdd145af8c25fb882b64e41a9b51ae77209d82a9095e1d80711e1c802302b92ad8e413bc9b200e57c6038a46bfc9468b5fdda7f3e57e676c99d4dde6b3a86ed2cb9a55cf199835ef9d858f5a692c4036b32ea07c76c29faa5e2241afab129340b6e2ad94baea982429225cfac726dbf137f6477432a31808a281c9af3c4bef4a2f508721ec71fc1c374fca4d4e25ed9754a41ebfcaaac7637caa13791a64ff995d3cd984ed8cecccc491de80596f8db8d3fe6a6f2b208d065fb6fbb5569bf7cd8a8162271ca5e5ed2b3b98f28d81b3b498345c48492c8fe2e6181f527bbe4ce6600f9e33fb65609bc4318ecf4ca151d3095232820a84704311f0bd3532178cf1e6ef9483b1f52ec2992e84aaf1239c99faeab989bd9848223e90093e71eb650660255fce7bd85872e413fe219859d18ef67f1f07a590ceadc1c687820c3c7cf9e2ff9609199c4b49fd74553507c1c7f45b5b1b40c96c0c984977f476ed686f8710248677847f5c0989df0eca6be3df498acfcfbca85bb986c8d844c19f62b06b95d8d6f4e4367040d45e494271f29546f1086f88fdc549402bd669e9aed5fe000000ef7668d3abeadb430d30534aef0a3a9a125bdeaa11647bafe6e1303b967d29718ac301cadbb43654a36b78ff91836584a5e3472db8db4ded526ecfef2efa2279c17639d3aef1587d5b8bbc8abec3a28dba276613c514a50fe243a588ecdb77ab1525088507f5a0537ba59062416beb479538806f04e70bc192c1fd46377c6105116cd21b75f29f91b67317ce4bd67dea18f560765dabf8f0cebfb770339aa2558df698e1ee22adc7b81b16b2e7fb06e7b5c2ca98c71aec18bc23b11d3b84c6a10aa866c5f438fc2d928fc89ce0902492cd79d6a1ffce27a66031cc24d1b82e9e8b6bdcb6b37f89531e048ae5ee10483dccbb734ba20a15b145fdeadfc461e146d8882133b4e6c6ba30d316ee0bf0bf40f26639077d090d1df3b943e78ba5ece82fcd4576cf3a87d7a9ad080b2cce7371e5bd671ad37e35ff03dfb6684ac0d4eda69154444aef2a173ba093bc87839e41388b2101f72a9b6cf675efbb231b007c11a7b452df89a584f459b23340c0dae21a4146968b66ac9b08d2408830ccec4e6fb1dd665c3023a3b32042b1facfb0bd4d5b9861fe5b0abee3313264b5abe61b1e145bc11121dc87bf1a6008433dedd4d7977b082400136bfceb33a2a3ceea9a6b67b8f85b604970c3ad474db7356f802bc840afe833c9056c037b2ea240b5846149682e14e4e126c7f88b9eb2c7384da631fbab63754611d52b4107dfd10fdf46e557be95a07e6ae64cbeb2d420bcfd87a2f52ecbfe5eba301e3c86761c1545b876e5951106e91be75e9d22301674bca4d729fffd9812cb984910b976c2a74966caf3d75ba7dc7f4275d24caf3bc94376a3579e8575c69401ea75d14e27f98eb7a05eccebd36ea89c4ac0dec65eb613d7f052c6b75b398c65249449b0693164a51c0c224ac1bb4f0781d2d10b96519131b6df9541aa1e7511820f71ab1d497234862f475356d9664a9fbbf0285738a143842820d5b795dcca64a24de4bae802fae01d82fec5548e108c4e750e8f1580d2ebd6bde06622db32c1f47eca183a81ecfde3b6a187c47f7984d2c6051f2ace7ac2bfc5da0cd4b0e57e69bf39551cc5443e12e9ce113cff2cecdd2802e5b9c5a1107e1ed982b93b8e986afa379ac1c6a5ee67e966c72bf149f9ba1c169bafe3d58e18e56438ad4a4db4826edb5eb4ff27808ddd7f87eb31cf232effc9bfff7305d91696e17058217d2d5596ae9082a1cc98d60b854b2ff76718d981c20d68ecf4f1a8dcd5f9f06162df324b84b246e5e11d6722003f32e3396e30c11724db17210c37dfa080c1be2fbeea1c92e084f72386fb29856bc25a16a53f97f44a5e81fd55872772eebdd0db3a5bdf0c28d34a48f8d707a97a3b89367c98e30dbe9c02444177a8fbaa605c6051157e41fade8432af5233ee030ad6fb7572ee4e7bd687dd855fe112ac46a7b1abe88771eb3b49e3d583efe7b79394ca4687acfc262af45dbf4736e9e17d39ea5f8e81f6ed7f242c5a09da7f22f37ce9d5e6222fa71aed8ee69e501d30cd98f5c5275d5dcc1f112c3dbd2cca465f7442d952353613ac5b30222cf153c598c15c102b0dd0d99e45595d98ab365fda3f6e3bdf29b66a8d0a43c1c6a109e3056015a49e4f9ed7522163da86b9e2bf14d7c0ff026261f96feabc0b1c64ba130acb2c4927a783bed9f4e1d38f0a1351000334010b99585c24fb9a7a24809e4bffc3448c778dbeeed816225b2173fae0975e1b9c19213dc33bab3a9bbe8f62e306a1aecac5484d3f23421f5064c16aa4fa67de32222115928c0f3b114593dd0c791c590be61e0b97ed0b0e0dcdb238eb1290466d9c10dfaa8c7fcd0bf659897d945df86d936c67e42924d47a4245fb3d6f8ec538d59c100c6e52100317ea41a1fd253ddd54b13b6a2807ea729d3fd7e1b0461cc78b2c7c889b9ad3ec0398399ff645f3ab988b8a52d9f09a430cfa0390c4c5ad3a392ef28a9f4056d77b712df09b69d7d93617c4783133f9abab2d6935d54f59d0c1b5ea4dba28af7bbfeaf29009618c436ddec116f8966b4ae89ceca545daef5a48f1668231731af7abc502df9f7d308998b92adbfdf0937186a9cbcd4267dc1d0e399b27dacc07ca37f76ceb42f13e4de89dd484a91dc8a2bebece95c6400fde8bdc6d2857454f562f04422b632925c84fb501998ab096363acafea06790c298a76267ca63d81763343fa1fbbbeecba24ca939b3f4d577a5129fd3c407cada9151a12b04e76d664b232cf05c9ad000", 0x1000}}, 0x1006) (async, rerun: 32)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async, rerun: 32)
write$binfmt_script(r3, &(0x7f0000002100)={'#! ', './file0', [{0x20, '#'}, {}, {0x20, ':\'.-'}, {0x20, '/dev/kvm\x00'}], 0xa, "8c79cbaaff1a5711ce3c551ef59dfb07c99a23588138fa541974172252c15cd76ef24b04530f228ab3c32079e9beb85ad6d69f0cc34392768af1d01d72b8e9e94b0a16c0da6237812557e90f69238d78a513f29ce91a1c4e3f720599191d973c540b95034a3fc55fc4fcab17ae3a5b9b862c0f0cfabaae846096d401932e906e9660d5ba938dd185b3b7312b629783a2f1e05d38b75c30070399ebb1400e7000708caffae87ef3fecf4e9aca82b4688fda0506e3108281c79ac7d2814546d1eba3ef5fc5ab31a4dcfd3a392aa37427239ffa22c8481cd8a941279c9ef92e0f72f6719fd988f5ea0f7d1b03302a550390980f4a6632af6db250a4e437c4b4e7328a90d3309930a0e09389818dfb7437c4dfbb2cc5cbc98b27d1cf65761b7c2f6da808d0318c356e1bc2c13f693b03563e27af053db0fe53a4d87565ff399a74d88bdeed29fd2fd2a8ee621222ce5aa82601d37415a451f70cf1e9ca1acdf0b83695e1d75dd3a6946fa5d72d990851454682f9129b93c9675f9f11f8d9dc793f8be0088d2f181c2c309fe491b6edfd265177767fc61425ce53131bf2966ec16eaed996bd0e17a76ef53071698daf3f452f4b8209347ec024284e17fb582626cf64a485dfbe1438c7dd2224a3e53f75da41af47233121fab7ced3c2e05f030698f7a12956b345a9f9915a1f8342691b6732617744321067939b4be93b1291668d895c5b6e91e65ecae164fdf30befd934f83516ea58288c4108e6ca623b28b6568aad077c01f707e715aeb1db226ab536782fdf2b058d5c951904ec1f67336b4c219966559db7c48e2200c9fdf359d7de55190fa2de4705228c470aa009dec1e234a0cd7e7430fc63c6494608c0b8c8f781d1b9395896cefaaee4bdf9805a6428b438cefe65aab5531a23c08be29895d4156280145072aa93b7217001046fd7e6725c8e375a284ca6f4aafc2b5bb9fc3914c2cb33a62933f6ae68350a83ab467b9a3be08553734320e925fa2ea99382c15591b391da78c2bd2774f6263714d0e371a18401b6bff2806a8505ee42f686a98ad8ff610d1075b0fc2b45d0c451d91bd8be10722db1036563e9e6b3bec6faf5678f633f7f14672665a9377f3951c1c4d7e894dc958acd683e421ff506b050d9f684d0cfc41ed0b1293d4a50d55179272ceacfb9b3fb776b1235071c49bd37fbe431e3cc884c2477dec7e501c2a7400a69e5ec403c0ee8e6b615c8979b7d1585c1efcc92493dbb233595aebc243ce7369f8aa1ebc68e04e9bd7023263483b1a350633e0cae64fe5a2b9088c0c47c0c6d5ff44fa91280455382193493d05e17fee745d0a3dbac205998dd7517f84b7133cff69929064cbea39b8595ce13d4f18cfe934d7b181ddaa3c0fb1dd30b23d30ea15e1ee3aaf7a5f25d0c06ad13343b215ae7214a16dc8e469485789b5d0365358321950e79b47f6ae06d94d380039709665ac845f0edd62cb37ae43fdae4965e9aed6e2153b8db45498a4c1cbfae2b02741e0bc5fd90419c3c01237ff80c49487b1fda83146d17610b48c18db9f0b8ac89a42e01ca1b8f12b7fc711aaeb04ac158409f75b2e71706dbdcbaf0f09bdc393f80d04469c84ff0cc807803c051d4a033c86cce8a5125d1d1e671d126d9735f657fb5a77822231eeda98f8b5a9fcfd23cb6b9dbc372f2215bf58d7c199b5b62866f972ef017a3d19a8db93d7291404c9eb5c345d4d80fe6a2dee635cfc043f304882ff2bfd5476d87587e152977fda5c5cd91b226ce70f5c68086ff6ba0f8e97021726e56558a5c14ce0d0a1cea1bad7ee81f7b73628382f090b0d455593d79f74e543c37adab2dd31678187ec67f314446e01bb8340dbf51ada98ed25da6ebef4e7f4999167503ba40b083308f919ca4f91fc285f011ab2242f065757fb6d3207a81e894891e148c511885df930b916a9a165bb3ce80f2fc9daf2fe1a8a5b250bb7f1f8a1a0d7cb0125cf441b260b321d35d65ce37318e33ec767eb4102bca25039730ed5a024e0f1c364622a001a049343969a2ef8d3653f5c6d948919ab40320834127e8ead1e840f750245aa6c44772b0d33dd8fe59e7622555ba8817023c6a480d828ffb447c509b0a72b6f6e37da673f580c4be04ddab7fb399da1b4d0803d93f1724299c854f404a7c780e58ddc0ca85ef9ba80d754862de6934e802f24f8cfb2794bb1b6065a7a820c68d0c6f90785b88f55046b369e58bec70537ec591c2f93893d7cdba6e81b4b2a66b474a0e322a403f08d30fc1edc3b86cb1ec84c544359e1336a5319ade4e69dab439f5b689fa9c13f4ff8221249989769c72eb33df064989fa336de1dc8a14770740a0bfddd3d766605606fc2f1ba36db4d5d22d995bf610d36e90566b6e8bfd58a6ea0087ac9e05bc0d96d0a9f036db4c8a447836038431024432c40f75899352f3f5a39635283eefc5ada331e7eb0094e64517b71a9c8dc9cbda5f66e5a68e284acba839d25ea761cd2aed22c2e4e5165b62334deb17a3e2acae6d36d95268ad5704c2de9db20945859213cc5ae6d7db95c875efbb9c926d429a2f85d46faa8187b8b69460d3377a5ef9469b766963ba91949f823830d063d89f327e0e03e915184b5744e8c8a9899e4e416eed55aa8fdb68bc7d887fcb9b1da11dcc0aaed3192fd4a340b89821952736e26e33a8a654ac8849f2c0a74740c815fb39a35f09a7e0b9cc4e983a57494be11770afe7ba63f78e200876e94d691b96b78060ab350958cff2ef1f4b08bbf5b081bce1ed42d079216be81b36bc19485faf558884426cb7245ad4e9d10424fee1e2f4f11d2e46a3ae74c3205036bb9fd80997739a4cb4b6baa27d8651ce1cfdb750de1af6d2594d4e62d9262d60f670e961334463e58560909b9cf0dba5da35a274467e6bed1db178870306869cdb2dc68963f0b58c9c220778492c949beb55a5bf84405c86adbef100c316f0ce7bf6af95510d2d5f463737089503fcefd440841fe518e91f371e1b25975b0cf1460eed8f8bea6564036d9c33416c2428d9116503fb353f97d60c7e609e684c543cf58ddd8a8efa35b3c43c00a57bb6f88ef431fa872513b2876d727bc5872b122504ba63cc22555201ad05c04a49b6f22178dc847b39cc5c218e1d13288e3282aded908ecf25bba27bc52faa65852e2bbc9c698348dfff20b458eb03601e73cb3892e0bd6d0868256fe6628b489a86b18cc29c07253ae04e2287e353fd7496243cac5423be69184f78434ed50f772be96e8c4193526920b06fcad9c69e2021dde90dfab2e9cf11bee012550ebd2c45756289d0f7714ff14973e13abf92e5ba5d66c5b50ca52bce85d178662bd322be519ba6e3d15835f243bba96a85f4ada7df9c82aebaf9378196763be0fac249655277d921b9ea72c240f9cbe28befdefe926a7341ebd86ae0c01e8ec313c0719fc7b2363c2854f4f2b4c74863bf39d54b19d12e26b0098b0f28cbd2c4b6638d31b4b07345285021cde52e6a6a8249c914520fc295a88e290ce68cf6325eccc0b0c8aae3cffec277cb104e040f226b0dcd6ff3d197a226a8e8a7016e243a9b9b75bc161aa9506d54c3cb1cfd066b0231e8efcc237a1d67d070eaa7f179d372497c521aed2e1004acabe8c89aaf36f145344532cd3c971bd6ab8c689424adb0702546dccbefeea307fe58618f87182e0e6201153a93686a0b9ba6ff2d84b845e3b3d65b1e1693279bfd28d31fdb40510083b4c285081616bb1a78a44b440775cf5281153ef7f43964259e48eec2e40149e6417f3d6285aa9ffe5e6301432bb7837aeae71033c52b34f18e7e108e8629b0401abd61cc8d36825438ecff50f9c335c51f5a554d0bc8f2aa4647e7f85b12707f78c39e03d113b685d053ca9eacef6ef2ed6375c690decdc0e2f20b56d0c61814edbd37c15a8dbcad7fd48b05b49d21055c6324cc1ec83a5b6f1474e9eac1c7ad9ac1d07d7572c2a7c57922be50b4b9240968a8a7f556332d9178c504a162a5cc2a3faa7cfd35c04e27aef84415bb1f70f1e19b5185761bf760e5539785cb233b5ed8bc885cf70b2c6d3ec41bcfb3b5bfefc4b241b8a34b5abd2ee380812ddc08f083af41d4fd3feb766c21f5eab87deaf24103185a80366b8a427d12e32897ad3c8e0ff0e1c44b2205b19dfd801146bf48ca5035d4d49ce9723f9ec0d61172e1e0b09c1dd9f1fab9c306e53b61a9e802dcc1a13224c328c610e2578444a66a1561a2080f46434989218227e1bba577c2f751e557ed43d5f77e9b36558e8bee005d61a4609efbbe8edf71b51e174266e0c624fa60164e807174c7374b3e8ae83bd68a8ad4d5aad7622642d92a4d78f37c5d0e06f9cd9740a8d530e3a5071ac90b34ccfe50361e621aba87aa23d162126d760e0ea93e7501d09d2bbe1ab022888f64c2793e782d5ec2f9ce0a8d332041e05278820cf5b1bbd7496a45301e019ba58b133ecfa989133501afa7b7f3cba92e22ddb1bf4681a928b3101b57e630edc21dbf7e9a33312cc3d41f672ac2544ddd89077efe93e9c3a3849538b52c8e7348d4825db9a0e07043e99fc35705bac5483cfec6304475ee228de2e1268d622c9cc561c9b849dfdea16a5c265efa14f9eb2a9f9afd48ab68e7d20f440ce3048bb84234b46a028d42335b7fde610d1205d8e86d956a8bd3ed4c0defff3c48c883819d28f0889698a2b95d7317310e734f08952bd8959cc8541ea90d3a343dbef86c3ffb12d70d831d10fba0cf9094750cb76ea9938f2e04df450cc5de7beae977ff2baecf6936fb2280a5283173b7d127e4f3888f9706b289ced76db8f44ffbcedca123f6f87fb85880506c2895e5d725a40d33bb3325ddb6a5aec6b349199898d36ecc5aaff507d0d1d7ab55301205a1dea4b81003114f298ca827b7edf6e58facb64590dbf69e1630e149b00768e14d630c86c4165ceb3a2e71cd204585e2c2b6ccec409b2d8460658eaed7ccde0a4d1fdec8792438804b69e4e76e0a8791c1357a39907bc293cd6e986f0dc41d2ac3d383936a883e9f76b473fa40b5737ff3e689848a6e5c858db053f22a61e630ca5f423f5b144bbf5eb39bb4f75cd77889b0ab9e3b1fd8e65275a0d1eff6d9b581efbd2453ff1be27b9cab31f55d1b837669181309328aed92beb6c2e4f6be51c93d23250ee5b7b66c9648dd736ffea00dfe6f7d5d6442de14af10b098066d43772ceba71dc48fc0612eb0331130b0aee25a710c84f15287f7702d58ea84ac2b060ee17d759824f7d86dfd95c605529b9505a01df788316f12235bb3b4ea0d38c5e2243952858cb1765f9b2679ce090486d8774a566e9f70213bdd198413112e11e5947eac871cd7ac1375aa05bdfccbcd6ade5c63ad5664431f884b12315ed56f4a3cf838236485365203d125395391729856e04d0a68afe260533751466f39c830e54fb4cfe34aa81a933418b7c313cd8fc10cf7a4f42a60c90fc113f270d163b350459c84cb40ce2485e5ddd3fa656dc324718f568d5d16d61c8a93036f205b5ed7ae7e9505783a9faeb6ff2cbe41d2676513ada47e5a6fc9095f0e81e34da8a32a4812fa2c96fdbebd4be5d5c465afb627fd7f2a48add05cce7fc4a6a6bc655103049bb2f532cd04360cd4d46e232b31bcb1e6ac9447787d952e097ed77a80898e2fb5fd3bba3de99014a704e5dc1467061b31d23ee531c6ccc4bc5ea52fa9940c327e7b4b5616cf0291629daca9027fb1ee2da18eeda883bfcbda18c39da97123ef6074fc7ff1ec473f380916ee812690ccd42ec27ab6189bb4d88e"}, 0x101d) (async)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000100)=0xa)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000001c0)=0xfe) (async)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"])
executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe)
keyctl$chown(0x4, r2, 0xffffffffffffffff, 0xee01)
keyctl$chown(0x4, r2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000240)={'wg2\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRESHEX=r0, @ANYBLOB="21000000000000002800128008000100687372001c00028008000100", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r4, @ANYBLOB="0500060000000000"], 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
executing program 5:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r3}]}, 0x34}}, 0x0) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="010001"]) (async, rerun: 32)
close(r8) (async, rerun: 32)
socket(0x400000000010, 0x3, 0x0) (async)
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000600)=@newsa={0x144, 0x10, 0x1, 0x0, 0x25dfdbfd, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, @in6=@local, 0x200, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast2, 0x4d2, 0x6c}, @in6=@remote, {0x0, 0x0, 0x0, 0x1, 0x0, 0x8000000000000000, 0x0, 0xffffffffffffffff}, {0x0, 0x4}, {}, 0x0, 0x3501, 0x2, 0x0, 0xfd}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x1}}]}, 0x144}}, 0x2004c840) (async)
read$FUSE(r0, &(0x7f0000000900)={0x2020}, 0x25)
executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3c)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700)
executing program 1:
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r0 = userfaultfd(0x80801)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0xb)
r2 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f00000000c0)={0x80, 0xa, 0x303, 0x0, 0x0, 0x6e9, 0x0})
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='pmap_register\x00', r2, 0x0, 0x1}, 0x18)
executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
close_range(r1, r2, 0x2) (async)
close_range(r1, r2, 0x2)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa) (async)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000200)={0x5001, 0x11000, 0x1})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000700)={{r5}, 0x0, 0xc, @inherit={0x48, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x5, {0x12, 0x5, 0x8, 0x8, 0x9}}}, @subvolid=0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0) (async)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000300)={0x80})
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffb6)
executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e0020f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 1:
setregid(0x0, 0xee01)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r0=>0x0)
getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
setresgid(0xffffffffffffffff, 0x0, r1)
setregid(0x0, r0)
r2 = syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x400)
ioctl$RTC_WKALM_RD(r2, 0x40187013, &(0x7f0000000200))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x15)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, r7, 0x0, 0x440}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000440)={{{@in6=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
r10 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000180)='(', 0x1, 0xfffffffffffffffb)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000280)={0x0, <r11=>0x0}, &(0x7f00000002c0)=0xc)
keyctl$chown(0x4, r10, r11, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
statx(r4, &(0x7f0000000340)='./file0\x00', 0x7100, 0x20, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
r14 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r15=>0x0}, &(0x7f0000cab000)=0xc)
lchown(&(0x7f0000000340)='./bus\x00', r15, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000740)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8)
fsetxattr$system_posix_acl(r5, &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="2b000000006e800ab371c9172fbf51ff", @ANYRES32=r7, @ANYBLOB="02000600", @ANYRES32=r8, @ANYBLOB="02000300", @ANYRES32=r11, @ANYBLOB="02000100", @ANYRES32=r12, @ANYBLOB="02000100", @ANYRES32=r13, @ANYBLOB="02000100", @ANYRES32=r15, @ANYBLOB="02000100", @ANYRES32=r16, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="040005000000000008000000", @ANYRES32=r0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32, @ANYBLOB="10000600000000002000010000000000"], 0x74, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="500000000104010800000000000000000a00000808000440000000060500010004000000080005400000800008000540000000030500010001"], 0x50}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000040)
executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449})
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) (async)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4) (async)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) (async)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) (async)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 8 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-socket$inet6_tcp-bpf$PROG_LOAD_XDP-setsockopt$IP6T_SO_SET_REPLACE-ioctl$KVM_CREATE_VCPU-mmap-mlock
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sndseq-socket$tipc-setsockopt$TIPC_GROUP_JOIN-ioctl$KVM_SET_REGS-socket$tipc-openat$ptmx-ioctl$TIOCSETD-ioctl$TCFLSH-socket$tipc-setsockopt$TIPC_GROUP_JOIN-setsockopt$TIPC_GROUP_JOIN-sendmsg$tipc-ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL
detailed listing:
executing program 0:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-syz_init_net_socket$nl_generic-syz_genetlink_get_family_id$netlbl_mgmt-bpf$BPF_BTF_LOAD-clock_gettime-ppoll-bpf$BPF_BTF_LOAD-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-ioctl$TCSETS-mount-sendmsg$NLBL_MGMT_C_ADD-syz_open_pts
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): close_range-io_uring_setup-capset-socketpair$unix-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-openat$tun-syz_init_net_socket$bt_hci-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-userfaultfd-ioctl$UFFDIO_API-fcntl$dupfd-ioctl$UFFDIO_CONTINUE-bpf$BPF_BTF_GET_NEXT_ID-ioctl$DRM_IOCTL_MODE_CREATE_LEASE-bpf$PROG_LOAD-bind$bt_hci-write$bt_hci-syz_io_uring_setup-socket$kcm-sendmsg$kcm-mount-syz_init_net_socket$bt_sco-bind$bt_sco-syz_open_dev$vim2m-ioctl$vim2m_VIDIOC_S_CTRL-setsockopt$bt_BT_DEFER_SETUP-syz_io_uring_setup-openat$proc_mixer
detailed listing:
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-ioctl$sock_SIOCGIFINDEX-sendto$packet
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-ioctl$sock_SIOCGIFINDEX-sendto$packet
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-sendmsg$nl_route_sched-socket$nl_route-poll-mknodat-socket$alg-bind$alg-accept4$alg-io_setup-io_submit-mknodat-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-linkat-sendmsg$nl_route-sendmsg$inet-bpf$BPF_BTF_LOAD
detailed listing:
executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_icmp_raw-sendmsg$nl_route_sched-socket$nl_route-poll-mknodat-socket$alg-bind$alg-accept4$alg-io_setup-io_submit-mknodat-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-linkat-sendmsg$nl_route-sendmsg$inet-bpf$BPF_BTF_LOAD
detailed listing:
executing program 0:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)

program did not crash
single: failed to extract reproducer
bisect: bisecting 38 programs with base timeout 6m0s
testing program (duration=6m9s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 12, 11, 25, 7, 18, 18, 3, 5, 4, 30, 2, 3, 3, 6, 27, 30, 30, 30, 30, 4, 10, 21, 8, 20, 8, 17, 7, 40, 16, 29, 28, 8, 27, 12, 13, 3, 8]
detailed listing:
executing program 3:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e1200f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000005000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd2f, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) (async)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x0, 0x1) (async)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
syz_usb_connect(0x3, 0x5d, 0x0, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) (async)
setsockopt$inet_tcp_int(r3, 0x6, 0x3, 0x0, 0x0) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='exfat\x00', 0x0, 0x0) (async)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a00"], 0x44}}, 0x0) (async)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x1000)=nil) (async, rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0x70bd29, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0) (async)
close(r2) (async, rerun: 32)
socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff"], 0x3}}, 0x0) (async)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) (async)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)
executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
r2 = gettid()
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
syz_open_procfs(r3, &(0x7f0000000600)='net/llc/core\x00')
ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000200)={0x0, 0xfffffffffffffe64})
syz_clone3(&(0x7f0000000580)={0x204000, &(0x7f0000000280), &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000300), {0xb}, &(0x7f0000000480)=""/103, 0x67, &(0x7f0000000500)=""/79, &(0x7f0000000340)=[r2, r3, r2, r1, r2, r1, r1, r1, r3], 0x9}, 0x58)
setpgid(r3, r4)
mount$9p_fd(0x0, &(0x7f0000000140)='./file1/file0/file0\x00', 0x0, 0x11024c4, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8000, 0x20)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue1\x00'})
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r5, 0x100)
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000000)=@file={0x1}, 0x6e)
connect$unix(r6, &(0x7f0000000080)=@file={0x1}, 0x6e)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000180))
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1)
recvmsg$unix(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x2001)
recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2)
sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='#', 0x1}], 0x1}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a000000000010108000000000000000002000000240001801400018008000100ac1414aa08000200ac1414aa0c00028005000100000000003c0002802c0001807700030000000000000014000400000000000000000000000000000000010c0002800500010000000000080007400000000024000e8014000180080001007f00000129000200ac1e00010c0002800500010006000000"], 0xa0}}, 0x0)
executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 32:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
executing program 0:
r0 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000010000000068000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c30000000b8adaed8ec6e8fac0000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e6700000000000000000000000000000000000000000004000000000018040000000000000c0000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00000000fa0100000000000000000000000000000000000000000000000000000000004037118bc35d3037960000000000000000000000000000000000000000000000000000000000001f00000000000000000000009300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300020000000000000000006c00000000000000000000000000000000000000000000000000000000000000000000000000892f9284b45f00000000000000000000000000000000a600000000000000000000000000f9ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000800000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5000000000000000000000000000000e21071ce4cc8eaac65a0f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070cc490d0510d30ce90b91aedadb0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd00000000000000000000000000000000009476b0c33efd5e65b7316c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bc1d077b4817d693d02c0000000000000000000000000000000000416cbf6525780f42e3870800000000000000000000000000000000000000000000000000000000000000abcc3311337430270000000000000000000000000000000000000000000000000037ff1cf2f8e52e074300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d65992000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081cc42e042291bc3000000000000200000000000000000000000000000000000000000000000000000000000005de0eab8674f2269845f530928d7000000000000000000000000000000000000000000000000000000000000000000000000000000ee72000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000095dd0000000000000000c1a8a95ba6a3ba677371c303b5426300000000000000000000000000000000000000000000000000000000597924c6edee670300000000000000000000000000000000000000000000080000000000000000e28abc2086f4dcecbcd7aca1775004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000800000000000000000000000000000000000000000000000c81e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000052000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d100"/2376]}, 0x9c0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="7f9b05000200000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=0x1, @ANYBLOB="000000001e000000b70c4602000000000001000000000000080ae3a0bf1206bc4251d69870280a58a16f72f2ff27fc10a2ad464a431f808f0806a682c4e36945a2c976f3244b98"], &(0x7f0000000000)='GPL\x00', 0x1, 0xb5, &(0x7f0000000140)=""/181, 0x40f00, 0x58, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x1, 0x0, 0x10}, 0x10, 0x28f79, 0xffffffffffffffff, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], &(0x7f00000002c0)=[{0x5, 0x2, 0xb, 0xb}, {0x5, 0x1, 0xc, 0xb}], 0x10, 0x2, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000003c0)=r1, 0x4)
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 33:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 2:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000001c0))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000300)={0x60, 0x0, &(0x7f0000182000/0x3000)=nil, &(0x7f0000f70000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={<r2=>0x0, 0xfeb, 0x8001}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000000c0)={r2, 0x1, 0x1, [0x2f]}, 0xa)
executing program 2:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, 0x0)
sendmsg$kcm(r0, 0x0, 0x40000)
sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2d, 'io'}, {0x2d, 'rdma'}]}, 0xa)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
mremap(&(0x7f0000083000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000384000/0x4000)=nil)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
arch_prctl$ARCH_MAP_VDSO_64(0x1001, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="02"], 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r5, r2, 0x0, 0x0, @val=@tracing={0x0, 0x2}}, 0x40)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000680)={r2, &(0x7f0000000600)="70921345000841f626f9f197a5ccb5b25caf7c1ea1", &(0x7f0000000640)=""/57}, 0x20)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000003c0)={&(0x7f0000000180)="08ea514d3873421a4cfea7391fa86bea030b15b03f8353035a7fdea99b8f62b5bed10685532dda5b2703d8e78a567e5fb02f7df58ed33a0a620d7e606394338bb2da476136ea4ff3aa433f34cc15b59ed8f1ed4a8c30a82ffbb204d10d538256cc1c6e616de44b06eb63b9752687f13b139ec470759de3d7e09ac1afebd32239aa766d67f9a9a16383be5b2e296f68a23ab70ec77054b302cce77bd19849ced8", &(0x7f0000000240)=""/174, &(0x7f0000000300)="d93fb463d0bf14b58799b17e9c1cf172f2516cce0ed3c0e320de435e0401382fe8e7acd4d5f20feaf7aff608b098892c2c3ef66709a3c6fc51a8be80ae1c717e24e214ab822992d1792c98bfc8fa76cb85eb6f15b79ca660eec9eefc2b312d1af1b6043b41f778e355c6cb9d8a64935459168c4a93e05cd95c1b4c5b4d2243d37219e5acecfd55aabf", &(0x7f0000000080)="6a55e4ed66a2a25feb1dd754f2c48bb651ed", 0x7, r2, 0x4}, 0x38)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2c000000331800088014006c00fec00000000000000000ef8e2e89224eccefbc6385c63258e981c89c4c12bdeb1eb4dc52131c6e26ec1af8860127c08c00080ffd1440004147483d4dcf910ec8b59c2ba457be5ea6f92d5baf8ce03a6e63872c16c592febf84bf18988198834bcf3aa461f3163e342548e2a90ca0a61d1bcfbe739eda68b46bb2ea5c604628a5d22b3c1828d0dfd6d9c988c29781f40551f34792ce889c87bfe50bfcfadab344c7a6486717ab546d60d2de434757cf91a6bfe1e8844fd29fb39e9ba31fb47de586bfbb37bed3a52158bd8201fa48d96d8b7b71e01135b5e8cb754e3005fe77e700"], 0x2c}, 0x1, 0x0, 0x0, 0x28000}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x12, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xc618, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
executing program 2:
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_open_dev$MSR(&(0x7f0000000040), 0x9, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
memfd_create(&(0x7f00000000c0)='lo\x00', 0x0)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
connect$unix(r3, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e)
sendto$packet(r3, &(0x7f00000001c0)="5891e7ad2b259f2e970021eacc690f709d23471dc3d88a9386aaab543da91991ca7e2d62f8d057dc69d1434c925d03aff7052b883e96e5c089a49d57e8d258210444c8830e86e5889577d06427580cea1875aabb7d4bffe4c1f44ae790e7054872ab0fbb68e1ac15f110d678ca7eefd2c36fb21b1aab58a42f6ce4290a5bd7adcc12b978f385e650d4be728fe7d11928a1d821f6ce200812bbde89732106255f7eff29c423922cdee09ebf72353564eac7d3dc1f55", 0xb5, 0x44840, &(0x7f0000000280)={0x11, 0x19, r2, 0x1, 0x6, 0x6, @local}, 0x14)
connect$bt_l2cap(r3, &(0x7f00000002c0)={0x1f, 0x7, @any, 0xd}, 0xe)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), r3)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r5, 0x10, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xe0c6f1caf20e75f0}, 0x815)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
fcntl$addseals(r4, 0x409, 0x4)
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000480))
fremovexattr(r0, &(0x7f00000004c0)=@random={'user.', '/selinux/avc/hash_stats\x00'})
pwritev(r0, &(0x7f00000005c0)=[{&(0x7f0000000500)="6d5c9439012e20cf6b32f2a078b49ca7cf381047a0a1801a3251fb3a858fb6c59e7a453158a0e19ebc439a96bf6d2ded72d03de20f9498b00f079d0b2eec26282b337cc904e2bdb5d316fd97d3c55e67241169ab018c9b5f19d8b06863789e1bec19e82591d62d595d036675512a0762895f5126691f684c110a87536557fc677a154293dc5158fdada19692d4a0ad00ae20e4c1b6", 0x95}], 0x1, 0x80000001, 0x6)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000680)=<r6=>0x0)
sendto(r0, &(0x7f0000000600)="73d0ea479a58a2a516068ed91db323bcdcd2abe51e4b9cb972a4ed1caab46031d4bb5cce72ebed615671a22bcd352c42eace2e974e44fe4075b1c446ea4ed74dfa7b1da8bf413ab256f6b7a91ef83fe8a7add83a42183ecb55921efffe09776f8c6d6bb5766e50188ba242d5919171a0a179bf3afc17f1e56014", 0x7a, 0x0, &(0x7f00000006c0)=@nfc_llcp={0x27, r6, 0x1, 0x4, 0x6, 0x7, "385a0d2ece80586a5fdb506dfa118a0ef81c8bdee6627772b34293a25a4cbc0670e9603881d5af3db3ee37ce4b3d9fb08ce10d4bf8d4e65434d6b38c39b382", 0x18}, 0x80)
keyctl$set_reqkey_keyring(0xe, 0x6)
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4200042}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffffe}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4080800)
mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1)
fcntl$getownex(r4, 0x10, &(0x7f0000000840)={0x0, <r7=>0x0})
sched_setscheduler(r7, 0x1, &(0x7f0000000880)=0x1)
connect$rose(r3, &(0x7f00000008c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default]}, 0x40)
bpf$ENABLE_STATS(0x20, &(0x7f0000000900), 0x4)
bpf$ENABLE_STATS(0x20, &(0x7f0000000940), 0x4)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000980)={[{0x2, 0x101, 0x5, 0x3, 0x20, 0x0, 0xfd, 0x8, 0x6, 0x7, 0x15, 0x2, 0x8000000000000000}, {0xf156, 0x6, 0x6, 0x1, 0x2, 0x3, 0x7, 0x2, 0xb7, 0x5, 0x6, 0xde, 0x6}, {0x7, 0x9, 0xf, 0x4, 0x19, 0x1, 0x40, 0x9, 0x6, 0x4, 0x1, 0x4, 0x5}], 0x81})
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 5:
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x2, 0x2)
close_range(r0, r0, 0x2)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x17, 0x1, 0x1, "3271bdf0f2f20d55806b26b1d72197edb1439b1c4200"})
executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000140)=<r3=>0x0, &(0x7f00000001c0)=0x4)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x100000001, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000000c0)={0xf0f000, 0x6})
sendmsg$nl_route(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@RTM_NEWMDB={0x18, 0x54, 0x8, 0x70bd2d, 0x25dfdbfd, {0x7, r3}}, 0x18}, 0x1, 0x0, 0x0, 0x40800}, 0x20000080)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (rerun: 64)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) (async)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180)) (async, rerun: 32)
syz_open_dev$ptys(0xc, 0x3, 0x1) (async, rerun: 32)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) (async, rerun: 32)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) (rerun: 32)
write$UHID_INPUT(r5, &(0x7f00000010c0)={0x8, {"eddd025b60fdc30a063f172d718c2bd6b3645eadae0f767eb61f2421975b0064d30faba72ba63ab33c4ee2a6cb2f0cb187830255738dd670e8e178672a7473488a157b83ca0ed9657299e98243c15b6b8e08f34570dda445b526949a9b3aebdb97dda475e54a098f1ae57c4774c8ef81d36c77d309e0c817fba3415591dd26a637e43bec5f0fb193d8671889d89ac77bd90ee5efac63bf9eafc61f393e33aaa503760afad0e395042048defbc27ecc254790f419072feb3d5fb4815364072248a42bb88952f316952ea727ae850143819fb80a77407a2309c90ee7894bee7c5862bf14672cc9036bf0ccba7769b5d57b757b550180000000000000a7f0840d7040084b449eb5445ea40b3b9811a66d5228839907fba91ba8a5ca95b4600fcd98f93af794a412e97404d6f40a61e802f6112ff259a29ca8fb98ffce8fd12509883e812e7edb4a643fe4aac56bb01f69823bd6f4ebd618d81cb3d463eea2c9bae30b888a824043a71d5f3319b146848d63a5415f5ed47b33cafa473cc2c91c425a2d24bf5d8e627e6fc63f58a7b08180ce16e5aa7015478cfbebba3045ec5dd620f69659f3fe11af23b095b43ced6a48afaf3d9a78762d40ada3b1fead7884620e213f28a9a2e6bcda0b88347c8eb3f6be8be3fc2d507eaae0430ccd836d4790038d25d65091e6e7ee9bec612b4a5d90e9e878c9c57fd1aa28ee9fab64d2d3bec12ae68a974c0f64365548a5db8a1d8fc9e32b38df32e826a3d2a88ae824a5faa87d7a25373728da5322ebc73db3d9ac8c64db9c90b18d67b7770966a3b8a1079f5b83f21482ff8b1cc1c699a0a5a135b6fe2791abb556603e3255e89922de5bca02d57ace9f6d486a363891b6c15e3c0000000047e9617351e98a040f2e7019ddee08f2d6cdc9de2f7a32ea65d266513fa7821c24c90ae39268757eefacfe94d53c740747c86429eadbead0a3576549442f4f77d846df8d54b37fc280bd5b9320f872756706357b9813318a6bfeb77d4ddec55ab5592da2c6d05b3c021182485b96a634013c5ad5ba55f07d07211c0db03ccb5981f5955df2e86cd0f62f6ba66fe4abf695ebc6629e42f6ce96a132883f148eeeacdff13b1cbfa73cbc70b8c5b677682d7c60d1a1311b1222aef1edb4e231c869a18f9ae8eeba4eb4cba8a4a56703cd90710b2208bce8e9a18aaf4e7c47474c08ff85c307d660607bddfe49ac714e0fcdfefedddafa452dfe0341c8a8f07e62e4486699a740feda4b7b2bc635308eb6990f3dfa9065aa8b26ad0ac66fe86dbf2dfb5f0c4b0cad557d4fa4b61116aa57a285a705e1d87d3f8d560b5fd3f8c5df3dc22bd4edb36c1c2e78c0b69863f576d3053ceb21ecb287faf64bb7a3cfe3c28eb7c2335a3af5a29308dac5f7d6f48f46da8370124c37e5a3c9fdfd3d78a082030b2233f02fae54012d2ad2b1c1ec2a35a130a5d3f76b5f9a10a4d31ca41c5c2f58a40c058a48e5dd8a71adbabcbca341e46a6ad538491025e79db3c59350b229ae433537e54b62968ff582f041080719fb88778884da1c79ff28398d8edfcd931043b64bf75b944e735d6d0fa62ed1e3550fe9fa5c1f063b06fb8e13909c87efffe72481ada2d01522a93c70266aa3991c7141ecca2bc618fe54d7529a0c2a46469ca4b2086e112fdf4e1266ca6b5fd4b0fbea280dd246f622f0da6d0f3e3b0357dc0744132e66d8b035662ad5cd3faedd2f743e24ecfed2efd6fd3aed1402bdbc66af3c0b77b7962966649591d7d5985c81a063d46ddf07656f2b049f5811b310e567027bc1b6d44fc892d37aeda8cacc704c1dcc1a7ef759937416e01163027b81befa86772ddf576c37f3151792c4358d1fa418bcd250dc41effa988116589b110d31a59486123769e50f5b3985b4660919f08dd5c96ab8ab03322d0c61890f90e56970f0aa13a96bcfa97139d5627ed6a5558dee292bf0a6e5ad23341c7dc3464a05b9045cc3abbfc0448bf9ca044fd188569cc0c57e07105d1fa1efd44529b6592fa718e092c1a3fa3e56689c9c5168a5619bf2109bde2dca59ad16735e597402c1896d4e24f56c9d4bbc1f0b3a0135b7028a402c6a1a78de57a838b1871477d7b43dff3779fdb50b2ec9a3ae11fab7f715e7979e64a0f0d54d025105d1f768cdad112aeb2eac1c8042aff6fb975a16c64080ba4e0de0af9b8a975a2b6af6a05dff8ae848f6b80f2bd80c56e4683e67a3aaad0e72242b0f0f07d7d7a64a8669e75a99ba4fdb2ba239c5ef28c8f1dc0b2459698b374f1035a75eafde3d90d69afa489ee2d7f7958a5cc51e574203bab464ddd4d08abbb77c8874c6ce692d078bdc309d73ccb49c9d60a269c77601e82e1c824fca2a43605f8453943d23794785096da2ff56547389009e27a908cfcea03ede09c392e0bafa30891e23fbacdf08b49cbd2f4083f94c3c71877ffac86d426e5fe08fa9541f837f2de8440e0b2226b664a45a564f1357e804c24cd2cef95564a1e0041736ced508a63af4e9f4ae9f690084f8c67db3b3569fb86225b6cce291da8057200d1f86899081ebfa5274625ada6ee793fe4246d97157d608099a6adf81eb88bb37cdb64a18ed0e13a0cfeea3af2164a59b8a90a4a1dfad6f03cc27ccbcc879c2b54a57a6d81e01dbd9d7440e9f1a1f608617a308214b58a9090022b7c6631cda308a0aa13dd68159bd8578afeb5402b0e227ef709d8c58929fba262ff4ec70c3a8f68b98f92380201112f560c216d5dc61ad466ee08c1af18982617597436c6a0e0077bb2dab8932175fb30aafceb4d63b4b8aa4a1c2f3867a83855d418ae75b3029dff960a5a4fcbe0fb84828633d535413e0c70a26b2485dddaa7c52256ad85d5f71778af39692fb8553850bbac096d8d9c9145e0ed7903b5d530005f29493a5aa7e0c04b62cc07f2bcfa31a48ce7c167abdd145af8c25fb882b64e41a9b51ae77209d82a9095e1d80711e1c802302b92ad8e413bc9b200e57c6038a46bfc9468b5fdda7f3e57e676c99d4dde6b3a86ed2cb9a55cf199835ef9d858f5a692c4036b32ea07c76c29faa5e2241afab129340b6e2ad94baea982429225cfac726dbf137f6477432a31808a281c9af3c4bef4a2f508721ec71fc1c374fca4d4e25ed9754a41ebfcaaac7637caa13791a64ff995d3cd984ed8cecccc491de80596f8db8d3fe6a6f2b208d065fb6fbb5569bf7cd8a8162271ca5e5ed2b3b98f28d81b3b498345c48492c8fe2e6181f527bbe4ce6600f9e33fb65609bc4318ecf4ca151d3095232820a84704311f0bd3532178cf1e6ef9483b1f52ec2992e84aaf1239c99faeab989bd9848223e90093e71eb650660255fce7bd85872e413fe219859d18ef67f1f07a590ceadc1c687820c3c7cf9e2ff9609199c4b49fd74553507c1c7f45b5b1b40c96c0c984977f476ed686f8710248677847f5c0989df0eca6be3df498acfcfbca85bb986c8d844c19f62b06b95d8d6f4e4367040d45e494271f29546f1086f88fdc549402bd669e9aed5fe000000ef7668d3abeadb430d30534aef0a3a9a125bdeaa11647bafe6e1303b967d29718ac301cadbb43654a36b78ff91836584a5e3472db8db4ded526ecfef2efa2279c17639d3aef1587d5b8bbc8abec3a28dba276613c514a50fe243a588ecdb77ab1525088507f5a0537ba59062416beb479538806f04e70bc192c1fd46377c6105116cd21b75f29f91b67317ce4bd67dea18f560765dabf8f0cebfb770339aa2558df698e1ee22adc7b81b16b2e7fb06e7b5c2ca98c71aec18bc23b11d3b84c6a10aa866c5f438fc2d928fc89ce0902492cd79d6a1ffce27a66031cc24d1b82e9e8b6bdcb6b37f89531e048ae5ee10483dccbb734ba20a15b145fdeadfc461e146d8882133b4e6c6ba30d316ee0bf0bf40f26639077d090d1df3b943e78ba5ece82fcd4576cf3a87d7a9ad080b2cce7371e5bd671ad37e35ff03dfb6684ac0d4eda69154444aef2a173ba093bc87839e41388b2101f72a9b6cf675efbb231b007c11a7b452df89a584f459b23340c0dae21a4146968b66ac9b08d2408830ccec4e6fb1dd665c3023a3b32042b1facfb0bd4d5b9861fe5b0abee3313264b5abe61b1e145bc11121dc87bf1a6008433dedd4d7977b082400136bfceb33a2a3ceea9a6b67b8f85b604970c3ad474db7356f802bc840afe833c9056c037b2ea240b5846149682e14e4e126c7f88b9eb2c7384da631fbab63754611d52b4107dfd10fdf46e557be95a07e6ae64cbeb2d420bcfd87a2f52ecbfe5eba301e3c86761c1545b876e5951106e91be75e9d22301674bca4d729fffd9812cb984910b976c2a74966caf3d75ba7dc7f4275d24caf3bc94376a3579e8575c69401ea75d14e27f98eb7a05eccebd36ea89c4ac0dec65eb613d7f052c6b75b398c65249449b0693164a51c0c224ac1bb4f0781d2d10b96519131b6df9541aa1e7511820f71ab1d497234862f475356d9664a9fbbf0285738a143842820d5b795dcca64a24de4bae802fae01d82fec5548e108c4e750e8f1580d2ebd6bde06622db32c1f47eca183a81ecfde3b6a187c47f7984d2c6051f2ace7ac2bfc5da0cd4b0e57e69bf39551cc5443e12e9ce113cff2cecdd2802e5b9c5a1107e1ed982b93b8e986afa379ac1c6a5ee67e966c72bf149f9ba1c169bafe3d58e18e56438ad4a4db4826edb5eb4ff27808ddd7f87eb31cf232effc9bfff7305d91696e17058217d2d5596ae9082a1cc98d60b854b2ff76718d981c20d68ecf4f1a8dcd5f9f06162df324b84b246e5e11d6722003f32e3396e30c11724db17210c37dfa080c1be2fbeea1c92e084f72386fb29856bc25a16a53f97f44a5e81fd55872772eebdd0db3a5bdf0c28d34a48f8d707a97a3b89367c98e30dbe9c02444177a8fbaa605c6051157e41fade8432af5233ee030ad6fb7572ee4e7bd687dd855fe112ac46a7b1abe88771eb3b49e3d583efe7b79394ca4687acfc262af45dbf4736e9e17d39ea5f8e81f6ed7f242c5a09da7f22f37ce9d5e6222fa71aed8ee69e501d30cd98f5c5275d5dcc1f112c3dbd2cca465f7442d952353613ac5b30222cf153c598c15c102b0dd0d99e45595d98ab365fda3f6e3bdf29b66a8d0a43c1c6a109e3056015a49e4f9ed7522163da86b9e2bf14d7c0ff026261f96feabc0b1c64ba130acb2c4927a783bed9f4e1d38f0a1351000334010b99585c24fb9a7a24809e4bffc3448c778dbeeed816225b2173fae0975e1b9c19213dc33bab3a9bbe8f62e306a1aecac5484d3f23421f5064c16aa4fa67de32222115928c0f3b114593dd0c791c590be61e0b97ed0b0e0dcdb238eb1290466d9c10dfaa8c7fcd0bf659897d945df86d936c67e42924d47a4245fb3d6f8ec538d59c100c6e52100317ea41a1fd253ddd54b13b6a2807ea729d3fd7e1b0461cc78b2c7c889b9ad3ec0398399ff645f3ab988b8a52d9f09a430cfa0390c4c5ad3a392ef28a9f4056d77b712df09b69d7d93617c4783133f9abab2d6935d54f59d0c1b5ea4dba28af7bbfeaf29009618c436ddec116f8966b4ae89ceca545daef5a48f1668231731af7abc502df9f7d308998b92adbfdf0937186a9cbcd4267dc1d0e399b27dacc07ca37f76ceb42f13e4de89dd484a91dc8a2bebece95c6400fde8bdc6d2857454f562f04422b632925c84fb501998ab096363acafea06790c298a76267ca63d81763343fa1fbbbeecba24ca939b3f4d577a5129fd3c407cada9151a12b04e76d664b232cf05c9ad000", 0x1000}}, 0x1006) (async, rerun: 32)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async, rerun: 32)
write$binfmt_script(r3, &(0x7f0000002100)={'#! ', './file0', [{0x20, '#'}, {}, {0x20, ':\'.-'}, {0x20, '/dev/kvm\x00'}], 0xa, "8c79cbaaff1a5711ce3c551ef59dfb07c99a23588138fa541974172252c15cd76ef24b04530f228ab3c32079e9beb85ad6d69f0cc34392768af1d01d72b8e9e94b0a16c0da6237812557e90f69238d78a513f29ce91a1c4e3f720599191d973c540b95034a3fc55fc4fcab17ae3a5b9b862c0f0cfabaae846096d401932e906e9660d5ba938dd185b3b7312b629783a2f1e05d38b75c30070399ebb1400e7000708caffae87ef3fecf4e9aca82b4688fda0506e3108281c79ac7d2814546d1eba3ef5fc5ab31a4dcfd3a392aa37427239ffa22c8481cd8a941279c9ef92e0f72f6719fd988f5ea0f7d1b03302a550390980f4a6632af6db250a4e437c4b4e7328a90d3309930a0e09389818dfb7437c4dfbb2cc5cbc98b27d1cf65761b7c2f6da808d0318c356e1bc2c13f693b03563e27af053db0fe53a4d87565ff399a74d88bdeed29fd2fd2a8ee621222ce5aa82601d37415a451f70cf1e9ca1acdf0b83695e1d75dd3a6946fa5d72d990851454682f9129b93c9675f9f11f8d9dc793f8be0088d2f181c2c309fe491b6edfd265177767fc61425ce53131bf2966ec16eaed996bd0e17a76ef53071698daf3f452f4b8209347ec024284e17fb582626cf64a485dfbe1438c7dd2224a3e53f75da41af47233121fab7ced3c2e05f030698f7a12956b345a9f9915a1f8342691b6732617744321067939b4be93b1291668d895c5b6e91e65ecae164fdf30befd934f83516ea58288c4108e6ca623b28b6568aad077c01f707e715aeb1db226ab536782fdf2b058d5c951904ec1f67336b4c219966559db7c48e2200c9fdf359d7de55190fa2de4705228c470aa009dec1e234a0cd7e7430fc63c6494608c0b8c8f781d1b9395896cefaaee4bdf9805a6428b438cefe65aab5531a23c08be29895d4156280145072aa93b7217001046fd7e6725c8e375a284ca6f4aafc2b5bb9fc3914c2cb33a62933f6ae68350a83ab467b9a3be08553734320e925fa2ea99382c15591b391da78c2bd2774f6263714d0e371a18401b6bff2806a8505ee42f686a98ad8ff610d1075b0fc2b45d0c451d91bd8be10722db1036563e9e6b3bec6faf5678f633f7f14672665a9377f3951c1c4d7e894dc958acd683e421ff506b050d9f684d0cfc41ed0b1293d4a50d55179272ceacfb9b3fb776b1235071c49bd37fbe431e3cc884c2477dec7e501c2a7400a69e5ec403c0ee8e6b615c8979b7d1585c1efcc92493dbb233595aebc243ce7369f8aa1ebc68e04e9bd7023263483b1a350633e0cae64fe5a2b9088c0c47c0c6d5ff44fa91280455382193493d05e17fee745d0a3dbac205998dd7517f84b7133cff69929064cbea39b8595ce13d4f18cfe934d7b181ddaa3c0fb1dd30b23d30ea15e1ee3aaf7a5f25d0c06ad13343b215ae7214a16dc8e469485789b5d0365358321950e79b47f6ae06d94d380039709665ac845f0edd62cb37ae43fdae4965e9aed6e2153b8db45498a4c1cbfae2b02741e0bc5fd90419c3c01237ff80c49487b1fda83146d17610b48c18db9f0b8ac89a42e01ca1b8f12b7fc711aaeb04ac158409f75b2e71706dbdcbaf0f09bdc393f80d04469c84ff0cc807803c051d4a033c86cce8a5125d1d1e671d126d9735f657fb5a77822231eeda98f8b5a9fcfd23cb6b9dbc372f2215bf58d7c199b5b62866f972ef017a3d19a8db93d7291404c9eb5c345d4d80fe6a2dee635cfc043f304882ff2bfd5476d87587e152977fda5c5cd91b226ce70f5c68086ff6ba0f8e97021726e56558a5c14ce0d0a1cea1bad7ee81f7b73628382f090b0d455593d79f74e543c37adab2dd31678187ec67f314446e01bb8340dbf51ada98ed25da6ebef4e7f4999167503ba40b083308f919ca4f91fc285f011ab2242f065757fb6d3207a81e894891e148c511885df930b916a9a165bb3ce80f2fc9daf2fe1a8a5b250bb7f1f8a1a0d7cb0125cf441b260b321d35d65ce37318e33ec767eb4102bca25039730ed5a024e0f1c364622a001a049343969a2ef8d3653f5c6d948919ab40320834127e8ead1e840f750245aa6c44772b0d33dd8fe59e7622555ba8817023c6a480d828ffb447c509b0a72b6f6e37da673f580c4be04ddab7fb399da1b4d0803d93f1724299c854f404a7c780e58ddc0ca85ef9ba80d754862de6934e802f24f8cfb2794bb1b6065a7a820c68d0c6f90785b88f55046b369e58bec70537ec591c2f93893d7cdba6e81b4b2a66b474a0e322a403f08d30fc1edc3b86cb1ec84c544359e1336a5319ade4e69dab439f5b689fa9c13f4ff8221249989769c72eb33df064989fa336de1dc8a14770740a0bfddd3d766605606fc2f1ba36db4d5d22d995bf610d36e90566b6e8bfd58a6ea0087ac9e05bc0d96d0a9f036db4c8a447836038431024432c40f75899352f3f5a39635283eefc5ada331e7eb0094e64517b71a9c8dc9cbda5f66e5a68e284acba839d25ea761cd2aed22c2e4e5165b62334deb17a3e2acae6d36d95268ad5704c2de9db20945859213cc5ae6d7db95c875efbb9c926d429a2f85d46faa8187b8b69460d3377a5ef9469b766963ba91949f823830d063d89f327e0e03e915184b5744e8c8a9899e4e416eed55aa8fdb68bc7d887fcb9b1da11dcc0aaed3192fd4a340b89821952736e26e33a8a654ac8849f2c0a74740c815fb39a35f09a7e0b9cc4e983a57494be11770afe7ba63f78e200876e94d691b96b78060ab350958cff2ef1f4b08bbf5b081bce1ed42d079216be81b36bc19485faf558884426cb7245ad4e9d10424fee1e2f4f11d2e46a3ae74c3205036bb9fd80997739a4cb4b6baa27d8651ce1cfdb750de1af6d2594d4e62d9262d60f670e961334463e58560909b9cf0dba5da35a274467e6bed1db178870306869cdb2dc68963f0b58c9c220778492c949beb55a5bf84405c86adbef100c316f0ce7bf6af95510d2d5f463737089503fcefd440841fe518e91f371e1b25975b0cf1460eed8f8bea6564036d9c33416c2428d9116503fb353f97d60c7e609e684c543cf58ddd8a8efa35b3c43c00a57bb6f88ef431fa872513b2876d727bc5872b122504ba63cc22555201ad05c04a49b6f22178dc847b39cc5c218e1d13288e3282aded908ecf25bba27bc52faa65852e2bbc9c698348dfff20b458eb03601e73cb3892e0bd6d0868256fe6628b489a86b18cc29c07253ae04e2287e353fd7496243cac5423be69184f78434ed50f772be96e8c4193526920b06fcad9c69e2021dde90dfab2e9cf11bee012550ebd2c45756289d0f7714ff14973e13abf92e5ba5d66c5b50ca52bce85d178662bd322be519ba6e3d15835f243bba96a85f4ada7df9c82aebaf9378196763be0fac249655277d921b9ea72c240f9cbe28befdefe926a7341ebd86ae0c01e8ec313c0719fc7b2363c2854f4f2b4c74863bf39d54b19d12e26b0098b0f28cbd2c4b6638d31b4b07345285021cde52e6a6a8249c914520fc295a88e290ce68cf6325eccc0b0c8aae3cffec277cb104e040f226b0dcd6ff3d197a226a8e8a7016e243a9b9b75bc161aa9506d54c3cb1cfd066b0231e8efcc237a1d67d070eaa7f179d372497c521aed2e1004acabe8c89aaf36f145344532cd3c971bd6ab8c689424adb0702546dccbefeea307fe58618f87182e0e6201153a93686a0b9ba6ff2d84b845e3b3d65b1e1693279bfd28d31fdb40510083b4c285081616bb1a78a44b440775cf5281153ef7f43964259e48eec2e40149e6417f3d6285aa9ffe5e6301432bb7837aeae71033c52b34f18e7e108e8629b0401abd61cc8d36825438ecff50f9c335c51f5a554d0bc8f2aa4647e7f85b12707f78c39e03d113b685d053ca9eacef6ef2ed6375c690decdc0e2f20b56d0c61814edbd37c15a8dbcad7fd48b05b49d21055c6324cc1ec83a5b6f1474e9eac1c7ad9ac1d07d7572c2a7c57922be50b4b9240968a8a7f556332d9178c504a162a5cc2a3faa7cfd35c04e27aef84415bb1f70f1e19b5185761bf760e5539785cb233b5ed8bc885cf70b2c6d3ec41bcfb3b5bfefc4b241b8a34b5abd2ee380812ddc08f083af41d4fd3feb766c21f5eab87deaf24103185a80366b8a427d12e32897ad3c8e0ff0e1c44b2205b19dfd801146bf48ca5035d4d49ce9723f9ec0d61172e1e0b09c1dd9f1fab9c306e53b61a9e802dcc1a13224c328c610e2578444a66a1561a2080f46434989218227e1bba577c2f751e557ed43d5f77e9b36558e8bee005d61a4609efbbe8edf71b51e174266e0c624fa60164e807174c7374b3e8ae83bd68a8ad4d5aad7622642d92a4d78f37c5d0e06f9cd9740a8d530e3a5071ac90b34ccfe50361e621aba87aa23d162126d760e0ea93e7501d09d2bbe1ab022888f64c2793e782d5ec2f9ce0a8d332041e05278820cf5b1bbd7496a45301e019ba58b133ecfa989133501afa7b7f3cba92e22ddb1bf4681a928b3101b57e630edc21dbf7e9a33312cc3d41f672ac2544ddd89077efe93e9c3a3849538b52c8e7348d4825db9a0e07043e99fc35705bac5483cfec6304475ee228de2e1268d622c9cc561c9b849dfdea16a5c265efa14f9eb2a9f9afd48ab68e7d20f440ce3048bb84234b46a028d42335b7fde610d1205d8e86d956a8bd3ed4c0defff3c48c883819d28f0889698a2b95d7317310e734f08952bd8959cc8541ea90d3a343dbef86c3ffb12d70d831d10fba0cf9094750cb76ea9938f2e04df450cc5de7beae977ff2baecf6936fb2280a5283173b7d127e4f3888f9706b289ced76db8f44ffbcedca123f6f87fb85880506c2895e5d725a40d33bb3325ddb6a5aec6b349199898d36ecc5aaff507d0d1d7ab55301205a1dea4b81003114f298ca827b7edf6e58facb64590dbf69e1630e149b00768e14d630c86c4165ceb3a2e71cd204585e2c2b6ccec409b2d8460658eaed7ccde0a4d1fdec8792438804b69e4e76e0a8791c1357a39907bc293cd6e986f0dc41d2ac3d383936a883e9f76b473fa40b5737ff3e689848a6e5c858db053f22a61e630ca5f423f5b144bbf5eb39bb4f75cd77889b0ab9e3b1fd8e65275a0d1eff6d9b581efbd2453ff1be27b9cab31f55d1b837669181309328aed92beb6c2e4f6be51c93d23250ee5b7b66c9648dd736ffea00dfe6f7d5d6442de14af10b098066d43772ceba71dc48fc0612eb0331130b0aee25a710c84f15287f7702d58ea84ac2b060ee17d759824f7d86dfd95c605529b9505a01df788316f12235bb3b4ea0d38c5e2243952858cb1765f9b2679ce090486d8774a566e9f70213bdd198413112e11e5947eac871cd7ac1375aa05bdfccbcd6ade5c63ad5664431f884b12315ed56f4a3cf838236485365203d125395391729856e04d0a68afe260533751466f39c830e54fb4cfe34aa81a933418b7c313cd8fc10cf7a4f42a60c90fc113f270d163b350459c84cb40ce2485e5ddd3fa656dc324718f568d5d16d61c8a93036f205b5ed7ae7e9505783a9faeb6ff2cbe41d2676513ada47e5a6fc9095f0e81e34da8a32a4812fa2c96fdbebd4be5d5c465afb627fd7f2a48add05cce7fc4a6a6bc655103049bb2f532cd04360cd4d46e232b31bcb1e6ac9447787d952e097ed77a80898e2fb5fd3bba3de99014a704e5dc1467061b31d23ee531c6ccc4bc5ea52fa9940c327e7b4b5616cf0291629daca9027fb1ee2da18eeda883bfcbda18c39da97123ef6074fc7ff1ec473f380916ee812690ccd42ec27ab6189bb4d88e"}, 0x101d) (async)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000100)=0xa)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000001c0)=0xfe) (async)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"])
executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe)
keyctl$chown(0x4, r2, 0xffffffffffffffff, 0xee01)
keyctl$chown(0x4, r2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000240)={'wg2\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRESHEX=r0, @ANYBLOB="21000000000000002800128008000100687372001c00028008000100", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r4, @ANYBLOB="0500060000000000"], 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
executing program 5:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r3}]}, 0x34}}, 0x0) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="010001"]) (async, rerun: 32)
close(r8) (async, rerun: 32)
socket(0x400000000010, 0x3, 0x0) (async)
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000600)=@newsa={0x144, 0x10, 0x1, 0x0, 0x25dfdbfd, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, @in6=@local, 0x200, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast2, 0x4d2, 0x6c}, @in6=@remote, {0x0, 0x0, 0x0, 0x1, 0x0, 0x8000000000000000, 0x0, 0xffffffffffffffff}, {0x0, 0x4}, {}, 0x0, 0x3501, 0x2, 0x0, 0xfd}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x1}}]}, 0x144}}, 0x2004c840) (async)
read$FUSE(r0, &(0x7f0000000900)={0x2020}, 0x25)
executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3c)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700)
executing program 1:
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r0 = userfaultfd(0x80801)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0xb)
r2 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f00000000c0)={0x80, 0xa, 0x303, 0x0, 0x0, 0x6e9, 0x0})
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='pmap_register\x00', r2, 0x0, 0x1}, 0x18)
executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
close_range(r1, r2, 0x2) (async)
close_range(r1, r2, 0x2)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa) (async)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000200)={0x5001, 0x11000, 0x1})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000700)={{r5}, 0x0, 0xc, @inherit={0x48, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x5, {0x12, 0x5, 0x8, 0x8, 0x9}}}, @subvolid=0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0) (async)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000300)={0x80})
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffb6)
executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e0020f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 1:
setregid(0x0, 0xee01)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r0=>0x0)
getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
setresgid(0xffffffffffffffff, 0x0, r1)
setregid(0x0, r0)
r2 = syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x400)
ioctl$RTC_WKALM_RD(r2, 0x40187013, &(0x7f0000000200))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x15)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, r7, 0x0, 0x440}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000440)={{{@in6=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
r10 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000180)='(', 0x1, 0xfffffffffffffffb)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000280)={0x0, <r11=>0x0}, &(0x7f00000002c0)=0xc)
keyctl$chown(0x4, r10, r11, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
statx(r4, &(0x7f0000000340)='./file0\x00', 0x7100, 0x20, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
r14 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r15=>0x0}, &(0x7f0000cab000)=0xc)
lchown(&(0x7f0000000340)='./bus\x00', r15, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000740)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8)
fsetxattr$system_posix_acl(r5, &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="2b000000006e800ab371c9172fbf51ff", @ANYRES32=r7, @ANYBLOB="02000600", @ANYRES32=r8, @ANYBLOB="02000300", @ANYRES32=r11, @ANYBLOB="02000100", @ANYRES32=r12, @ANYBLOB="02000100", @ANYRES32=r13, @ANYBLOB="02000100", @ANYRES32=r15, @ANYBLOB="02000100", @ANYRES32=r16, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="040005000000000008000000", @ANYRES32=r0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32, @ANYBLOB="10000600000000002000010000000000"], 0x74, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="500000000104010800000000000000000a00000808000440000000060500010004000000080005400000800008000540000000030500010001"], 0x50}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000040)
executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449})
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) (async)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4) (async)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) (async)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) (async)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: bisecting 38 programs
bisect: split chunks (needed=false): <38>
bisect: split chunk #0 of len 38 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=6m6s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 6, 27, 30, 30, 30, 30, 4, 10, 21, 8, 20, 8, 17, 7, 40, 16, 29, 28, 8, 27, 12, 13, 3, 8]
detailed listing:
executing program 33:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 2:
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f00000001c0))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000300)={0x60, 0x0, &(0x7f0000182000/0x3000)=nil, &(0x7f0000f70000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000040)={<r2=>0x0, 0xfeb, 0x8001}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000000c0)={r2, 0x1, 0x1, [0x2f]}, 0xa)
executing program 2:
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, 0x0)
sendmsg$kcm(r0, 0x0, 0x40000)
sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)="dc", 0x1}], 0x8)
write$cgroup_subtree(r1, &(0x7f0000000140)={[{0x2d, 'io'}, {0x2d, 'rdma'}]}, 0xa)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
mremap(&(0x7f0000083000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000384000/0x4000)=nil)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
arch_prctl$ARCH_MAP_VDSO_64(0x1001, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="02"], 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r5, r2, 0x0, 0x0, @val=@tracing={0x0, 0x2}}, 0x40)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000680)={r2, &(0x7f0000000600)="70921345000841f626f9f197a5ccb5b25caf7c1ea1", &(0x7f0000000640)=""/57}, 0x20)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000003c0)={&(0x7f0000000180)="08ea514d3873421a4cfea7391fa86bea030b15b03f8353035a7fdea99b8f62b5bed10685532dda5b2703d8e78a567e5fb02f7df58ed33a0a620d7e606394338bb2da476136ea4ff3aa433f34cc15b59ed8f1ed4a8c30a82ffbb204d10d538256cc1c6e616de44b06eb63b9752687f13b139ec470759de3d7e09ac1afebd32239aa766d67f9a9a16383be5b2e296f68a23ab70ec77054b302cce77bd19849ced8", &(0x7f0000000240)=""/174, &(0x7f0000000300)="d93fb463d0bf14b58799b17e9c1cf172f2516cce0ed3c0e320de435e0401382fe8e7acd4d5f20feaf7aff608b098892c2c3ef66709a3c6fc51a8be80ae1c717e24e214ab822992d1792c98bfc8fa76cb85eb6f15b79ca660eec9eefc2b312d1af1b6043b41f778e355c6cb9d8a64935459168c4a93e05cd95c1b4c5b4d2243d37219e5acecfd55aabf", &(0x7f0000000080)="6a55e4ed66a2a25feb1dd754f2c48bb651ed", 0x7, r2, 0x4}, 0x38)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2c000000331800088014006c00fec00000000000000000ef8e2e89224eccefbc6385c63258e981c89c4c12bdeb1eb4dc52131c6e26ec1af8860127c08c00080ffd1440004147483d4dcf910ec8b59c2ba457be5ea6f92d5baf8ce03a6e63872c16c592febf84bf18988198834bcf3aa461f3163e342548e2a90ca0a61d1bcfbe739eda68b46bb2ea5c604628a5d22b3c1828d0dfd6d9c988c29781f40551f34792ce889c87bfe50bfcfadab344c7a6486717ab546d60d2de434757cf91a6bfe1e8844fd29fb39e9ba31fb47de586bfbb37bed3a52158bd8201fa48d96d8b7b71e01135b5e8cb754e3005fe77e700"], 0x2c}, 0x1, 0x0, 0x0, 0x28000}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x12, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0xc618, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
executing program 2:
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
syz_open_dev$MSR(&(0x7f0000000040), 0x9, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
memfd_create(&(0x7f00000000c0)='lo\x00', 0x0)
r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
connect$unix(r3, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e)
sendto$packet(r3, &(0x7f00000001c0)="5891e7ad2b259f2e970021eacc690f709d23471dc3d88a9386aaab543da91991ca7e2d62f8d057dc69d1434c925d03aff7052b883e96e5c089a49d57e8d258210444c8830e86e5889577d06427580cea1875aabb7d4bffe4c1f44ae790e7054872ab0fbb68e1ac15f110d678ca7eefd2c36fb21b1aab58a42f6ce4290a5bd7adcc12b978f385e650d4be728fe7d11928a1d821f6ce200812bbde89732106255f7eff29c423922cdee09ebf72353564eac7d3dc1f55", 0xb5, 0x44840, &(0x7f0000000280)={0x11, 0x19, r2, 0x1, 0x6, 0x6, @local}, 0x14)
connect$bt_l2cap(r3, &(0x7f00000002c0)={0x1f, 0x7, @any, 0xd}, 0xe)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), r3)
r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, r5, 0x10, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void}}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xe0c6f1caf20e75f0}, 0x815)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
fcntl$addseals(r4, 0x409, 0x4)
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f0000000480))
fremovexattr(r0, &(0x7f00000004c0)=@random={'user.', '/selinux/avc/hash_stats\x00'})
pwritev(r0, &(0x7f00000005c0)=[{&(0x7f0000000500)="6d5c9439012e20cf6b32f2a078b49ca7cf381047a0a1801a3251fb3a858fb6c59e7a453158a0e19ebc439a96bf6d2ded72d03de20f9498b00f079d0b2eec26282b337cc904e2bdb5d316fd97d3c55e67241169ab018c9b5f19d8b06863789e1bec19e82591d62d595d036675512a0762895f5126691f684c110a87536557fc677a154293dc5158fdada19692d4a0ad00ae20e4c1b6", 0x95}], 0x1, 0x80000001, 0x6)
ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f0000000680)=<r6=>0x0)
sendto(r0, &(0x7f0000000600)="73d0ea479a58a2a516068ed91db323bcdcd2abe51e4b9cb972a4ed1caab46031d4bb5cce72ebed615671a22bcd352c42eace2e974e44fe4075b1c446ea4ed74dfa7b1da8bf413ab256f6b7a91ef83fe8a7add83a42183ecb55921efffe09776f8c6d6bb5766e50188ba242d5919171a0a179bf3afc17f1e56014", 0x7a, 0x0, &(0x7f00000006c0)=@nfc_llcp={0x27, r6, 0x1, 0x4, 0x6, 0x7, "385a0d2ece80586a5fdb506dfa118a0ef81c8bdee6627772b34293a25a4cbc0670e9603881d5af3db3ee37ce4b3d9fb08ce10d4bf8d4e65434d6b38c39b382", 0x18}, 0x80)
keyctl$set_reqkey_keyring(0xe, 0x6)
sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4200042}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffffe}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000004}, 0x4080800)
mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1)
fcntl$getownex(r4, 0x10, &(0x7f0000000840)={0x0, <r7=>0x0})
sched_setscheduler(r7, 0x1, &(0x7f0000000880)=0x1)
connect$rose(r3, &(0x7f00000008c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default]}, 0x40)
bpf$ENABLE_STATS(0x20, &(0x7f0000000900), 0x4)
bpf$ENABLE_STATS(0x20, &(0x7f0000000940), 0x4)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000980)={[{0x2, 0x101, 0x5, 0x3, 0x20, 0x0, 0xfd, 0x8, 0x6, 0x7, 0x15, 0x2, 0x8000000000000000}, {0xf156, 0x6, 0x6, 0x1, 0x2, 0x3, 0x7, 0x2, 0xb7, 0x5, 0x6, 0xde, 0x6}, {0x7, 0x9, 0xf, 0x4, 0x19, 0x1, 0x40, 0x9, 0x6, 0x4, 0x1, 0x4, 0x5}], 0x81})
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = io_uring_setup(0x4aa8, &(0x7f0000000700)={0x0, 0x28a7, 0x832ac1ac3d5c9f93, 0x2, 0x111})
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x101})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x20000004})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x2, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r5}]}, 0x34}}, 0x0)
r6 = userfaultfd(0x1)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000040))
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$UFFDIO_CONTINUE(r7, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000540)={0x7, <r8=>0x0}, 0x8)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000005c0)={&(0x7f0000000580)=[0x0, 0x0, 0x0], 0x3, 0xc0000, 0x0, <r9=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x13, 0x19, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000700000000000000fdffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006d0200007b8af8ff00000000bfa200000000000007020800f8ffffffb703000008000000b70400000eab9284debb170c5c969be79b88ab1f01000000850000008200000085100000fcffe4ffbf9162838f50c6fc30420000010000000000006e1fd1e02330210000000000000000000070904dbc66f1a489f894b44116090cb0cb09001ed7c79e27307d1a"], &(0x7f0000000380)='syzkaller\x00', 0xe54, 0x0, &(0x7f00000003c0), 0x40f00, 0x20, '\x00', r5, @fallback=0x21, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, r9, 0x1, 0x0, &(0x7f0000000600)=[{0x3, 0x4, 0x8}], 0x10, 0x5, @void, @value}, 0x94)
bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1}, 0x6)
write$bt_hci(r4, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x7)
syz_io_uring_setup(0x4a88, &(0x7f00000000c0)={0x0, 0x9526, 0x12000, 0x3, 0x80022c, 0x0, r0}, &(0x7f0000000140), &(0x7f0000000180))
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0xfffffffffffffd2a, &(0x7f0000000040), 0x3}, 0x0)
mount(&(0x7f0000000200)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='gfs2\x00', 0x4001, &(0x7f0000000340)='/dev/video#\x00')
r11 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r11, &(0x7f0000000a80)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
r12 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000400)={0xf0f020})
setsockopt$bt_BT_DEFER_SETUP(r11, 0x112, 0x7, 0x0, 0x0)
syz_io_uring_setup(0x3e94, &(0x7f0000001680)={0x0, 0x4627, 0x400, 0xffffffff, 0x321}, &(0x7f0000000240), &(0x7f0000001740))
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x2, 0x0)
executing program 5:
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x2, 0x2)
close_range(r0, r0, 0x2)
bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x17, 0x1, 0x1, "3271bdf0f2f20d55806b26b1d72197edb1439b1c4200"})
executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000)
getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000140)=<r3=>0x0, &(0x7f00000001c0)=0x4)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x100000001, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000000c0)={0xf0f000, 0x6})
sendmsg$nl_route(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@RTM_NEWMDB={0x18, 0x54, 0x8, 0x70bd2d, 0x25dfdbfd, {0x7, r3}}, 0x18}, 0x1, 0x0, 0x0, 0x40800}, 0x20000080)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (rerun: 64)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) (async)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4) (async)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180)) (async, rerun: 32)
syz_open_dev$ptys(0xc, 0x3, 0x1) (async, rerun: 32)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) (async, rerun: 32)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) (rerun: 32)
write$UHID_INPUT(r5, &(0x7f00000010c0)={0x8, {"eddd025b60fdc30a063f172d718c2bd6b3645eadae0f767eb61f2421975b0064d30faba72ba63ab33c4ee2a6cb2f0cb187830255738dd670e8e178672a7473488a157b83ca0ed9657299e98243c15b6b8e08f34570dda445b526949a9b3aebdb97dda475e54a098f1ae57c4774c8ef81d36c77d309e0c817fba3415591dd26a637e43bec5f0fb193d8671889d89ac77bd90ee5efac63bf9eafc61f393e33aaa503760afad0e395042048defbc27ecc254790f419072feb3d5fb4815364072248a42bb88952f316952ea727ae850143819fb80a77407a2309c90ee7894bee7c5862bf14672cc9036bf0ccba7769b5d57b757b550180000000000000a7f0840d7040084b449eb5445ea40b3b9811a66d5228839907fba91ba8a5ca95b4600fcd98f93af794a412e97404d6f40a61e802f6112ff259a29ca8fb98ffce8fd12509883e812e7edb4a643fe4aac56bb01f69823bd6f4ebd618d81cb3d463eea2c9bae30b888a824043a71d5f3319b146848d63a5415f5ed47b33cafa473cc2c91c425a2d24bf5d8e627e6fc63f58a7b08180ce16e5aa7015478cfbebba3045ec5dd620f69659f3fe11af23b095b43ced6a48afaf3d9a78762d40ada3b1fead7884620e213f28a9a2e6bcda0b88347c8eb3f6be8be3fc2d507eaae0430ccd836d4790038d25d65091e6e7ee9bec612b4a5d90e9e878c9c57fd1aa28ee9fab64d2d3bec12ae68a974c0f64365548a5db8a1d8fc9e32b38df32e826a3d2a88ae824a5faa87d7a25373728da5322ebc73db3d9ac8c64db9c90b18d67b7770966a3b8a1079f5b83f21482ff8b1cc1c699a0a5a135b6fe2791abb556603e3255e89922de5bca02d57ace9f6d486a363891b6c15e3c0000000047e9617351e98a040f2e7019ddee08f2d6cdc9de2f7a32ea65d266513fa7821c24c90ae39268757eefacfe94d53c740747c86429eadbead0a3576549442f4f77d846df8d54b37fc280bd5b9320f872756706357b9813318a6bfeb77d4ddec55ab5592da2c6d05b3c021182485b96a634013c5ad5ba55f07d07211c0db03ccb5981f5955df2e86cd0f62f6ba66fe4abf695ebc6629e42f6ce96a132883f148eeeacdff13b1cbfa73cbc70b8c5b677682d7c60d1a1311b1222aef1edb4e231c869a18f9ae8eeba4eb4cba8a4a56703cd90710b2208bce8e9a18aaf4e7c47474c08ff85c307d660607bddfe49ac714e0fcdfefedddafa452dfe0341c8a8f07e62e4486699a740feda4b7b2bc635308eb6990f3dfa9065aa8b26ad0ac66fe86dbf2dfb5f0c4b0cad557d4fa4b61116aa57a285a705e1d87d3f8d560b5fd3f8c5df3dc22bd4edb36c1c2e78c0b69863f576d3053ceb21ecb287faf64bb7a3cfe3c28eb7c2335a3af5a29308dac5f7d6f48f46da8370124c37e5a3c9fdfd3d78a082030b2233f02fae54012d2ad2b1c1ec2a35a130a5d3f76b5f9a10a4d31ca41c5c2f58a40c058a48e5dd8a71adbabcbca341e46a6ad538491025e79db3c59350b229ae433537e54b62968ff582f041080719fb88778884da1c79ff28398d8edfcd931043b64bf75b944e735d6d0fa62ed1e3550fe9fa5c1f063b06fb8e13909c87efffe72481ada2d01522a93c70266aa3991c7141ecca2bc618fe54d7529a0c2a46469ca4b2086e112fdf4e1266ca6b5fd4b0fbea280dd246f622f0da6d0f3e3b0357dc0744132e66d8b035662ad5cd3faedd2f743e24ecfed2efd6fd3aed1402bdbc66af3c0b77b7962966649591d7d5985c81a063d46ddf07656f2b049f5811b310e567027bc1b6d44fc892d37aeda8cacc704c1dcc1a7ef759937416e01163027b81befa86772ddf576c37f3151792c4358d1fa418bcd250dc41effa988116589b110d31a59486123769e50f5b3985b4660919f08dd5c96ab8ab03322d0c61890f90e56970f0aa13a96bcfa97139d5627ed6a5558dee292bf0a6e5ad23341c7dc3464a05b9045cc3abbfc0448bf9ca044fd188569cc0c57e07105d1fa1efd44529b6592fa718e092c1a3fa3e56689c9c5168a5619bf2109bde2dca59ad16735e597402c1896d4e24f56c9d4bbc1f0b3a0135b7028a402c6a1a78de57a838b1871477d7b43dff3779fdb50b2ec9a3ae11fab7f715e7979e64a0f0d54d025105d1f768cdad112aeb2eac1c8042aff6fb975a16c64080ba4e0de0af9b8a975a2b6af6a05dff8ae848f6b80f2bd80c56e4683e67a3aaad0e72242b0f0f07d7d7a64a8669e75a99ba4fdb2ba239c5ef28c8f1dc0b2459698b374f1035a75eafde3d90d69afa489ee2d7f7958a5cc51e574203bab464ddd4d08abbb77c8874c6ce692d078bdc309d73ccb49c9d60a269c77601e82e1c824fca2a43605f8453943d23794785096da2ff56547389009e27a908cfcea03ede09c392e0bafa30891e23fbacdf08b49cbd2f4083f94c3c71877ffac86d426e5fe08fa9541f837f2de8440e0b2226b664a45a564f1357e804c24cd2cef95564a1e0041736ced508a63af4e9f4ae9f690084f8c67db3b3569fb86225b6cce291da8057200d1f86899081ebfa5274625ada6ee793fe4246d97157d608099a6adf81eb88bb37cdb64a18ed0e13a0cfeea3af2164a59b8a90a4a1dfad6f03cc27ccbcc879c2b54a57a6d81e01dbd9d7440e9f1a1f608617a308214b58a9090022b7c6631cda308a0aa13dd68159bd8578afeb5402b0e227ef709d8c58929fba262ff4ec70c3a8f68b98f92380201112f560c216d5dc61ad466ee08c1af18982617597436c6a0e0077bb2dab8932175fb30aafceb4d63b4b8aa4a1c2f3867a83855d418ae75b3029dff960a5a4fcbe0fb84828633d535413e0c70a26b2485dddaa7c52256ad85d5f71778af39692fb8553850bbac096d8d9c9145e0ed7903b5d530005f29493a5aa7e0c04b62cc07f2bcfa31a48ce7c167abdd145af8c25fb882b64e41a9b51ae77209d82a9095e1d80711e1c802302b92ad8e413bc9b200e57c6038a46bfc9468b5fdda7f3e57e676c99d4dde6b3a86ed2cb9a55cf199835ef9d858f5a692c4036b32ea07c76c29faa5e2241afab129340b6e2ad94baea982429225cfac726dbf137f6477432a31808a281c9af3c4bef4a2f508721ec71fc1c374fca4d4e25ed9754a41ebfcaaac7637caa13791a64ff995d3cd984ed8cecccc491de80596f8db8d3fe6a6f2b208d065fb6fbb5569bf7cd8a8162271ca5e5ed2b3b98f28d81b3b498345c48492c8fe2e6181f527bbe4ce6600f9e33fb65609bc4318ecf4ca151d3095232820a84704311f0bd3532178cf1e6ef9483b1f52ec2992e84aaf1239c99faeab989bd9848223e90093e71eb650660255fce7bd85872e413fe219859d18ef67f1f07a590ceadc1c687820c3c7cf9e2ff9609199c4b49fd74553507c1c7f45b5b1b40c96c0c984977f476ed686f8710248677847f5c0989df0eca6be3df498acfcfbca85bb986c8d844c19f62b06b95d8d6f4e4367040d45e494271f29546f1086f88fdc549402bd669e9aed5fe000000ef7668d3abeadb430d30534aef0a3a9a125bdeaa11647bafe6e1303b967d29718ac301cadbb43654a36b78ff91836584a5e3472db8db4ded526ecfef2efa2279c17639d3aef1587d5b8bbc8abec3a28dba276613c514a50fe243a588ecdb77ab1525088507f5a0537ba59062416beb479538806f04e70bc192c1fd46377c6105116cd21b75f29f91b67317ce4bd67dea18f560765dabf8f0cebfb770339aa2558df698e1ee22adc7b81b16b2e7fb06e7b5c2ca98c71aec18bc23b11d3b84c6a10aa866c5f438fc2d928fc89ce0902492cd79d6a1ffce27a66031cc24d1b82e9e8b6bdcb6b37f89531e048ae5ee10483dccbb734ba20a15b145fdeadfc461e146d8882133b4e6c6ba30d316ee0bf0bf40f26639077d090d1df3b943e78ba5ece82fcd4576cf3a87d7a9ad080b2cce7371e5bd671ad37e35ff03dfb6684ac0d4eda69154444aef2a173ba093bc87839e41388b2101f72a9b6cf675efbb231b007c11a7b452df89a584f459b23340c0dae21a4146968b66ac9b08d2408830ccec4e6fb1dd665c3023a3b32042b1facfb0bd4d5b9861fe5b0abee3313264b5abe61b1e145bc11121dc87bf1a6008433dedd4d7977b082400136bfceb33a2a3ceea9a6b67b8f85b604970c3ad474db7356f802bc840afe833c9056c037b2ea240b5846149682e14e4e126c7f88b9eb2c7384da631fbab63754611d52b4107dfd10fdf46e557be95a07e6ae64cbeb2d420bcfd87a2f52ecbfe5eba301e3c86761c1545b876e5951106e91be75e9d22301674bca4d729fffd9812cb984910b976c2a74966caf3d75ba7dc7f4275d24caf3bc94376a3579e8575c69401ea75d14e27f98eb7a05eccebd36ea89c4ac0dec65eb613d7f052c6b75b398c65249449b0693164a51c0c224ac1bb4f0781d2d10b96519131b6df9541aa1e7511820f71ab1d497234862f475356d9664a9fbbf0285738a143842820d5b795dcca64a24de4bae802fae01d82fec5548e108c4e750e8f1580d2ebd6bde06622db32c1f47eca183a81ecfde3b6a187c47f7984d2c6051f2ace7ac2bfc5da0cd4b0e57e69bf39551cc5443e12e9ce113cff2cecdd2802e5b9c5a1107e1ed982b93b8e986afa379ac1c6a5ee67e966c72bf149f9ba1c169bafe3d58e18e56438ad4a4db4826edb5eb4ff27808ddd7f87eb31cf232effc9bfff7305d91696e17058217d2d5596ae9082a1cc98d60b854b2ff76718d981c20d68ecf4f1a8dcd5f9f06162df324b84b246e5e11d6722003f32e3396e30c11724db17210c37dfa080c1be2fbeea1c92e084f72386fb29856bc25a16a53f97f44a5e81fd55872772eebdd0db3a5bdf0c28d34a48f8d707a97a3b89367c98e30dbe9c02444177a8fbaa605c6051157e41fade8432af5233ee030ad6fb7572ee4e7bd687dd855fe112ac46a7b1abe88771eb3b49e3d583efe7b79394ca4687acfc262af45dbf4736e9e17d39ea5f8e81f6ed7f242c5a09da7f22f37ce9d5e6222fa71aed8ee69e501d30cd98f5c5275d5dcc1f112c3dbd2cca465f7442d952353613ac5b30222cf153c598c15c102b0dd0d99e45595d98ab365fda3f6e3bdf29b66a8d0a43c1c6a109e3056015a49e4f9ed7522163da86b9e2bf14d7c0ff026261f96feabc0b1c64ba130acb2c4927a783bed9f4e1d38f0a1351000334010b99585c24fb9a7a24809e4bffc3448c778dbeeed816225b2173fae0975e1b9c19213dc33bab3a9bbe8f62e306a1aecac5484d3f23421f5064c16aa4fa67de32222115928c0f3b114593dd0c791c590be61e0b97ed0b0e0dcdb238eb1290466d9c10dfaa8c7fcd0bf659897d945df86d936c67e42924d47a4245fb3d6f8ec538d59c100c6e52100317ea41a1fd253ddd54b13b6a2807ea729d3fd7e1b0461cc78b2c7c889b9ad3ec0398399ff645f3ab988b8a52d9f09a430cfa0390c4c5ad3a392ef28a9f4056d77b712df09b69d7d93617c4783133f9abab2d6935d54f59d0c1b5ea4dba28af7bbfeaf29009618c436ddec116f8966b4ae89ceca545daef5a48f1668231731af7abc502df9f7d308998b92adbfdf0937186a9cbcd4267dc1d0e399b27dacc07ca37f76ceb42f13e4de89dd484a91dc8a2bebece95c6400fde8bdc6d2857454f562f04422b632925c84fb501998ab096363acafea06790c298a76267ca63d81763343fa1fbbbeecba24ca939b3f4d577a5129fd3c407cada9151a12b04e76d664b232cf05c9ad000", 0x1000}}, 0x1006) (async, rerun: 32)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) (async, rerun: 32)
write$binfmt_script(r3, &(0x7f0000002100)={'#! ', './file0', [{0x20, '#'}, {}, {0x20, ':\'.-'}, {0x20, '/dev/kvm\x00'}], 0xa, "8c79cbaaff1a5711ce3c551ef59dfb07c99a23588138fa541974172252c15cd76ef24b04530f228ab3c32079e9beb85ad6d69f0cc34392768af1d01d72b8e9e94b0a16c0da6237812557e90f69238d78a513f29ce91a1c4e3f720599191d973c540b95034a3fc55fc4fcab17ae3a5b9b862c0f0cfabaae846096d401932e906e9660d5ba938dd185b3b7312b629783a2f1e05d38b75c30070399ebb1400e7000708caffae87ef3fecf4e9aca82b4688fda0506e3108281c79ac7d2814546d1eba3ef5fc5ab31a4dcfd3a392aa37427239ffa22c8481cd8a941279c9ef92e0f72f6719fd988f5ea0f7d1b03302a550390980f4a6632af6db250a4e437c4b4e7328a90d3309930a0e09389818dfb7437c4dfbb2cc5cbc98b27d1cf65761b7c2f6da808d0318c356e1bc2c13f693b03563e27af053db0fe53a4d87565ff399a74d88bdeed29fd2fd2a8ee621222ce5aa82601d37415a451f70cf1e9ca1acdf0b83695e1d75dd3a6946fa5d72d990851454682f9129b93c9675f9f11f8d9dc793f8be0088d2f181c2c309fe491b6edfd265177767fc61425ce53131bf2966ec16eaed996bd0e17a76ef53071698daf3f452f4b8209347ec024284e17fb582626cf64a485dfbe1438c7dd2224a3e53f75da41af47233121fab7ced3c2e05f030698f7a12956b345a9f9915a1f8342691b6732617744321067939b4be93b1291668d895c5b6e91e65ecae164fdf30befd934f83516ea58288c4108e6ca623b28b6568aad077c01f707e715aeb1db226ab536782fdf2b058d5c951904ec1f67336b4c219966559db7c48e2200c9fdf359d7de55190fa2de4705228c470aa009dec1e234a0cd7e7430fc63c6494608c0b8c8f781d1b9395896cefaaee4bdf9805a6428b438cefe65aab5531a23c08be29895d4156280145072aa93b7217001046fd7e6725c8e375a284ca6f4aafc2b5bb9fc3914c2cb33a62933f6ae68350a83ab467b9a3be08553734320e925fa2ea99382c15591b391da78c2bd2774f6263714d0e371a18401b6bff2806a8505ee42f686a98ad8ff610d1075b0fc2b45d0c451d91bd8be10722db1036563e9e6b3bec6faf5678f633f7f14672665a9377f3951c1c4d7e894dc958acd683e421ff506b050d9f684d0cfc41ed0b1293d4a50d55179272ceacfb9b3fb776b1235071c49bd37fbe431e3cc884c2477dec7e501c2a7400a69e5ec403c0ee8e6b615c8979b7d1585c1efcc92493dbb233595aebc243ce7369f8aa1ebc68e04e9bd7023263483b1a350633e0cae64fe5a2b9088c0c47c0c6d5ff44fa91280455382193493d05e17fee745d0a3dbac205998dd7517f84b7133cff69929064cbea39b8595ce13d4f18cfe934d7b181ddaa3c0fb1dd30b23d30ea15e1ee3aaf7a5f25d0c06ad13343b215ae7214a16dc8e469485789b5d0365358321950e79b47f6ae06d94d380039709665ac845f0edd62cb37ae43fdae4965e9aed6e2153b8db45498a4c1cbfae2b02741e0bc5fd90419c3c01237ff80c49487b1fda83146d17610b48c18db9f0b8ac89a42e01ca1b8f12b7fc711aaeb04ac158409f75b2e71706dbdcbaf0f09bdc393f80d04469c84ff0cc807803c051d4a033c86cce8a5125d1d1e671d126d9735f657fb5a77822231eeda98f8b5a9fcfd23cb6b9dbc372f2215bf58d7c199b5b62866f972ef017a3d19a8db93d7291404c9eb5c345d4d80fe6a2dee635cfc043f304882ff2bfd5476d87587e152977fda5c5cd91b226ce70f5c68086ff6ba0f8e97021726e56558a5c14ce0d0a1cea1bad7ee81f7b73628382f090b0d455593d79f74e543c37adab2dd31678187ec67f314446e01bb8340dbf51ada98ed25da6ebef4e7f4999167503ba40b083308f919ca4f91fc285f011ab2242f065757fb6d3207a81e894891e148c511885df930b916a9a165bb3ce80f2fc9daf2fe1a8a5b250bb7f1f8a1a0d7cb0125cf441b260b321d35d65ce37318e33ec767eb4102bca25039730ed5a024e0f1c364622a001a049343969a2ef8d3653f5c6d948919ab40320834127e8ead1e840f750245aa6c44772b0d33dd8fe59e7622555ba8817023c6a480d828ffb447c509b0a72b6f6e37da673f580c4be04ddab7fb399da1b4d0803d93f1724299c854f404a7c780e58ddc0ca85ef9ba80d754862de6934e802f24f8cfb2794bb1b6065a7a820c68d0c6f90785b88f55046b369e58bec70537ec591c2f93893d7cdba6e81b4b2a66b474a0e322a403f08d30fc1edc3b86cb1ec84c544359e1336a5319ade4e69dab439f5b689fa9c13f4ff8221249989769c72eb33df064989fa336de1dc8a14770740a0bfddd3d766605606fc2f1ba36db4d5d22d995bf610d36e90566b6e8bfd58a6ea0087ac9e05bc0d96d0a9f036db4c8a447836038431024432c40f75899352f3f5a39635283eefc5ada331e7eb0094e64517b71a9c8dc9cbda5f66e5a68e284acba839d25ea761cd2aed22c2e4e5165b62334deb17a3e2acae6d36d95268ad5704c2de9db20945859213cc5ae6d7db95c875efbb9c926d429a2f85d46faa8187b8b69460d3377a5ef9469b766963ba91949f823830d063d89f327e0e03e915184b5744e8c8a9899e4e416eed55aa8fdb68bc7d887fcb9b1da11dcc0aaed3192fd4a340b89821952736e26e33a8a654ac8849f2c0a74740c815fb39a35f09a7e0b9cc4e983a57494be11770afe7ba63f78e200876e94d691b96b78060ab350958cff2ef1f4b08bbf5b081bce1ed42d079216be81b36bc19485faf558884426cb7245ad4e9d10424fee1e2f4f11d2e46a3ae74c3205036bb9fd80997739a4cb4b6baa27d8651ce1cfdb750de1af6d2594d4e62d9262d60f670e961334463e58560909b9cf0dba5da35a274467e6bed1db178870306869cdb2dc68963f0b58c9c220778492c949beb55a5bf84405c86adbef100c316f0ce7bf6af95510d2d5f463737089503fcefd440841fe518e91f371e1b25975b0cf1460eed8f8bea6564036d9c33416c2428d9116503fb353f97d60c7e609e684c543cf58ddd8a8efa35b3c43c00a57bb6f88ef431fa872513b2876d727bc5872b122504ba63cc22555201ad05c04a49b6f22178dc847b39cc5c218e1d13288e3282aded908ecf25bba27bc52faa65852e2bbc9c698348dfff20b458eb03601e73cb3892e0bd6d0868256fe6628b489a86b18cc29c07253ae04e2287e353fd7496243cac5423be69184f78434ed50f772be96e8c4193526920b06fcad9c69e2021dde90dfab2e9cf11bee012550ebd2c45756289d0f7714ff14973e13abf92e5ba5d66c5b50ca52bce85d178662bd322be519ba6e3d15835f243bba96a85f4ada7df9c82aebaf9378196763be0fac249655277d921b9ea72c240f9cbe28befdefe926a7341ebd86ae0c01e8ec313c0719fc7b2363c2854f4f2b4c74863bf39d54b19d12e26b0098b0f28cbd2c4b6638d31b4b07345285021cde52e6a6a8249c914520fc295a88e290ce68cf6325eccc0b0c8aae3cffec277cb104e040f226b0dcd6ff3d197a226a8e8a7016e243a9b9b75bc161aa9506d54c3cb1cfd066b0231e8efcc237a1d67d070eaa7f179d372497c521aed2e1004acabe8c89aaf36f145344532cd3c971bd6ab8c689424adb0702546dccbefeea307fe58618f87182e0e6201153a93686a0b9ba6ff2d84b845e3b3d65b1e1693279bfd28d31fdb40510083b4c285081616bb1a78a44b440775cf5281153ef7f43964259e48eec2e40149e6417f3d6285aa9ffe5e6301432bb7837aeae71033c52b34f18e7e108e8629b0401abd61cc8d36825438ecff50f9c335c51f5a554d0bc8f2aa4647e7f85b12707f78c39e03d113b685d053ca9eacef6ef2ed6375c690decdc0e2f20b56d0c61814edbd37c15a8dbcad7fd48b05b49d21055c6324cc1ec83a5b6f1474e9eac1c7ad9ac1d07d7572c2a7c57922be50b4b9240968a8a7f556332d9178c504a162a5cc2a3faa7cfd35c04e27aef84415bb1f70f1e19b5185761bf760e5539785cb233b5ed8bc885cf70b2c6d3ec41bcfb3b5bfefc4b241b8a34b5abd2ee380812ddc08f083af41d4fd3feb766c21f5eab87deaf24103185a80366b8a427d12e32897ad3c8e0ff0e1c44b2205b19dfd801146bf48ca5035d4d49ce9723f9ec0d61172e1e0b09c1dd9f1fab9c306e53b61a9e802dcc1a13224c328c610e2578444a66a1561a2080f46434989218227e1bba577c2f751e557ed43d5f77e9b36558e8bee005d61a4609efbbe8edf71b51e174266e0c624fa60164e807174c7374b3e8ae83bd68a8ad4d5aad7622642d92a4d78f37c5d0e06f9cd9740a8d530e3a5071ac90b34ccfe50361e621aba87aa23d162126d760e0ea93e7501d09d2bbe1ab022888f64c2793e782d5ec2f9ce0a8d332041e05278820cf5b1bbd7496a45301e019ba58b133ecfa989133501afa7b7f3cba92e22ddb1bf4681a928b3101b57e630edc21dbf7e9a33312cc3d41f672ac2544ddd89077efe93e9c3a3849538b52c8e7348d4825db9a0e07043e99fc35705bac5483cfec6304475ee228de2e1268d622c9cc561c9b849dfdea16a5c265efa14f9eb2a9f9afd48ab68e7d20f440ce3048bb84234b46a028d42335b7fde610d1205d8e86d956a8bd3ed4c0defff3c48c883819d28f0889698a2b95d7317310e734f08952bd8959cc8541ea90d3a343dbef86c3ffb12d70d831d10fba0cf9094750cb76ea9938f2e04df450cc5de7beae977ff2baecf6936fb2280a5283173b7d127e4f3888f9706b289ced76db8f44ffbcedca123f6f87fb85880506c2895e5d725a40d33bb3325ddb6a5aec6b349199898d36ecc5aaff507d0d1d7ab55301205a1dea4b81003114f298ca827b7edf6e58facb64590dbf69e1630e149b00768e14d630c86c4165ceb3a2e71cd204585e2c2b6ccec409b2d8460658eaed7ccde0a4d1fdec8792438804b69e4e76e0a8791c1357a39907bc293cd6e986f0dc41d2ac3d383936a883e9f76b473fa40b5737ff3e689848a6e5c858db053f22a61e630ca5f423f5b144bbf5eb39bb4f75cd77889b0ab9e3b1fd8e65275a0d1eff6d9b581efbd2453ff1be27b9cab31f55d1b837669181309328aed92beb6c2e4f6be51c93d23250ee5b7b66c9648dd736ffea00dfe6f7d5d6442de14af10b098066d43772ceba71dc48fc0612eb0331130b0aee25a710c84f15287f7702d58ea84ac2b060ee17d759824f7d86dfd95c605529b9505a01df788316f12235bb3b4ea0d38c5e2243952858cb1765f9b2679ce090486d8774a566e9f70213bdd198413112e11e5947eac871cd7ac1375aa05bdfccbcd6ade5c63ad5664431f884b12315ed56f4a3cf838236485365203d125395391729856e04d0a68afe260533751466f39c830e54fb4cfe34aa81a933418b7c313cd8fc10cf7a4f42a60c90fc113f270d163b350459c84cb40ce2485e5ddd3fa656dc324718f568d5d16d61c8a93036f205b5ed7ae7e9505783a9faeb6ff2cbe41d2676513ada47e5a6fc9095f0e81e34da8a32a4812fa2c96fdbebd4be5d5c465afb627fd7f2a48add05cce7fc4a6a6bc655103049bb2f532cd04360cd4d46e232b31bcb1e6ac9447787d952e097ed77a80898e2fb5fd3bba3de99014a704e5dc1467061b31d23ee531c6ccc4bc5ea52fa9940c327e7b4b5616cf0291629daca9027fb1ee2da18eeda883bfcbda18c39da97123ef6074fc7ff1ec473f380916ee812690ccd42ec27ab6189bb4d88e"}, 0x101d) (async)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000100)=0xa)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000001c0)=0xfe) (async)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"])
executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe)
keyctl$chown(0x4, r2, 0xffffffffffffffff, 0xee01)
keyctl$chown(0x4, r2, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvtap0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000240)={'wg2\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRESHEX=r0, @ANYBLOB="21000000000000002800128008000100687372001c00028008000100", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r4, @ANYBLOB="0500060000000000"], 0x48}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
executing program 5:
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x34, 0x68, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x4}, [@NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}, @NHA_ID={0x8, 0x6, 0xa00}, @NHA_OIF={0x8, 0x5, r3}]}, 0x34}}, 0x0) (async)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) (async)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) (async)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="010001"]) (async, rerun: 32)
close(r8) (async, rerun: 32)
socket(0x400000000010, 0x3, 0x0) (async)
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) (async)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000600)=@newsa={0x144, 0x10, 0x1, 0x0, 0x25dfdbfd, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, @in6=@local, 0x200, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast2, 0x4d2, 0x6c}, @in6=@remote, {0x0, 0x0, 0x0, 0x1, 0x0, 0x8000000000000000, 0x0, 0xffffffffffffffff}, {0x0, 0x4}, {}, 0x0, 0x3501, 0x2, 0x0, 0xfd}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x1}}]}, 0x144}}, 0x2004c840) (async)
read$FUSE(r0, &(0x7f0000000900)={0x2020}, 0x25)
executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3c)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x7, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1}, 0x700)
executing program 1:
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r0 = userfaultfd(0x80801)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0xb)
r2 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f00000000c0)={0x80, 0xa, 0x303, 0x0, 0x0, 0x6e9, 0x0})
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='pmap_register\x00', r2, 0x0, 0x1}, 0x18)
executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
close_range(r1, r2, 0x2) (async)
close_range(r1, r2, 0x2)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa) (async)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000200)={0x5001, 0x11000, 0x1})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000700)={{r5}, 0x0, 0xc, @inherit={0x48, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x5, {0x12, 0x5, 0x8, 0x8, 0x9}}}, @subvolid=0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0) (async)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000300)={0x80})
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffb6)
executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e0020f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 1:
setregid(0x0, 0xee01)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r0=>0x0)
getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
setresgid(0xffffffffffffffff, 0x0, r1)
setregid(0x0, r0)
r2 = syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x400)
ioctl$RTC_WKALM_RD(r2, 0x40187013, &(0x7f0000000200))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x15)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, r7, 0x0, 0x440}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000440)={{{@in6=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
r10 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000180)='(', 0x1, 0xfffffffffffffffb)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000280)={0x0, <r11=>0x0}, &(0x7f00000002c0)=0xc)
keyctl$chown(0x4, r10, r11, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
statx(r4, &(0x7f0000000340)='./file0\x00', 0x7100, 0x20, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
r14 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r15=>0x0}, &(0x7f0000cab000)=0xc)
lchown(&(0x7f0000000340)='./bus\x00', r15, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000740)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8)
fsetxattr$system_posix_acl(r5, &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="2b000000006e800ab371c9172fbf51ff", @ANYRES32=r7, @ANYBLOB="02000600", @ANYRES32=r8, @ANYBLOB="02000300", @ANYRES32=r11, @ANYBLOB="02000100", @ANYRES32=r12, @ANYBLOB="02000100", @ANYRES32=r13, @ANYBLOB="02000100", @ANYRES32=r15, @ANYBLOB="02000100", @ANYRES32=r16, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="040005000000000008000000", @ANYRES32=r0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32, @ANYBLOB="10000600000000002000010000000000"], 0x74, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="500000000104010800000000000000000a00000808000440000000060500010004000000080005400000800008000540000000030500010001"], 0x50}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000040)
executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449})
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) (async)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4) (async)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) (async)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) (async)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program did not crash
bisect: testing without sub-chunk 2/3
testing program (duration=6m6s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 12, 11, 25, 7, 18, 18, 3, 5, 4, 30, 2, 3, 17, 7, 40, 16, 29, 28, 8, 27, 12, 13, 3, 8]
detailed listing:
executing program 3:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e1200f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000005000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd2f, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) (async)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x0, 0x1) (async)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
syz_usb_connect(0x3, 0x5d, 0x0, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) (async)
setsockopt$inet_tcp_int(r3, 0x6, 0x3, 0x0, 0x0) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='exfat\x00', 0x0, 0x0) (async)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a00"], 0x44}}, 0x0) (async)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x1000)=nil) (async, rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0x70bd29, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0) (async)
close(r2) (async, rerun: 32)
socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff"], 0x3}}, 0x0) (async)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) (async)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)
executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
r2 = gettid()
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
syz_open_procfs(r3, &(0x7f0000000600)='net/llc/core\x00')
ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000200)={0x0, 0xfffffffffffffe64})
syz_clone3(&(0x7f0000000580)={0x204000, &(0x7f0000000280), &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000300), {0xb}, &(0x7f0000000480)=""/103, 0x67, &(0x7f0000000500)=""/79, &(0x7f0000000340)=[r2, r3, r2, r1, r2, r1, r1, r1, r3], 0x9}, 0x58)
setpgid(r3, r4)
mount$9p_fd(0x0, &(0x7f0000000140)='./file1/file0/file0\x00', 0x0, 0x11024c4, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8000, 0x20)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue1\x00'})
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r5, 0x100)
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000000)=@file={0x1}, 0x6e)
connect$unix(r6, &(0x7f0000000080)=@file={0x1}, 0x6e)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000180))
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1)
recvmsg$unix(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x2001)
recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2)
sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='#', 0x1}], 0x1}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a000000000010108000000000000000002000000240001801400018008000100ac1414aa08000200ac1414aa0c00028005000100000000003c0002802c0001807700030000000000000014000400000000000000000000000000000000010c0002800500010000000000080007400000000024000e8014000180080001007f00000129000200ac1e00010c0002800500010006000000"], 0xa0}}, 0x0)
executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 32:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
executing program 0:
r0 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000010000000068000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c30000000b8adaed8ec6e8fac0000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e6700000000000000000000000000000000000000000004000000000018040000000000000c0000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00000000fa0100000000000000000000000000000000000000000000000000000000004037118bc35d3037960000000000000000000000000000000000000000000000000000000000001f00000000000000000000009300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300020000000000000000006c00000000000000000000000000000000000000000000000000000000000000000000000000892f9284b45f00000000000000000000000000000000a600000000000000000000000000f9ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000800000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5000000000000000000000000000000e21071ce4cc8eaac65a0f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070cc490d0510d30ce90b91aedadb0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd00000000000000000000000000000000009476b0c33efd5e65b7316c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bc1d077b4817d693d02c0000000000000000000000000000000000416cbf6525780f42e3870800000000000000000000000000000000000000000000000000000000000000abcc3311337430270000000000000000000000000000000000000000000000000037ff1cf2f8e52e074300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d65992000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081cc42e042291bc3000000000000200000000000000000000000000000000000000000000000000000000000005de0eab8674f2269845f530928d7000000000000000000000000000000000000000000000000000000000000000000000000000000ee72000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000095dd0000000000000000c1a8a95ba6a3ba677371c303b5426300000000000000000000000000000000000000000000000000000000597924c6edee670300000000000000000000000000000000000000000000080000000000000000e28abc2086f4dcecbcd7aca1775004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000800000000000000000000000000000000000000000000000c81e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000052000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d100"/2376]}, 0x9c0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="7f9b05000200000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=0x1, @ANYBLOB="000000001e000000b70c4602000000000001000000000000080ae3a0bf1206bc4251d69870280a58a16f72f2ff27fc10a2ad464a431f808f0806a682c4e36945a2c976f3244b98"], &(0x7f0000000000)='GPL\x00', 0x1, 0xb5, &(0x7f0000000140)=""/181, 0x40f00, 0x58, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x1, 0x0, 0x10}, 0x10, 0x28f79, 0xffffffffffffffff, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], &(0x7f00000002c0)=[{0x5, 0x2, 0xb, 0xb}, {0x5, 0x1, 0xc, 0xb}], 0x10, 0x2, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000003c0)=r1, 0x4)
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 1:
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r0 = userfaultfd(0x80801)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0xb)
r2 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f00000000c0)={0x80, 0xa, 0x303, 0x0, 0x0, 0x6e9, 0x0})
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='pmap_register\x00', r2, 0x0, 0x1}, 0x18)
executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
close_range(r1, r2, 0x2) (async)
close_range(r1, r2, 0x2)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa) (async)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000200)={0x5001, 0x11000, 0x1})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000700)={{r5}, 0x0, 0xc, @inherit={0x48, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x5, {0x12, 0x5, 0x8, 0x8, 0x9}}}, @subvolid=0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0) (async)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000300)={0x80})
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffb6)
executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e0020f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 1:
setregid(0x0, 0xee01)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r0=>0x0)
getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
setresgid(0xffffffffffffffff, 0x0, r1)
setregid(0x0, r0)
r2 = syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x400)
ioctl$RTC_WKALM_RD(r2, 0x40187013, &(0x7f0000000200))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x15)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, r7, 0x0, 0x440}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000440)={{{@in6=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
r10 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000180)='(', 0x1, 0xfffffffffffffffb)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000280)={0x0, <r11=>0x0}, &(0x7f00000002c0)=0xc)
keyctl$chown(0x4, r10, r11, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
statx(r4, &(0x7f0000000340)='./file0\x00', 0x7100, 0x20, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
r14 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r15=>0x0}, &(0x7f0000cab000)=0xc)
lchown(&(0x7f0000000340)='./bus\x00', r15, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000740)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8)
fsetxattr$system_posix_acl(r5, &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="2b000000006e800ab371c9172fbf51ff", @ANYRES32=r7, @ANYBLOB="02000600", @ANYRES32=r8, @ANYBLOB="02000300", @ANYRES32=r11, @ANYBLOB="02000100", @ANYRES32=r12, @ANYBLOB="02000100", @ANYRES32=r13, @ANYBLOB="02000100", @ANYRES32=r15, @ANYBLOB="02000100", @ANYRES32=r16, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="040005000000000008000000", @ANYRES32=r0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32, @ANYBLOB="10000600000000002000010000000000"], 0x74, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="500000000104010800000000000000000a00000808000440000000060500010004000000080005400000800008000540000000030500010001"], 0x50}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000040)
executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449})
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) (async)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4) (async)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) (async)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) (async)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 12, 11, 25, 7, 18, 18, 3, 5, 4, 30, 2, 3]
detailed listing:
executing program 3:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e1200f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000005000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd2f, 0x25dfdbfc}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) (async)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x0, 0x1) (async)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
syz_usb_connect(0x3, 0x5d, 0x0, 0x0)
r3 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) (async)
setsockopt$inet_tcp_int(r3, 0x6, 0x3, 0x0, 0x0) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='exfat\x00', 0x0, 0x0) (async)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a00"], 0x44}}, 0x0) (async)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x1000)=nil) (async, rerun: 32)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x14, 0x15, 0x1, 0x70bd29, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4800}, 0x0) (async)
close(r2) (async, rerun: 32)
socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff"], 0x3}}, 0x0) (async)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) (async)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0)
executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x94)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
r2 = gettid()
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$setregs(0xd, r3, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
syz_open_procfs(r3, &(0x7f0000000600)='net/llc/core\x00')
ptrace$getregset(0x4204, r3, 0x2, &(0x7f0000000200)={0x0, 0xfffffffffffffe64})
syz_clone3(&(0x7f0000000580)={0x204000, &(0x7f0000000280), &(0x7f00000002c0)=<r4=>0x0, &(0x7f0000000300), {0xb}, &(0x7f0000000480)=""/103, 0x67, &(0x7f0000000500)=""/79, &(0x7f0000000340)=[r2, r3, r2, r1, r2, r1, r1, r1, r3], 0x9}, 0x58)
setpgid(r3, r4)
mount$9p_fd(0x0, &(0x7f0000000140)='./file1/file0/file0\x00', 0x0, 0x11024c4, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x8000, 0x20)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue1\x00'})
r5 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r5, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r5, 0x100)
r6 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r6, &(0x7f0000000000)=@file={0x1}, 0x6e)
connect$unix(r6, &(0x7f0000000080)=@file={0x1}, 0x6e)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000180))
executing program 3:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1)
recvmsg$unix(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x2001)
recvmsg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2)
sendmsg$inet(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='#', 0x1}], 0x1}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a000000000010108000000000000000002000000240001801400018008000100ac1414aa08000200ac1414aa0c00028005000100000000003c0002802c0001807700030000000000000014000400000000000000000000000000000000010c0002800500010000000000080007400000000024000e8014000180080001007f00000129000200ac1e00010c0002800500010006000000"], 0xa0}}, 0x0)
executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 32:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58)
r3 = accept4$alg(r2, 0x0, 0x0, 0x0)
io_setup(0xff, &(0x7f0000000380)=<r4=>0x0)
io_submit(r4, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r3, &(0x7f0000000340), 0xfdef}])
mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d106c72fffffffffffffff5000002000000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010)
linkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file7\x00', 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x50}}, 0x0)
sendmsg$inet(r0, &(0x7f00000008c0)={&(0x7f0000000600)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000800)=[{&(0x7f0000000640)="6a50916f", 0x4}], 0x1, &(0x7f0000000840)=ANY=[@ANYBLOB="100000000000000000000f000000000000000000000000000000601861d0b87eeb2a000000000000"], 0x28}, 0x20008050)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb010018000000000000005600000056000000050000000d0000000300000f020000000100000007000000faf0000003000000070000000500000001000000060000000c000000f5ae0a0000000000000b010000000c0000000000000c0500000008000000e0ff000b010000000000002e2e6100"], &(0x7f00000001c0)=""/128, 0x75, 0x80, 0x0, 0xfffffff7, 0x0, @void, @value}, 0x28)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
executing program 0:
r0 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000010000000068000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c30000000b8adaed8ec6e8fac0000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e6700000000000000000000000000000000000000000004000000000018040000000000000c0000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00000000fa0100000000000000000000000000000000000000000000000000000000004037118bc35d3037960000000000000000000000000000000000000000000000000000000000001f00000000000000000000009300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300020000000000000000006c00000000000000000000000000000000000000000000000000000000000000000000000000892f9284b45f00000000000000000000000000000000a600000000000000000000000000f9ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000800000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5000000000000000000000000000000e21071ce4cc8eaac65a0f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070cc490d0510d30ce90b91aedadb0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd00000000000000000000000000000000009476b0c33efd5e65b7316c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bc1d077b4817d693d02c0000000000000000000000000000000000416cbf6525780f42e3870800000000000000000000000000000000000000000000000000000000000000abcc3311337430270000000000000000000000000000000000000000000000000037ff1cf2f8e52e074300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d65992000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081cc42e042291bc3000000000000200000000000000000000000000000000000000000000000000000000000005de0eab8674f2269845f530928d7000000000000000000000000000000000000000000000000000000000000000000000000000000ee72000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000095dd0000000000000000c1a8a95ba6a3ba677371c303b5426300000000000000000000000000000000000000000000000000000000597924c6edee670300000000000000000000000000000000000000000000080000000000000000e28abc2086f4dcecbcd7aca1775004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000800000000000000000000000000000000000000000000000c81e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000052000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d100"/2376]}, 0x9c0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="7f9b05000200000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=0x1, @ANYBLOB="000000001e000000b70c4602000000000001000000000000080ae3a0bf1206bc4251d69870280a58a16f72f2ff27fc10a2ad464a431f808f0806a682c4e36945a2c976f3244b98"], &(0x7f0000000000)='GPL\x00', 0x1, 0xb5, &(0x7f0000000140)=""/181, 0x40f00, 0x58, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x1, 0x0, 0x10}, 0x10, 0x28f79, 0xffffffffffffffff, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], &(0x7f00000002c0)=[{0x5, 0x2, 0xb, 0xb}, {0x5, 0x1, 0xc, 0xb}], 0x10, 0x2, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000003c0)=r1, 0x4)
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)

program did not crash
bisect: split chunks (needed=true): <13>, <12>
bisect: split chunk #0 of len 13 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m4s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 5, 4, 30, 2, 3, 17, 7, 40, 16, 29, 28, 8, 27, 12, 13, 3, 8]
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
executing program 0:
r0 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000010000000068000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c30000000b8adaed8ec6e8fac0000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e6700000000000000000000000000000000000000000004000000000018040000000000000c0000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00000000fa0100000000000000000000000000000000000000000000000000000000004037118bc35d3037960000000000000000000000000000000000000000000000000000000000001f00000000000000000000009300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300020000000000000000006c00000000000000000000000000000000000000000000000000000000000000000000000000892f9284b45f00000000000000000000000000000000a600000000000000000000000000f9ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000800000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5000000000000000000000000000000e21071ce4cc8eaac65a0f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070cc490d0510d30ce90b91aedadb0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd00000000000000000000000000000000009476b0c33efd5e65b7316c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bc1d077b4817d693d02c0000000000000000000000000000000000416cbf6525780f42e3870800000000000000000000000000000000000000000000000000000000000000abcc3311337430270000000000000000000000000000000000000000000000000037ff1cf2f8e52e074300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d65992000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081cc42e042291bc3000000000000200000000000000000000000000000000000000000000000000000000000005de0eab8674f2269845f530928d7000000000000000000000000000000000000000000000000000000000000000000000000000000ee72000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000095dd0000000000000000c1a8a95ba6a3ba677371c303b5426300000000000000000000000000000000000000000000000000000000597924c6edee670300000000000000000000000000000000000000000000080000000000000000e28abc2086f4dcecbcd7aca1775004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000800000000000000000000000000000000000000000000000c81e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000052000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d100"/2376]}, 0x9c0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="7f9b05000200000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=0x1, @ANYBLOB="000000001e000000b70c4602000000000001000000000000080ae3a0bf1206bc4251d69870280a58a16f72f2ff27fc10a2ad464a431f808f0806a682c4e36945a2c976f3244b98"], &(0x7f0000000000)='GPL\x00', 0x1, 0xb5, &(0x7f0000000140)=""/181, 0x40f00, 0x58, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x1, 0x0, 0x10}, 0x10, 0x28f79, 0xffffffffffffffff, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], &(0x7f00000002c0)=[{0x5, 0x2, 0xb, 0xb}, {0x5, 0x1, 0xc, 0xb}], 0x10, 0x2, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000003c0)=r1, 0x4)
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 1:
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r0 = userfaultfd(0x80801)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0xb)
r2 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f00000000c0)={0x80, 0xa, 0x303, 0x0, 0x0, 0x6e9, 0x0})
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='pmap_register\x00', r2, 0x0, 0x1}, 0x18)
executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, 0xa}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=@newlink={0x30, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xffffff81}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xfffffffc}, @IFLA_GROUP={0x8, 0x1b, 0x7}]}, 0x30}}, 0xce11d616fa4344f8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
close_range(r1, r2, 0x2) (async)
close_range(r1, r2, 0x2)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa) (async)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f00000002c0)=0xa)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000200)={0x5001, 0x11000, 0x1})
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000700)={{r5}, 0x0, 0xc, @inherit={0x48, &(0x7f0000000080)={0x1, 0x0, 0x2, 0x5, {0x12, 0x5, 0x8, 0x8, 0x9}}}, @subvolid=0x6})
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0) (async)
r6 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x60002, 0x0)
ioctl$FS_IOC_GETFSSYSFSPATH(r6, 0x80811501, &(0x7f0000000300)={0x80})
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0xffffffffffffffb6)
executing program 1:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socket$can_raw(0x1d, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
pipe(&(0x7f0000000100))
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000304fcffffff3f00000000000000", @ANYRES32=0x0, @ANYBLOB="a5edad8800000000140012800b0001006970766c616e0020f3fe028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
executing program 1:
setregid(0x0, 0xee01)
getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r0=>0x0)
getresgid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
setresgid(0xffffffffffffffff, 0x0, r1)
setregid(0x0, r0)
r2 = syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x400)
ioctl$RTC_WKALM_RD(r2, 0x40187013, &(0x7f0000000200))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x15)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r6, &(0x7f00000021c0)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2000, 0x0, r7, 0x0, 0x440}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000440)={{{@in6=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in6}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xe8)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
r10 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000180)='(', 0x1, 0xfffffffffffffffb)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000280)={0x0, <r11=>0x0}, &(0x7f00000002c0)=0xc)
keyctl$chown(0x4, r10, r11, 0x0)
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r12=>0x0})
statx(r4, &(0x7f0000000340)='./file0\x00', 0x7100, 0x20, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, <r13=>0x0})
r14 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r15=>0x0}, &(0x7f0000cab000)=0xc)
lchown(&(0x7f0000000340)='./bus\x00', r15, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000740)={{{@in=@multicast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0}}, {{@in=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8)
fsetxattr$system_posix_acl(r5, &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000640)=ANY=[@ANYBLOB="2b000000006e800ab371c9172fbf51ff", @ANYRES32=r7, @ANYBLOB="02000600", @ANYRES32=r8, @ANYBLOB="02000300", @ANYRES32=r11, @ANYBLOB="02000100", @ANYRES32=r12, @ANYBLOB="02000100", @ANYRES32=r13, @ANYBLOB="02000100", @ANYRES32=r15, @ANYBLOB="02000100", @ANYRES32=r16, @ANYBLOB="02000100", @ANYRES32, @ANYBLOB="040005000000000008000000", @ANYRES32=r0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32, @ANYBLOB="10000600000000002000010000000000"], 0x74, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="500000000104010800000000000000000a00000808000440000000060500010004000000080005400000800008000540000000030500010001"], 0x50}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000040)
executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449})
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r3=>0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) (async)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)={@my=0x1}) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000001c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x2449}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r4) (async)
sendmsg$NFC_CMD_SE_IO(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002bbd7000ffdbdf251b00000006001900baa7000008001500c000000008000100", @ANYRES32=r3, @ANYBLOB="0867934a178d38f23b6411d09c201034d1fa25"], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x4000) (async)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) (async)
recvfrom(r0, 0x0, 0x0, 0x734, 0x0, 0x0) (async)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 12 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m3s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 5, 4, 30, 2, 3, 8, 27, 12, 13, 3, 8]
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port1\x00', 0xe3, 0x111c37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9}) (async)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00')
executing program 0:
r0 = socket(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000010000000068000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c30000000b8adaed8ec6e8fac0000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e6700000000000000000000000000000000000000000004000000000018040000000000000c0000000c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00000000fa0100000000000000000000000000000000000000000000000000000000004037118bc35d3037960000000000000000000000000000000000000000000000000000000000001f00000000000000000000009300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300020000000000000000006c00000000000000000000000000000000000000000000000000000000000000000000000000892f9284b45f00000000000000000000000000000000a600000000000000000000000000f9ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000800000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c5000000000000000000000000000000e21071ce4cc8eaac65a0f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070cc490d0510d30ce90b91aedadb0c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dd00000000000000000000000000000000009476b0c33efd5e65b7316c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bc1d077b4817d693d02c0000000000000000000000000000000000416cbf6525780f42e3870800000000000000000000000000000000000000000000000000000000000000abcc3311337430270000000000000000000000000000000000000000000000000037ff1cf2f8e52e074300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d65992000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cbcb951a4f0f3300ebb39c00000000000000000000000000000000000000000000000000000000000000000000000000e70000000000053cbf7eee533b170000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081cc42e042291bc3000000000000200000000000000000000000000000000000000000000000000000000000005de0eab8674f2269845f530928d7000000000000000000000000000000000000000000000000000000000000000000000000000000ee72000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000095dd0000000000000000c1a8a95ba6a3ba677371c303b5426300000000000000000000000000000000000000000000000000000000597924c6edee670300000000000000000000000000000000000000000000080000000000000000e28abc2086f4dcecbcd7aca1775004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000800000000000000000000000000000000000000000000000c81e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000052000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003800e04771f4c2d100"/2376]}, 0x9c0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_tracing={0x1a, 0xa, &(0x7f0000000400)=ANY=[@ANYBLOB="7f9b05000200000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018110000", @ANYRES32=0x1, @ANYBLOB="000000001e000000b70c4602000000000001000000000000080ae3a0bf1206bc4251d69870280a58a16f72f2ff27fc10a2ad464a431f808f0806a682c4e36945a2c976f3244b98"], &(0x7f0000000000)='GPL\x00', 0x1, 0xb5, &(0x7f0000000140)=""/181, 0x40f00, 0x58, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0x1, 0x0, 0x10}, 0x10, 0x28f79, 0xffffffffffffffff, 0x2, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], &(0x7f00000002c0)=[{0x5, 0x2, 0xb, 0xb}, {0x5, 0x1, 0xc, 0xb}], 0x10, 0x2, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000003c0)=r1, 0x4)
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <6>, <6>
bisect: split chunk #0 of len 6 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 2, 3, 8, 27, 12, 13, 3, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 6 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 2, 3, 13, 3, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 4:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x2, 0xc, 0x3, 0x4a, 0x8, 0x5, 0x6, 0x80000001, 0xff, 0x7, 0xfffffffffffffffe, 0x1, 0x8, 0x8000000000000001, 0x2], 0xeeee8000, 0x2804})
r2 = socket$tipc(0x1e, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x20002, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TCFLSH(r3, 0x40204706, 0x20000010)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40bc5311, &(0x7f0000000140)={0x80, 0x1})
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x2c, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xe, 0xd}, {0x0, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8a400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000000)=ANY=[@ANYRES8=r1], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@filter={'filter\x00', 0x4, 0x4, 0x470, 0xffffffff, 0x0, 0x0, 0x0, 0xfeffffff, 0xffffffff, 0x3a0, 0x3a0, 0x3a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5}}}, {{@ipv6={@private2, @empty, [], [], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0xf0, 0x130, 0x0, {}, [@common=@dst={{0x48}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x2, 0x57, {0x2000000}}}}, {{@ipv6={@empty, @mcast1, [], [0x0, 0xffffff00], 'ip6tnl0\x00', 'dvmrp0\x00'}, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @dev, @private1, [0x0, 0x0, 0xff], [], [], 0x843}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f00007ce000/0x4000)=nil, 0x4000, 0x7, 0x13, r3, 0xbcb04000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 2, 3, 8, 27, 12]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <3>, <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 8, 27, 12]
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 2, 8, 27, 12]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: split chunk #1 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 2, 12]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 5:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}, @func_proto={0x0, 0x3, 0x0, 0xd, 0x0, [{}, {}, {0xa}]}]}}, 0x0, 0x52, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
ppoll(&(0x7f0000000100)=[{r3, 0x284}, {r0, 0x200}, {r0, 0x4041}, {r3, 0xc0}], 0x4, &(0x7f00000002c0)={r4, r5+60000000}, &(0x7f0000000340)={[0x3]}, 0x8)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000380)={0xb, 0x8, 0x3, 0x1, 0x1a, "174d57425ff8e37fa2f887b5298c49b3f4d806"})
mount(&(0x7f00000006c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='ext3\x00', 0x204001, 0x0)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0xffffffffffffff0f, &(0x7f0000000440)={&(0x7f00000006c0)={0x114, r2, 0xe701ac47a3d23ecd, 0x0, 0x2, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93UK\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~=\xe5\xdc\x90\a\xe7M\x9c<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4'}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x114}}, 0x0)
syz_open_pts(r0, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 2, 8, 27]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <2>, <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 8, 27]
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000002012c20300000000000000000214008000"/36], 0x24}, 0x1, 0x0, 0x0, 0x4000804}, 0x4008850)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 8, 27]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: split chunk #1 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 27]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000003880)=ANY=[@ANYBLOB='huge=always']) (async)
chdir(&(0x7f0000000140)='./file0\x00')
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
fstat(r1, &(0x7f00000006c0)) (async)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0)
mount(&(0x7f0000000080)=@sr0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='hfs\x00', 0x483, 0x0) (async)
r4 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000040), 0x143882, 0x0)
ioctl$FBIOBLANK(r4, 0x4611, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUMOUTPUT(r6, 0xc0485630, &(0x7f0000000040)={0x1, "5afcf8f5a92fbd60885b3e07389454579dda7ba2b552916493e5090a86961e55", 0x3, 0x4, 0xc45, 0x80008, 0x8}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x13, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x9d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0xb, &(0x7f0000000040)) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x3}, @device_b, @device_b}, @ext_ch_sw={0x4, 0x4, {{0x1, 0x9, 0x0, 0xff}, @void}}}}]}, 0x40}}, 0x80)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000340)=@o_path={&(0x7f00000001c0)='./bus\x00', r0, 0x4000, r5}, 0x18)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000a2dbd7000ff0000000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x240000d4)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="e10931d8640a00000000000086dd60014100001088002000000000fe8000000000000000000000000000aa00000000000890780200000000000000"], 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <1>, <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunk #1 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r11, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [28, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r9=>0x0})
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r9, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r10, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [26, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r5 = dup(r4)
write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r3, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r7=>0x0})
setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r7, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [25, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r2, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r6=>0x0})
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r6, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [24, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r1, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'geneve1\x00', <r5=>0x0})
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000000)={0x1, 0x1, 0xf7, 0x5, @vifc_lcl_ifindex=r5, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [23, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'geneve1\x00'})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [21, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
socket$packet(0x11, 0x3, 0x300)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [19, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
sendmsg$IPCTNL_MSG_CT_GET_STATS(0xffffffffffffffff, &(0x7f0000002340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x14, 0x5, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x810)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [17, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r0 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [16, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
socket(0x10, 0x3, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [13, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$kcm(0x10, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000f2c8f878fccf275700786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200007d952b789b656cc30400000085000000060000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 8]
detailed listing:
executing program 0:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 8]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x400448c9, &(0x7f0000000200)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
minimized 30 calls -> 9 calls
minimizing program #1 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 7]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 6]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 6]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 6]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x21, &(0x7f00000056c0), 0x4)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 5]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 4]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 3]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r0, r0, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 3]
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 0:
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
minimized 8 calls -> 4 calls
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-write$FUSE_DIRENT-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
bisect: concatenation succeeded
found reproducer with 13 syscalls
minimizing guilty program
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-write$FUSE_DIRENT-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-write$FUSE_DIRENT-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-write$FUSE_DIRENT-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-write$FUSE_DIRENT-mount$9p_fd-chdir-syz_clone-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-write$FUSE_DIRENT-mount$9p_fd-chdir-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-write$FUSE_DIRENT-mount$9p_fd-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-write$FUSE_DIRENT-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENT(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58)
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-dup-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
dup(r1)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-write$P9_RVERSION-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-pipe2$9p-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r0 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r0 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, 0x0, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000340)={r2, r2, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=6m39.168313058s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program did not crash
testing program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
detailed listing:
executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff001000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000100)='./file0\x00')
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})

program crashed: KASAN: slab-use-after-free Read in l2cap_unregister_user
extracting C reproducer
testing compiled C program (duration=6m39.168313058s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): pipe2$9p-write$P9_RVERSION-dup-write$FUSE_BMAP-mount$9p_fd-chdir-syz_clone-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-syz_init_net_socket$bt_hidp-ioctl$sock_bt_hidp_HIDPCONNADD
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
reproducing took 8h11m25.070195028s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:172 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:667 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock+0x96b/0xa60 kernel/locking/mutex.c:735
Read of size 8 at addr ffff888030974060 by task khidpd_15c25886/18252

CPU: 3 UID: 0 PID: 18252 Comm: khidpd_15c25886 Not tainted 6.13.0-rc6-syzkaller-00231-g77a903cd8e5a #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 __mutex_waiter_is_first kernel/locking/mutex.c:172 [inline]
 __mutex_lock_common kernel/locking/mutex.c:667 [inline]
 __mutex_lock+0x96b/0xa60 kernel/locking/mutex.c:735
 l2cap_unregister_user+0x71/0x240 net/bluetooth/l2cap_core.c:1726
 hidp_session_thread+0x462/0x650 net/bluetooth/hidp/core.c:1304
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 17187:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4298 [inline]
 __kmalloc_noprof+0x21c/0x510 mm/slub.c:4310
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 hci_alloc_dev_priv+0x1d/0x2820 net/bluetooth/hci_core.c:2439
 hci_alloc_dev include/net/bluetooth/hci_core.h:1693 [inline]
 __vhci_create_device+0xef/0x7d0 drivers/bluetooth/hci_vhci.c:399
 vhci_create_device drivers/bluetooth/hci_vhci.c:470 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:527 [inline]
 vhci_write+0x2c3/0x470 drivers/bluetooth/hci_vhci.c:607
 new_sync_write fs/read_write.c:586 [inline]
 vfs_write+0x5ae/0x1150 fs/read_write.c:679
 ksys_write+0x12b/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 19035:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4613 [inline]
 kfree+0x14f/0x4b0 mm/slub.c:4761
 hci_release_dev+0x4d9/0x600 net/bluetooth/hci_core.c:2758
 bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:87
 device_release+0xa1/0x240 drivers/base/core.c:2567
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1e4/0x5a0 lib/kobject.c:737
 put_device+0x1f/0x30 drivers/base/core.c:3773
 vhci_release+0x81/0xf0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x24ed/0x26c0 kernel/signal.c:3017
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Last potentially related work creation:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 __kasan_record_aux_stack+0xba/0xd0 mm/kasan/generic.c:544
 insert_work+0x36/0x230 kernel/workqueue.c:2183
 __queue_work+0x3f8/0x1080 kernel/workqueue.c:2343
 queue_work_on+0x11a/0x140 kernel/workqueue.c:2390
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3317 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Second to last potentially related work creation:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 __kasan_record_aux_stack+0xba/0xd0 mm/kasan/generic.c:544
 insert_work+0x36/0x230 kernel/workqueue.c:2183
 __queue_work+0x97e/0x1080 kernel/workqueue.c:2339
 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1793
 expire_timers kernel/time/timer.c:1839 [inline]
 __run_timers+0x56a/0x930 kernel/time/timer.c:2418
 __run_timer_base kernel/time/timer.c:2430 [inline]
 __run_timer_base kernel/time/timer.c:2422 [inline]
 run_timer_base+0x114/0x190 kernel/time/timer.c:2439
 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702

The buggy address belongs to the object at ffff888030974000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 96 bytes inside of
 freed 8192-byte region [ffff888030974000, ffff888030976000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30970
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b043180 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801b043180 dead000000000122 0000000000000000
head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea0000c25c01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5654, tgid 5654 (dhcpcd), ts 501883385390, free_ts 501883113722
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1558
 prep_new_page mm/page_alloc.c:1566 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3476
 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4753
 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2269
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2589 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2642
 ___slab_alloc+0xd7d/0x17a0 mm/slub.c:3830
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __do_kmalloc_node mm/slub.c:4297 [inline]
 __kmalloc_node_track_caller_noprof+0x2f1/0x510 mm/slub.c:4317
 kmalloc_reserve+0xef/0x2c0 net/core/skbuff.c:609
 __alloc_skb+0x164/0x380 net/core/skbuff.c:678
 alloc_skb include/linux/skbuff.h:1323 [inline]
 netlink_dump+0x2c1/0xd00 net/netlink/af_netlink.c:2283
 netlink_recvmsg+0xa0d/0xf30 net/netlink/af_netlink.c:1973
 sock_recvmsg_nosec net/socket.c:1033 [inline]
 sock_recvmsg+0x1f6/0x250 net/socket.c:1055
 ____sys_recvmsg+0x219/0x6b0 net/socket.c:2803
 ___sys_recvmsg+0x115/0x1a0 net/socket.c:2845
 __sys_recvmsg+0x16b/0x220 net/socket.c:2878
page last free pid 5654 tgid 5654 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0x1080 mm/page_alloc.c:2659
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4119 [inline]
 slab_alloc_node mm/slub.c:4168 [inline]
 kmem_cache_alloc_node_noprof+0x223/0x3c0 mm/slub.c:4220
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1323 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1196
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1866
 sock_sendmsg_nosec net/socket.c:711 [inline]
 __sock_sendmsg net/socket.c:726 [inline]
 __sys_sendto+0x488/0x4f0 net/socket.c:2197
 __do_sys_sendto net/socket.c:2204 [inline]
 __se_sys_sendto net/socket.c:2200 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2200
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888030973f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888030973f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888030974000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                       ^
 ffff888030974080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888030974100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in __mutex_waiter_is_first kernel/locking/mutex.c:172 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:667 [inline]
BUG: KASAN: slab-use-after-free in __mutex_lock+0x96b/0xa60 kernel/locking/mutex.c:735
Read of size 8 at addr ffff888030974060 by task khidpd_15c25886/18252

CPU: 3 UID: 0 PID: 18252 Comm: khidpd_15c25886 Not tainted 6.13.0-rc6-syzkaller-00231-g77a903cd8e5a #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:489
 kasan_report+0xd9/0x110 mm/kasan/report.c:602
 __mutex_waiter_is_first kernel/locking/mutex.c:172 [inline]
 __mutex_lock_common kernel/locking/mutex.c:667 [inline]
 __mutex_lock+0x96b/0xa60 kernel/locking/mutex.c:735
 l2cap_unregister_user+0x71/0x240 net/bluetooth/l2cap_core.c:1726
 hidp_session_thread+0x462/0x650 net/bluetooth/hidp/core.c:1304
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>

Allocated by task 17187:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4298 [inline]
 __kmalloc_noprof+0x21c/0x510 mm/slub.c:4310
 kmalloc_noprof include/linux/slab.h:905 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 hci_alloc_dev_priv+0x1d/0x2820 net/bluetooth/hci_core.c:2439
 hci_alloc_dev include/net/bluetooth/hci_core.h:1693 [inline]
 __vhci_create_device+0xef/0x7d0 drivers/bluetooth/hci_vhci.c:399
 vhci_create_device drivers/bluetooth/hci_vhci.c:470 [inline]
 vhci_get_user drivers/bluetooth/hci_vhci.c:527 [inline]
 vhci_write+0x2c3/0x470 drivers/bluetooth/hci_vhci.c:607
 new_sync_write fs/read_write.c:586 [inline]
 vfs_write+0x5ae/0x1150 fs/read_write.c:679
 ksys_write+0x12b/0x250 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 19035:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2353 [inline]
 slab_free mm/slub.c:4613 [inline]
 kfree+0x14f/0x4b0 mm/slub.c:4761
 hci_release_dev+0x4d9/0x600 net/bluetooth/hci_core.c:2758
 bt_host_release+0x6a/0xb0 net/bluetooth/hci_sysfs.c:87
 device_release+0xa1/0x240 drivers/base/core.c:2567
 kobject_cleanup lib/kobject.c:689 [inline]
 kobject_release lib/kobject.c:720 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x1e4/0x5a0 lib/kobject.c:737
 put_device+0x1f/0x30 drivers/base/core.c:3773
 vhci_release+0x81/0xf0 drivers/bluetooth/hci_vhci.c:665
 __fput+0x3f8/0xb60 fs/file_table.c:450
 task_work_run+0x14e/0x250 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0xad8/0x2d70 kernel/exit.c:938
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
 get_signal+0x24ed/0x26c0 kernel/signal.c:3017
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Last potentially related work creation:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 __kasan_record_aux_stack+0xba/0xd0 mm/kasan/generic.c:544
 insert_work+0x36/0x230 kernel/workqueue.c:2183
 __queue_work+0x3f8/0x1080 kernel/workqueue.c:2343
 queue_work_on+0x11a/0x140 kernel/workqueue.c:2390
 process_one_work+0x9c5/0x1ba0 kernel/workqueue.c:3236
 process_scheduled_works kernel/workqueue.c:3317 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Second to last potentially related work creation:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 __kasan_record_aux_stack+0xba/0xd0 mm/kasan/generic.c:544
 insert_work+0x36/0x230 kernel/workqueue.c:2183
 __queue_work+0x97e/0x1080 kernel/workqueue.c:2339
 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1793
 expire_timers kernel/time/timer.c:1839 [inline]
 __run_timers+0x56a/0x930 kernel/time/timer.c:2418
 __run_timer_base kernel/time/timer.c:2430 [inline]
 __run_timer_base kernel/time/timer.c:2422 [inline]
 run_timer_base+0x114/0x190 kernel/time/timer.c:2439
 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702

The buggy address belongs to the object at ffff888030974000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 96 bytes inside of
 freed 8192-byte region [ffff888030974000, ffff888030976000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30970
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b043180 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801b043180 dead000000000122 0000000000000000
head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea0000c25c01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5654, tgid 5654 (dhcpcd), ts 501883385390, free_ts 501883113722
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1558
 prep_new_page mm/page_alloc.c:1566 [inline]
 get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3476
 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4753
 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2269
 alloc_slab_page mm/slub.c:2423 [inline]
 allocate_slab mm/slub.c:2589 [inline]
 new_slab+0x2c9/0x410 mm/slub.c:2642
 ___slab_alloc+0xd7d/0x17a0 mm/slub.c:3830
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __do_kmalloc_node mm/slub.c:4297 [inline]
 __kmalloc_node_track_caller_noprof+0x2f1/0x510 mm/slub.c:4317
 kmalloc_reserve+0xef/0x2c0 net/core/skbuff.c:609
 __alloc_skb+0x164/0x380 net/core/skbuff.c:678
 alloc_skb include/linux/skbuff.h:1323 [inline]
 netlink_dump+0x2c1/0xd00 net/netlink/af_netlink.c:2283
 netlink_recvmsg+0xa0d/0xf30 net/netlink/af_netlink.c:1973
 sock_recvmsg_nosec net/socket.c:1033 [inline]
 sock_recvmsg+0x1f6/0x250 net/socket.c:1055
 ____sys_recvmsg+0x219/0x6b0 net/socket.c:2803
 ___sys_recvmsg+0x115/0x1a0 net/socket.c:2845
 __sys_recvmsg+0x16b/0x220 net/socket.c:2878
page last free pid 5654 tgid 5654 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1127 [inline]
 free_unref_page+0x661/0x1080 mm/page_alloc.c:2659
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4119 [inline]
 slab_alloc_node mm/slub.c:4168 [inline]
 kmem_cache_alloc_node_noprof+0x223/0x3c0 mm/slub.c:4220
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1323 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1196
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1866
 sock_sendmsg_nosec net/socket.c:711 [inline]
 __sock_sendmsg net/socket.c:726 [inline]
 __sys_sendto+0x488/0x4f0 net/socket.c:2197
 __do_sys_sendto net/socket.c:2204 [inline]
 __se_sys_sendto net/socket.c:2200 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2200
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff888030973f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888030973f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888030974000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                       ^
 ffff888030974080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888030974100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================