Extracting prog: 3h16m33.654535378s
Minimizing prog: 54m47.399997195s
Simplifying prog options: 16m8.926936917s
Extracting C: 6m15.459100898s
Simplifying C: 0s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-timer_delete-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-openat$kvm-dup3-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-ioctl$AUTOFS_DEV_IOCTL_PROTOVER-add_key$user-keyctl$dh_compute-socket$inet_icmp_raw-add_key$keyring-pipe2$watch_queue-recvmsg$kcm-keyctl$KEYCTL_WATCH_KEY-openat$sndtimer-keyctl$revoke-bpf$ITER_CREATE-close-syz_init_net_socket$bt_l2cap-ioctl$sock_SIOCGSKNS-bpf$PROG_LOAD
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
timer_delete(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sched_process_wait\x00', r0}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffdb, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000180)=""/82, 0x52, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000480)=@alg, 0x80, &(0x7f0000000900)}, 0x1)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xd8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x47900)
keyctl$revoke(0x3, r4)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_SIOCGSKNS(r7, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$alg-bind$alg-accept4-sendmmsg$alg-recvmsg$can_j1939
detailed listing:
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$hiddev-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_open_dev$sg-fcntl$dupfd-socket-ioctl$SG_GET_REQUEST_TABLE-syz_open_dev$loop-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-ioctl$F2FS_IOC_GET_COMPRESS_OPTION-syz_open_dev$MSR-read$msr-socket$kcm-timerfd_create-timerfd_settime-close_range-socket$packet-socket$nl_route-socketpair$tipc-syz_open_dev$loop-read$FUSE-sendmmsg$inet
detailed listing:
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): signalfd-setsockopt$IPT_SO_SET_REPLACE-getpid-prlimit64-sched_setscheduler-sched_setaffinity-syz_open_dev$MSR-read$msr-gettid-timer_create-read$FUSE-timer_settime
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-sched_setscheduler-mmap-socketpair$unix-sched_setaffinity-connect$unix-sendmmsg$unix-recvmmsg-socket$inet6_udplite-setsockopt$inet6_udp_int-sendmmsg$inet6-sched_setaffinity-move_mount-syz_io_uring_setup-bpf$MAP_CREATE-syz_open_dev$sndctrl-ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r2, &(0x7f0000000740)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0xfffffffffffdfffe)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x9d87, 0xa83}, &(0x7f0000000240), &(0x7f00000002c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045540, &(0x7f0000000100))

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 6m0s
testing program (duration=6m7s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 29, 26, 21, 20, 5, 20, 14, 18, 20, 12, 10, 7, 23, 29, 29, 5, 20, 2, 6, 20, 14, 11, 10, 19, 25, 12, 23, 5, 29]
detailed listing:
executing program 2:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
socket$qrtr(0x2a, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
tgkill(r0, r0, 0x11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = io_uring_setup(0x664c, &(0x7f0000000580)={0x0, 0xdcd5, 0x1880, 0x8000002})
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r3, &(0x7f0000000740)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000280)=0xfffffffffffdfffe)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x9d87, 0xa83}, &(0x7f0000000240), &(0x7f00000002c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r4 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205647, &(0x7f0000000440)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x7fff, '\x00', @p_u8=0x0}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r6, 0xc0045540, &(0x7f0000000100))
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
getpid()
executing program 2:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x12, 0xc3, 0x5b, 0x40, 0x403, 0x6010, 0xc698, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf5, 0x75, 0xf6}}]}}]}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1}, './bus\x00'})
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019bc0)=""/102400, 0x19000)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
ioctl$AUTOFS_IOC_FAIL(r3, 0x4c80, 0x7000000)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r4, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d440fe0000000000002900000032000000", 0xfe60)
r5 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff)
getsockname(r5, 0x0, &(0x7f0000000040))
executing program 2:
r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfffffffd})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x6b5, 0x41)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x6)
recvmsg$can_bcm(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 2:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r1 = socket$inet6(0xa, 0x2, 0x3a)
r2 = dup(r1)
bind$unix(r2, 0x0, 0x0)
r3 = open$dir(&(0x7f0000000140)='./bus\x00', 0xa0001, 0x0)
fanotify_mark(r2, 0x2, 0x20, r3, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat(r4, 0x0, 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r5 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(0x0, 0x0)
renameat2(r5, 0x0, r5, &(0x7f0000000200)='./bus/file0\x00', 0x0)
mknod$loop(&(0x7f0000000100)='./bus\x00', 0x2000, 0x1)
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents64(r6, &(0x7f0000000180)=""/92, 0x5c)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000180)={0x0, 0x800, 0x4}})
executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)
executing program 3:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bind$qrtr(0xffffffffffffffff, &(0x7f0000000000)={0x2a, 0x2, 0x7ffe}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
tgkill(r0, r0, 0x11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = io_uring_setup(0x664c, &(0x7f0000000580)={0x0, 0xdcd5, 0x1880, 0x8000002})
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000240)={0x34, 0x0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x34}}, 0x40)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000640)={0x10000, 0x2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a000100"], 0x48}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0), 0x492492492492627, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r0, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r2, &(0x7f0000000740)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0xfffffffffffdfffe)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x9d87, 0xa83}, &(0x7f0000000240), &(0x7f00000002c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r3, 0xc0045540, &(0x7f0000000100))
executing program 1:
r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfffffffd})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x6)
recvmsg$can_bcm(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 3:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000"], 0xb0)
write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000340)={0x18}, 0x18)
write$FUSE_ENTRY(r1, &(0x7f0000000380)={0x90, 0x0, 0x0, {0x0, 0x1}}, 0x90)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[])
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0xffffffffffffffff, @bcast, @bpq0, 0xffff, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0xfffffdba, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]})
executing program 4:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r3 = timerfd_create(0x8, 0x0)
timerfd_settime(r3, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
timer_delete(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sched_process_wait\x00', r0}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffdb, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000180)=""/82, 0x52, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000480)=@alg, 0x80, &(0x7f0000000900)}, 0x1)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xd8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x47900)
keyctl$revoke(0x3, r4)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_SIOCGSKNS(r7, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r2, &(0x7f0000000740)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000280)=0xfffffffffffdfffe)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x9d87, 0xa83}, &(0x7f0000000240), &(0x7f00000002c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r3 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000440)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x7fff, '\x00', @p_u8=0x0}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r5, 0xc0045540, &(0x7f0000000100))
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
getpid()
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)
executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r1 = socket$inet6(0xa, 0x2, 0x3a)
r2 = dup(r1)
bind$unix(r2, 0x0, 0x0)
r3 = open$dir(&(0x7f0000000140)='./bus\x00', 0xa0001, 0x0)
fanotify_mark(r2, 0x2, 0x20, r3, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat(r4, 0x0, 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r5 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(0x0, 0x0)
renameat2(r5, 0x0, r5, &(0x7f0000000200)='./bus/file0\x00', 0x0)
mknod$loop(&(0x7f0000000100)='./bus\x00', 0x2000, 0x1)
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents64(r6, &(0x7f0000000180)=""/92, 0x5c)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000180)={0x0, 0x800, 0x4}})
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000180)={0x1f400000, 0x800, 0x4}})
executing program 1:
syz_emit_ethernet(0x246, &(0x7f00000010c0)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x3, 0x10, 0x238, 0x65, 0x0, 0xc, 0x6, 0x0, @private=0xa010102, @local}, {{0x4e21, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x4, 0x30ce, 0x0, 0xffff}, {"d8b02b31a59222519d7ef82385bbea72caa98715778077290f78b130e4a5bd65825c3a6dacfa4f173406acec33cf6e6f734bff683e3fa7bf7512cf3ac9570e843c9401d48b3a0f7c62b092070a538691aa6e24678b637a4067763c1b19b55a86ca04dea69a432786191fd78b9dd41e2a75b4c4dd0719e6e284dbd2b700adaccc2f0edca9e92940840e7cde734b492a7fe29983845c5970928fcb94be1099b1f9cc9d3748eaf8e9f3cc5ec03a721716cf79630a6621fd8f1e1a5342472b5883b7068b550c7f39c66c7339e7b6b754713b289d31ddd8ba35c665bec7f9db6e881cce02c3990dda65a20fd605061f0024b3f4f8c27ab362bfb33faa938cb4835d8253ec25effe57a0c2ee746bf44e3a362d03dc21fba2e934d4460340306bde00d2a41fca0ba352ed70f806588735fd3081aff62398d1d0a3567eb29ce594ea93392fb19599ea3fcbc1f9f5946984ec8dfa41e64b1a9c985ef379c19c94d29b580faf1bdbd581ea94b8c2df15be60940808959d5a032d19e795d8ae477f285e92549acc164c22375e2cfd01c5653242f1bb9e45daeba3079f1efc0a5abe3e13b260c5d73dd4b9966679c92adcd192fabf1877bcf56ed28250eb90211bc96d1f0eff6b0d32a26e284413466185448b9c7e586f9bf7d171ee2478368050e5879708036762122451089b94809ffb7e81160fea54d93c37f66e51110b7ba885b1577b3d8aa1dfbddd285e5de9f93a5305c1674f"}}}}}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000001300)={{0x0, 0x0, 0x80}})
executing program 3:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bind$qrtr(0xffffffffffffffff, &(0x7f0000000000)={0x2a, 0x2, 0x7ffe}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
tgkill(r0, r0, 0x11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = io_uring_setup(0x664c, &(0x7f0000000580)={0x0, 0xdcd5, 0x1880, 0x8000002})
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000240)={0x34, 0x0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x34}}, 0x40)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000640)={0x10000, 0x2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a000100"], 0x48}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0), 0x492492492492627, 0x0)
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, <r1=>0x0}, 0x2020)
r2 = open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x200000, 0x0, 0x3}}, 0x50)
read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r4, r0, 0x0)
preadv(r2, &(0x7f0000000600)=[{&(0x7f0000000200)=""/121, 0x79}], 0x1, 0x0, 0x6)
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000"], 0xb0)
write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000340)={0x18}, 0x18)
write$FUSE_ENTRY(r1, &(0x7f0000000380)={0x90, 0x0, 0x0, {0x0, 0x1}}, 0x90)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[])
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
executing program 3:
r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfffffffd})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x6)
recvmsg$can_bcm(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0305602, &(0x7f0000000880)={0x1, 0x10})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = eventfd2(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000dc0)={0x0, 0x5})
socket$xdp(0x2c, 0x3, 0x0)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x2800080, &(0x7f00000001c0)='discard')
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
timer_delete(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sched_process_wait\x00', r0}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffdb, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000180)=""/82, 0x52, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000480)=@alg, 0x80, &(0x7f0000000900)}, 0x1)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xd8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x47900)
keyctl$revoke(0x3, r4)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_SIOCGSKNS(r7, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)

program crashed: INFO: rcu detected stall in corrupted
bisect: bisecting 30 programs
bisect: split chunks (needed=false): <30>
bisect: split chunk #0 of len 30 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=6m5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 10, 7, 23, 29, 29, 5, 20, 2, 6, 20, 14, 11, 10, 19, 25, 12, 23, 5, 29]
detailed listing:
executing program 3:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000"], 0xb0)
write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000340)={0x18}, 0x18)
write$FUSE_ENTRY(r1, &(0x7f0000000380)={0x90, 0x0, 0x0, {0x0, 0x1}}, 0x90)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[])
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
executing program 0:
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={0xffffffffffffffff, @bcast, @bpq0, 0xffff, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0xfffffdba, 0x2, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]})
executing program 4:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r3 = timerfd_create(0x8, 0x0)
timerfd_settime(r3, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
timer_delete(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sched_process_wait\x00', r0}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffdb, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000180)=""/82, 0x52, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000480)=@alg, 0x80, &(0x7f0000000900)}, 0x1)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xd8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x47900)
keyctl$revoke(0x3, r4)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_SIOCGSKNS(r7, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f0000002540)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x6, 0x4)
sendmmsg$inet6(r2, &(0x7f0000000740)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000280)=0xfffffffffffdfffe)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0)
syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x9d87, 0xa83}, &(0x7f0000000240), &(0x7f00000002c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r3 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000440)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x7fff, '\x00', @p_u8=0x0}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r5, 0xc0045540, &(0x7f0000000100))
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
getpid()
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)
executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r1 = socket$inet6(0xa, 0x2, 0x3a)
r2 = dup(r1)
bind$unix(r2, 0x0, 0x0)
r3 = open$dir(&(0x7f0000000140)='./bus\x00', 0xa0001, 0x0)
fanotify_mark(r2, 0x2, 0x20, r3, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
mknodat(r4, 0x0, 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r5 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(0x0, 0x0)
renameat2(r5, 0x0, r5, &(0x7f0000000200)='./bus/file0\x00', 0x0)
mknod$loop(&(0x7f0000000100)='./bus\x00', 0x2000, 0x1)
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents64(r6, &(0x7f0000000180)=""/92, 0x5c)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000180)={0x0, 0x800, 0x4}})
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000000)={0x1, 0x0, 0x98, &(0x7f0000000180)={0x1f400000, 0x800, 0x4}})
executing program 1:
syz_emit_ethernet(0x246, &(0x7f00000010c0)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x3, 0x10, 0x238, 0x65, 0x0, 0xc, 0x6, 0x0, @private=0xa010102, @local}, {{0x4e21, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x4, 0x30ce, 0x0, 0xffff}, {"d8b02b31a59222519d7ef82385bbea72caa98715778077290f78b130e4a5bd65825c3a6dacfa4f173406acec33cf6e6f734bff683e3fa7bf7512cf3ac9570e843c9401d48b3a0f7c62b092070a538691aa6e24678b637a4067763c1b19b55a86ca04dea69a432786191fd78b9dd41e2a75b4c4dd0719e6e284dbd2b700adaccc2f0edca9e92940840e7cde734b492a7fe29983845c5970928fcb94be1099b1f9cc9d3748eaf8e9f3cc5ec03a721716cf79630a6621fd8f1e1a5342472b5883b7068b550c7f39c66c7339e7b6b754713b289d31ddd8ba35c665bec7f9db6e881cce02c3990dda65a20fd605061f0024b3f4f8c27ab362bfb33faa938cb4835d8253ec25effe57a0c2ee746bf44e3a362d03dc21fba2e934d4460340306bde00d2a41fca0ba352ed70f806588735fd3081aff62398d1d0a3567eb29ce594ea93392fb19599ea3fcbc1f9f5946984ec8dfa41e64b1a9c985ef379c19c94d29b580faf1bdbd581ea94b8c2df15be60940808959d5a032d19e795d8ae477f285e92549acc164c22375e2cfd01c5653242f1bb9e45daeba3079f1efc0a5abe3e13b260c5d73dd4b9966679c92adcd192fabf1877bcf56ed28250eb90211bc96d1f0eff6b0d32a26e284413466185448b9c7e586f9bf7d171ee2478368050e5879708036762122451089b94809ffb7e81160fea54d93c37f66e51110b7ba885b1577b3d8aa1dfbddd285e5de9f93a5305c1674f"}}}}}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000001300)={{0x0, 0x0, 0x80}})
executing program 3:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bind$qrtr(0xffffffffffffffff, &(0x7f0000000000)={0x2a, 0x2, 0x7ffe}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
tgkill(r0, r0, 0x11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = io_uring_setup(0x664c, &(0x7f0000000580)={0x0, 0xdcd5, 0x1880, 0x8000002})
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000240)={0x34, 0x0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x34}}, 0x40)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000640)={0x10000, 0x2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a000100"], 0x48}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0), 0x492492492492627, 0x0)
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, <r1=>0x0}, 0x2020)
r2 = open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x200000, 0x0, 0x3}}, 0x50)
read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r4, r0, 0x0)
preadv(r2, &(0x7f0000000600)=[{&(0x7f0000000200)=""/121, 0x79}], 0x1, 0x0, 0x6)
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000"], 0xb0)
write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000340)={0x18}, 0x18)
write$FUSE_ENTRY(r1, &(0x7f0000000380)={0x90, 0x0, 0x0, {0x0, 0x1}}, 0x90)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[])
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
executing program 3:
r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfffffffd})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x6)
recvmsg$can_bcm(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0305602, &(0x7f0000000880)={0x1, 0x10})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = eventfd2(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000dc0)={0x0, 0x5})
socket$xdp(0x2c, 0x3, 0x0)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x2800080, &(0x7f00000001c0)='discard')
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
timer_delete(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sched_process_wait\x00', r0}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffdb, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000180)=""/82, 0x52, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000480)=@alg, 0x80, &(0x7f0000000900)}, 0x1)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xd8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x47900)
keyctl$revoke(0x3, r4)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_SIOCGSKNS(r7, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)

program crashed: INFO: rcu detected stall in corrupted
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [20, 14, 11, 10, 19, 25, 12, 23, 5, 29]
detailed listing:
executing program 3:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50)
bind$qrtr(0xffffffffffffffff, &(0x7f0000000000)={0x2a, 0x2, 0x7ffe}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
tgkill(r0, r0, 0x11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = io_uring_setup(0x664c, &(0x7f0000000580)={0x0, 0xdcd5, 0x1880, 0x8000002})
r4 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000240)={0x34, 0x0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x34}}, 0x40)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f0000000640)={0x10000, 0x2})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a000100"], 0x48}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f00000000c0), 0x492492492492627, 0x0)
executing program 0:
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002480)={0x2020, 0x0, <r1=>0x0}, 0x2020)
r2 = open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x200000, 0x0, 0x3}}, 0x50)
read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup3(r4, r0, 0x0)
preadv(r2, &(0x7f0000000600)=[{&(0x7f0000000200)=""/121, 0x79}], 0x1, 0x0, 0x6)
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x20)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r1 = dup(r0)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000"], 0xb0)
write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000340)={0x18}, 0x18)
write$FUSE_ENTRY(r1, &(0x7f0000000380)={0x90, 0x0, 0x0, {0x0, 0x1}}, 0x90)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[])
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
executing program 3:
r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x0, 0x0, 0xfffffffd})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r3 = accept(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x6)
recvmsg$can_bcm(r3, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0305602, &(0x7f0000000880)={0x1, 0x10})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = eventfd2(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000dc0)={0x0, 0x5})
socket$xdp(0x2c, 0x3, 0x0)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x2800080, &(0x7f00000001c0)='discard')
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
timer_delete(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sched_process_wait\x00', r0}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffdb, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000180)=""/82, 0x52, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000480)=@alg, 0x80, &(0x7f0000000900)}, 0x1)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xd8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x47900)
keyctl$revoke(0x3, r4)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_SIOCGSKNS(r7, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)

program crashed: INFO: rcu detected stall in sys_newfstatat
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
bisect: split chunks (needed=true): <10>
bisect: split chunk #0 of len 10 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [25, 12, 23, 5, 29]
detailed listing:
executing program 4:
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0305602, &(0x7f0000000880)={0x1, 0x10})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = eventfd2(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000dc0)={0x0, 0x5})
socket$xdp(0x2c, 0x3, 0x0)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x2800080, &(0x7f00000001c0)='discard')
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
timer_delete(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sched_process_wait\x00', r0}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffdb, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000180)=""/82, 0x52, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000480)=@alg, 0x80, &(0x7f0000000900)}, 0x1)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xd8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x47900)
keyctl$revoke(0x3, r4)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_SIOCGSKNS(r7, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)

program crashed: INFO: rcu detected stall in corrupted
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <5>
bisect: split chunk #0 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 29]
detailed listing:
executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000004e00)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000cc0)="0dda2dfa03009ffadfa4bfb48c76fb296526ae98655ee4c429d1f245af4d9bcc0b787eb0619e69f27ab98c3754b47c0b61fc44d54945aa0179444eb7dc9896323860681482162133639a70419a59ff053a577147beab2b5318a2ab9bb40c8df5765c4c457031c51576a5ca09001ca155b77f84f606527ed1bec0f2a2360b64a994ff8093d117f2416c96feae49c6004a160eca8fde90ae6b3f84034e5b4ca407340854bb990e633d7da77e6ba03037018e170a95c12cd279045fc4fcca1db99298be8b7f4265cadc2175add2c98f1a21479d27d64b97ebf1c778303900a9169ee3ed3ad30eb6a8c904afc4e8f88e1af0234b9c216d869ffc392b5c8967c229833c65db7b", 0x104}], 0x1, &(0x7f0000000200)=[@assoc={0x18, 0x117, 0x4, 0x104}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}], 0x1, 0x0)
recvmsg$can_j1939(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/57, 0x39}, {&(0x7f00000001c0)=""/31, 0x1f}, {&(0x7f0000000400)=""/50, 0x32}, {&(0x7f0000000880)=""/156, 0x9c}], 0x4}, 0x400021a1)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
timer_delete(0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='sched_process_wait\x00', r0}, 0x18)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffdb, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, &(0x7f00000002c0), 0x0, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, 0x0, &(0x7f0000000180)=""/82, 0x52, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
pipe2$watch_queue(&(0x7f0000000440)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000480)=@alg, 0x80, &(0x7f0000000900)}, 0x1)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xd8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000340), 0x47900)
keyctl$revoke(0x3, r4)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r6)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_SIOCGSKNS(r7, 0x894c, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095000000000000007ab9e683b171b4b09980af6c1ebeda4ac0d3e3aa71a9ab17e14e1b0be949499ca6a5b2c467b6d3d1c0ae1e9820331afd90cc832c761aa3adf9be48c401c7f893694bf8cd19b7173cd4688904f7310af046fd490d3f2cf49b5f68aecf0bc659dc3d53c2"], &(0x7f0000000140)='GPL\x00', 0x0, 0xbd, &(0x7f00000004c0)=""/153, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [25, 12, 23]
detailed listing:
executing program 4:
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0305602, &(0x7f0000000880)={0x1, 0x10})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = eventfd2(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000dc0)={0x0, 0x5})
socket$xdp(0x2c, 0x3, 0x0)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x2800080, &(0x7f00000001c0)='discard')
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$hiddev-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_open_dev$sg-fcntl$dupfd-socket-ioctl$SG_GET_REQUEST_TABLE-syz_open_dev$loop-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-ioctl$F2FS_IOC_GET_COMPRESS_OPTION-syz_open_dev$MSR-read$msr-socket$kcm-timerfd_create-timerfd_settime-close_range-socket$packet-socket$nl_route-socketpair$tipc-syz_open_dev$loop-read$FUSE-sendmmsg$inet
detailed listing:
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [25, 12]
detailed listing:
executing program 4:
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0305602, &(0x7f0000000880)={0x1, 0x10})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r4 = eventfd2(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x14)
syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod(&(0x7f0000000080)='./bus\x00', 0xc000, 0x0)
ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f0000000dc0)={0x0, 0x5})
socket$xdp(0x2c, 0x3, 0x0)
mount(&(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='jfs\x00', 0x2800080, &(0x7f00000001c0)='discard')
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
bisect: split chunks (needed=true): <2>, <1>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in batadv_nc_worker
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunk #1 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: split chunks (needed=true): <1>, <1, final>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0xfffffef0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [11, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r1}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in batadv_nc_worker
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r1}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r1}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r1}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r1}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 23]
detailed listing:
executing program 0:
r0 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x3d0, 0xffffffff, 0x0, 0x120, 0x0, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ip={@local, @rand_addr=0x64010102, 0xffffffff, 0xffffffff, 'macvtap0\x00', 'veth1_vlan\x00', {}, {}, 0x8, 0x2, 0x2}, 0x0, 0xb0, 0x120, 0x0, {}, [@common=@set={{0x40}, {{0x1, [0x0, 0x2, 0x6, 0x3, 0x7, 0x2], 0x5, 0x7}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x6, 0x6, 0x4, 0x1, 0x0, "f093f1617b1fb4fef07067140cd130eb7e47e4b0d1f46b0fee2ebfa893b7565894ec7e4d0bf0866ab6ba65e2684a42fa5e1b5c6e4bac1e660522f488cc3641e4"}}}, {{@uncond, 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0xfffffffe], 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x2, 0xfffffffc}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@addrtype={{0x30}, {0x2a8, 0x2, 0x1}}, @common=@osf={{0x50}, {'syz1\x00', 0x0, 0x15, 0x2}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x0, 0x3, 0x5, 0x1, 0x6, 0x1], 0x6, 0xa}, {0x2, [0x2, 0x6, 0x5, 0x1, 0x4, 0x1], 0x4, 0x4}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r1}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [6, 23]
detailed listing:
executing program 0:
signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 23]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 1:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
minimized 12 calls -> 5 calls
minimizing program #1 before concatenation
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 22]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
read$FUSE(0xffffffffffffffff, &(0x7f0000003680)={0x2020}, 0x2020)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 21]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 20]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 19]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 18]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 17]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r4 = timerfd_create(0x8, 0x0)
timerfd_settime(r4, 0x3, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 16]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
r3 = timerfd_create(0x8, 0x0)
timerfd_settime(r3, 0x3, 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 15]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)
timerfd_create(0x8, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 14]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0xd, 0x0)

program crashed: INFO: rcu detected stall in batadv_nc_worker
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 13]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 12]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 11]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r0, 0x8002f515, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 10]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 9]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 8]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 7]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)
syz_open_dev$loop(&(0x7f0000000180), 0x1000000008, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 6]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
r1 = fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2201, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 5]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
fcntl$dupfd(r0, 0x406, r0)
socket(0x10, 0x3, 0x0)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 4]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r0 = syz_open_dev$sg(0x0, 0x0, 0x400000)
fcntl$dupfd(r0, 0x406, r0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 3]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
syz_open_dev$sg(0x0, 0x0, 0x400000)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 2]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)

program crashed: INFO: rcu detected stall in corrupted
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 1]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:
syz_open_dev$hiddev(&(0x7f0000000040), 0x39fd, 0x81)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 0]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
executing program 0:

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
minimized 23 calls -> 0 calls
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program crashed: INFO: rcu detected stall in corrupted
bisect: concatenation succeeded
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
gettid()
timer_create(0x0, 0x0, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
testing program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=5m3.799971756s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
simplifying guilty program options
testing program (duration=5m3.799971756s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program crashed: INFO: rcu detected stall in corrupted
extracting C reproducer
testing compiled C program (duration=5m3.799971756s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing program (duration=5m3.799971756s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program did not crash
reproducing took 4h33m52.582266697s
repro crashed as (corrupted=true):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P4380/1:b..l
	(detected by 0, t=10502 jiffies, g=9485, q=97 ncpus=2)
task:kworker/u4:6    state:R  running task     stack:20608 pid:4380  ppid:2      flags:0x00004000
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
 <TASK>
 __schedule+0x143f/0client_loop: send disconnect: Broken pipe

report is corrupted, running repro again
testing program (duration=5m3.799971756s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program crashed: INFO: rcu detected stall in corrupted
report is corrupted, running repro again
testing program (duration=5m3.799971756s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program crashed: INFO: rcu detected stall in corrupted
report is corrupted, running repro again
testing program (duration=5m3.799971756s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-gettid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)

program crashed: INFO: rcu detected stall in corrupted
final repro crashed as (corrupted=true):
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu: 	1-...!: (10500 ticks this GP) idle=089c/1/0x4000000000000000 softirq=12128/12128 fqs=0
	(t=10500 jiffies g=10461 q=480 ncpus=2)
rcu: rcu_preempt kthread timer wakeup didn't happen for 10499 jiffies! g10461 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=1 timer-softirq=5172
rcu: rcu_preempt kthread starved for 10500 jiffies! g10461 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:26712 pid:16    ppid:2      flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5241 [inline]
 __schedule+0x143f/0x4570 kernel/sched/core.c:6558
 schedule+0xbf/0x180 kernel/sched/core.c:6634
 schedule_timeout+0x1b9/0x300 kernel/time/timer.c:1965
 rcu_gp_fqs_loop+0x2d2/0x1150 kernel/rcu/tree.c:1706
 rcu_gp_kthread+0xa3/0x3b0 kernel/rcu/tree.c:1905
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 PID: 4517 Comm: syz.0.30 Not tainted 6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202
Code: a1 95 f5 ff 90 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 9e f7 ad f6 48 89 df e8 96 35 af f6 e8 91 8c d4 f6 fb bf 01 00 00 00 <e8> 96 bf a1 f6 65 8b 05 37 9f 45 75 85 c0 74 02 5b c3 e8 e4 c2 43
RSP: 0018:ffffc90003407b30 EFLAGS: 00000286
RAX: 7963b0f679c45800 RBX: ffff8880588f6f00 RCX: ffffffff97356103
RDX: dffffc0000000000 RSI: ffffffff8b0c0340 RDI: 0000000000000001
RBP: ffffc90003407c70 R08: dffffc0000000000 R09: ffffed100b11ede1
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100b11ee33
R13: 0000000004000000 R14: 0000000000000011 R15: ffff8880588f7198
FS:  000055557f9d9500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c25ffff CR3: 00000000284c2000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 </IRQ>
 <TASK>
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 get_signal+0x154b/0x17d0 kernel/signal.c:2874
 arch_do_signal_or_restart+0xb0/0x1a10 arch/x86/kernel/signal.c:871
 exit_to_user_mode_loop+0x6a/0x100 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
 syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
 do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f1ebc385d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffed45cca28 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00007f1ebc575fa0 RCX: 00007f1ebc385d29
RDX: 0000000020000300 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f1ebc401b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1ebc575fa0 R14: 00007f1ebc575fa0 R15: 000000000000180b
 </TASK>
CPU: 1 PID: 4517 Comm: syz.0.30 Not tainted 6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202
Code: a1 95 f5 ff 90 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 9e f7 ad f6 48 89 df e8 96 35 af f6 e8 91 8c d4 f6 fb bf 01 00 00 00 <e8> 96 bf a1 f6 65 8b 05 37 9f 45 75 85 c0 74 02 5b c3 e8 e4 c2 43
RSP: 0018:ffffc90003407b30 EFLAGS: 00000286
RAX: 7963b0f679c45800 RBX: ffff8880588f6f00 RCX: ffffffff97356103
RDX: dffffc0000000000 RSI: ffffffff8b0c0340 RDI: 0000000000000001
RBP: ffffc90003407c70 R08: dffffc0000000000 R09: ffffed100b11ede1
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100b11ee33
R13: 0000000004000000 R14: 0000000000000011 R15: ffff8880588f7198
FS:  000055557f9d9500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2c25ffff CR3: 00000000284c2000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 </IRQ>
 <TASK>
 spin_unlock_irq include/linux/spinlock.h:401 [inline]
 get_signal+0x154b/0x17d0 kernel/signal.c:2874
 arch_do_signal_or_restart+0xb0/0x1a10 arch/x86/kernel/signal.c:871
 exit_to_user_mode_loop+0x6a/0x100 kernel/entry/common.c:174
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
 __syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
 syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
 do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
 entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f1ebc385d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffed45cca28 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00007f1ebc575fa0 RCX: 00007f1ebc385d29
RDX: 0000000020000300 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f1ebc401b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1ebc575fa0 R14: 00007f1ebc575fa0 R15: 000000000000180b
 </TASK>