Extracting prog: 9m53.0724245s
Minimizing prog: 34m18.44917582s
Simplifying prog options: 0s
Extracting C: 41.754391343s
Simplifying C: 22m33.549423468s


30 programs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 30 programs
single: executing 5 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$inet_udplite-ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL-syz_genetlink_get_family_id$tipc2-sendmsg$TIPC_NL_BEARER_ENABLE-sendmsg$TIPC_NL_NET_GET-socket$nl_route-sendmsg$nl_route-socket$inet6_udplite-setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS-setsockopt$inet_mreqsrc-socket$nl_route-ioctl$sock_inet_SIOCSIFFLAGS-socket$pppl2tp-ioctl$SIOCSIFMTU
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @multicast1, {[@rr={0x7, 0x3}]}}}}})
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000004300)={0x0, 0x0, &(0x7f00000042c0)={0x0}}, 0x0)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x44, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan1\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth1_to_bond\x00'}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x8040}, 0x20000000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001180)={0x0, @in6={{0xa, 0x0, 0x0, @private0}}}, 0x90)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback, @empty}, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000080)={'lo\x00'})
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000000)={'lo\x00'})

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-syz_emit_vhci-ioctl$MON_IOCX_GET-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-preadv-setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS-sendmmsg$inet6-socket$nl_generic-fcntl$dupfd-sendmsg$TIPC_CMD_SET_LINK_WINDOW-syz_emit_vhci-getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3-socket$inet6_tcp-setsockopt$inet6_tcp_TCP_CONGESTION-connect$inet6-write$binfmt_script
detailed listing:
executing program 0:
syz_emit_vhci(0x0, 0x22)
syz_emit_vhci(0x0, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$dupfd(r1, 0x0, r1)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc8}}}, 0x7)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r2, &(0x7f0000000200), 0xfffffd9d)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_SET_INTERFACE-sendmsg$NL80211_CMD_CONNECT-syz_usb_connect$hid-nanosleep-socketpair
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0a00340002020202020200000a0006000802110000000000080026006c090000"], 0x3c}}, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000500)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8240, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x4, 0x80, 0xf9, [{{0x9, 0x4, 0x0, 0xfd, 0x2, 0x3, 0x1, 0x1, 0x6, {0x9, 0x21, 0x8, 0x5, 0x1, {0x22, 0xd86}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x5, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x4, 0xb6}}]}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000680)={0xa, 0x6, 0x200, 0x0, 0x6, 0x38, 0x40, 0x4}, 0x2a, &(0x7f0000000640)=ANY=[@ANYBLOB="050f2a00040710020272010403100b0710020665020072234b51d2986f7ce88586818abb14100405191ad85e09e056ebc380dc7786b01492"], 0x3, [{0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x1c09}}, {0x37, &(0x7f0000000740)=@string={0x37, 0x3, "c5c2240ff6b6df30368a0a9eb4a71bc297f4d9f9a89d61d9203b902cd855722af15d669772e3fbf0c51f65058544fd5f2c7e449cda"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4}}]})
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
socketpair(0x11, 0x2, 0x0, &(0x7f0000000a40))

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): capset-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-mount$tmpfs-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-epoll_wait-epoll_ctl$EPOLL_CTL_ADD-close_range-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-epoll_wait
detailed listing:
executing program 0:
capset(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000100)={0x20000014})
epoll_wait(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0xfffff001)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0x40000016})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000500000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
epoll_wait(r2, &(0x7f0000000380)=[{}], 0x1, 0x1000)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 15s
testing program (duration=22s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 3, 8, 5, 7, 18, 6, 2, 12, 5, 9, 7, 14, 23, 3, 15, 6, 3, 5, 8, 5, 9, 18, 7, 3, 2, 22, 3, 6, 15]
detailed listing:
executing program 1:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x9)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000800)={0x7f, {{0x29, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x88)
executing program 1:
r0 = inotify_init1(0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
fcntl$setsig(r0, 0xa, 0x0)
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0a00340002020202020200000a0006000802110000000000080026006c090000"], 0x3c}}, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000500)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8240, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x4, 0x80, 0xf9, [{{0x9, 0x4, 0x0, 0xfd, 0x2, 0x3, 0x1, 0x1, 0x6, {0x9, 0x21, 0x8, 0x5, 0x1, {0x22, 0xd86}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x5, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x4, 0xb6}}]}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000680)={0xa, 0x6, 0x200, 0x0, 0x6, 0x38, 0x40, 0x4}, 0x2a, &(0x7f0000000640)=ANY=[@ANYBLOB="050f2a00040710020272010403100b0710020665020072234b51d2986f7ce88586818abb14100405191ad85e09e056ebc380dc7786b01492"], 0x3, [{0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x1c09}}, {0x37, &(0x7f0000000740)=@string={0x37, 0x3, "c5c2240ff6b6df30368a0a9eb4a71bc297f4d9f9a89d61d9203b902cd855722af15d669772e3fbf0c51f65058544fd5f2c7e449cda"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4}}]})
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
socketpair(0x11, 0x2, 0x0, &(0x7f0000000a40))
executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="ec00000010000108004000000000040000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000cc001a8018000a8014000700fe8000000000000000000000000000aab0000280090001800c0000000000000008000000000000001b0000000000000008000000000000000800000000000000180002801400018009000d"], 0xec}}, 0x0)
executing program 1:
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002100)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x6}}]}}]}, 0x38}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
executing program 1:
syz_emit_vhci(0x0, 0x22)
syz_emit_vhci(0x0, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$dupfd(r1, 0x0, r1)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc8}}}, 0x7)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r2, &(0x7f0000000200), 0xfffffd9d)
executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write(0xffffffffffffffff, &(0x7f0000000040)=';', 0x1)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040), 0x10)
executing program 4:
symlink(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)='./file0\x00')
lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="02"], 0x4, 0x0)
executing program 2:
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r4 = socket$unix(0x1, 0x5, 0x0)
r5 = dup2(r4, r3)
close_range(r5, 0xffffffffffffffff, 0x0)
executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="ec00000010000108004000000000040000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000cc001a8018000a8014000700fe8000000000000000000000000000aab0000280090001800c0000000000000008000000000000001b0000000000000008000000000000000800000000000000180002801400018009000d"], 0xec}}, 0x0)
executing program 4:
r0 = socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010411fe", @ANYRES32], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003340)=@newtfilter={0x48, 0x2c, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0x1c, 0x2, [@TCA_U32_ACT={0x4}, @TCA_U32_INDEV={0x14, 0x8, 'ipvlan1\x00'}]}}]}, 0x48}}, 0x0)
executing program 0:
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002100)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x6}}]}}]}, 0x38}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
executing program 1:
capset(0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000100)={0x20000014})
epoll_wait(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0xfffff001)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0x40000016})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000500000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
epoll_wait(r2, &(0x7f0000000380)=[{}], 0x1, 0x1000)
executing program 4:
r0 = socket$kcm(0x10, 0x400000002, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r6=>0xffffffffffffffff}, 0x2}}, 0x6b)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000380)={0x12, 0x10, 0xfa00, {&(0x7f0000000340), r6}}, 0x18)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@bridge_newvlan={0x24, 0x76, 0x709, 0x0, 0x0, {0x7, 0x2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0xd, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x3, {0x47}}}]}, 0x24}, 0x1, 0x5502000000000000}, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029ea69801d76ab0a272a2a788bab6c95f79725074", 0x1c}], 0x1}, 0x0)
executing program 0:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000050000140600fc020000000000000000000000000000ff02"], 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000900)={'ip6tnl0\x00', @random="0600002000"})
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @multicast1, {[@rr={0x7, 0x3}]}}}}})
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000004300)={0x0, 0x0, &(0x7f00000042c0)={0x0}}, 0x0)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x44, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan1\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth1_to_bond\x00'}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x8040}, 0x20000000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001180)={0x0, @in6={{0xa, 0x0, 0x0, @private0}}}, 0x90)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback, @empty}, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000080)={'lo\x00'})
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000000)={'lo\x00'})
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)={0x18, r1, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x4}]}, 0x18}}, 0x0)
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r2, 0x4008ae48, 0x0)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB, @ANYRES32=r1, @ANYBLOB="0a00340002020202020200000a0006000802110000000000080026006c090000"], 0x3c}}, 0x0)
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000500)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8240, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x4, 0x80, 0xf9, [{{0x9, 0x4, 0x0, 0xfd, 0x2, 0x3, 0x1, 0x1, 0x6, {0x9, 0x21, 0x8, 0x5, 0x1, {0x22, 0xd86}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x5, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x4, 0xb6}}]}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000680)={0xa, 0x6, 0x200, 0x0, 0x6, 0x38, 0x40, 0x4}, 0x2a, &(0x7f0000000640)=ANY=[@ANYBLOB="050f2a00040710020272010403100b0710020665020072234b51d2986f7ce88586818abb14100405191ad85e09e056ebc380dc7786b01492"], 0x3, [{0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x1c09}}, {0x37, &(0x7f0000000740)=@string={0x37, 0x3, "c5c2240ff6b6df30368a0a9eb4a71bc297f4d9f9a89d61d9203b902cd855722af15d669772e3fbf0c51f65058544fd5f2c7e449cda"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4}}]})
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
socketpair(0x11, 0x2, 0x0, &(0x7f0000000a40))
executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="ec00000010000108004000000000040000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000cc001a8018000a8014000700fe8000000000000000000000000000aab0000280090001800c0000000000000008000000000000001b0000000000000008000000000000000800000000000000180002801400018009000d"], 0xec}}, 0x0)
executing program 3:
r0 = socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010411fe", @ANYRES32], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003340)=@newtfilter={0x48, 0x2c, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0x1c, 0x2, [@TCA_U32_ACT={0x4}, @TCA_U32_INDEV={0x14, 0x8, 'ipvlan1\x00'}]}}]}, 0x48}}, 0x0)
executing program 0:
syz_emit_vhci(0x0, 0x22)
syz_emit_vhci(0x0, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
fcntl$dupfd(r1, 0x0, r1)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc8}}}, 0x7)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
write$binfmt_script(r2, &(0x7f0000000200), 0xfffffd9d)
executing program 2:
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002100)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x6}}]}}]}, 0x38}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
executing program 3:
mkdir(&(0x7f0000000140)='./control\x00', 0x0)
mount$afs(0x0, &(0x7f00000000c0)='./control\x00', &(0x7f0000000100), 0x0, &(0x7f0000000080)={[{@dyn}]})
read$FUSE(0xffffffffffffffff, &(0x7f0000003480)={0x2020}, 0x2020)
executing program 2:
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x8, 0x42, 0x40, 0x42}, 0x48)
executing program 3:
r0 = socket$kcm(0x10, 0x400000002, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000001c0))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000380)={0x12, 0x10, 0xfa00, {&(0x7f0000000340)}}, 0x18)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@bridge_newvlan={0x24, 0x76, 0x709, 0x0, 0x0, {0x7, 0x2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0xd, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x3, {0x47}}}]}, 0x24}, 0x1, 0x5502000000000000}, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029ea69801d76ab0a272a2a788bab6c95f79725074", 0x1c}], 0x1}, 0x0)
executing program 2:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000050000140600fc020000000000000000000000000000ff02"], 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x89f1, &(0x7f0000000900)={'ip6tnl0\x00', @random="0600002000"})
executing program 3:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @multicast1, {[@rr={0x7, 0x3}]}}}}})
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000004300)={0x0, 0x0, &(0x7f00000042c0)={0x0}}, 0x0)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x44, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan1\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth1_to_bond\x00'}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x8040}, 0x20000000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001180)={0x0, @in6={{0xa, 0x0, 0x0, @private0}}}, 0x90)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback, @empty}, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000080)={'lo\x00'})
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000000)={'lo\x00'})

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_generic-socket$inet_udplite-ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL-syz_genetlink_get_family_id$tipc2-sendmsg$TIPC_NL_BEARER_ENABLE-sendmsg$TIPC_NL_NET_GET-socket$nl_route-sendmsg$nl_route-socket$inet6_udplite-setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS-setsockopt$inet_mreqsrc-socket$nl_route-ioctl$sock_inet_SIOCSIFFLAGS-socket$pppl2tp-ioctl$SIOCSIFMTU
detailed listing:
executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000200)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @multicast1, {[@rr={0x7, 0x3}]}}}}})
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000004300)={0x0, 0x0, &(0x7f00000042c0)={0x0}}, 0x0)
sendmsg$TIPC_NL_NET_GET(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x58, r2, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x44, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan1\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth1_to_bond\x00'}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x8040}, 0x20000000)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001180)={0x0, @in6={{0xa, 0x0, 0x0, @private0}}}, 0x90)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @loopback, @empty}, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000080)={'lo\x00'})
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000000)={'lo\x00'})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

program crashed: general protection fault in __cpu_map_flush
single: successfully extracted reproducer
found reproducer with 6 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program crashed: general protection fault in __cpu_map_flush
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-syz_emit_ethernet
detailed listing:
executing program 0:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r1=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r1}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r1=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, r1}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
syz_emit_ethernet(0xe80, &(0x7f0000000100)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x4, 0x5}}}}}}}, 0x0)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: slab-out-of-bounds Read in bq_xmit_all
simplifying C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __dev_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __cpu_map_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in bq_flush_to_queue
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __dev_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __cpu_map_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __dev_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in bq_xmit_all
reproducing took 1h7m26.825447741s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: stack-out-of-bounds in bq_xmit_all+0x134/0x11d0 kernel/bpf/devmap.c:385
Read of size 8 at addr ffffc9000382fac0 by task syz-executor153/7026

CPU: 1 PID: 7026 Comm: syz-executor153 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 bq_xmit_all+0x134/0x11d0 kernel/bpf/devmap.c:385
 __dev_flush+0x81/0x160 kernel/bpf/devmap.c:425
 xdp_do_check_flushed+0x129/0x240 net/core/filter.c:4300
 __napi_poll+0xe4/0x490 net/core/dev.c:6774
 napi_poll net/core/dev.c:6840 [inline]
 net_rx_action+0x89b/0x1240 net/core/dev.c:6962
 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:278
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:206 [inline]
RIP: 0010:unwind_next_frame+0x1ef/0x2a00 arch/x86/kernel/unwind_orc.c:494
Code: c3 00 00 00 81 48 89 ef 48 c7 c6 00 00 00 81 e8 e7 4d 55 00 49 c7 c6 00 00 c0 8b 48 89 ef 48 c7 c6 00 00 c0 8b e8 d1 4d 55 00 <48> 39 dd 48 89 6c 24 38 0f 82 27 01 00 00 4c 39 f5 0f 83 1e 01 00
RSP: 0018:ffffc9000382f260 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffffffff81000000 RCX: ffff888022579e00
RDX: ffffc9000382f3d5 RSI: ffffffff8bc00000 RDI: ffffffff814149cb
RBP: ffffffff814149cb R08: ffffffff8141193f R09: 0000000000000000
R10: ffffc9000382f3a0 R11: fffff52000705e80 R12: ffffc9000382f3a0
R13: ffffc9000382f3f0 R14: ffffffff8bc00000 R15: ffffffff814149cc
 __unwind_start+0x641/0x7c0 arch/x86/kernel/unwind_orc.c:760
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0x103/0x1b0 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240
 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2235 [inline]
 slab_free mm/slub.c:4464 [inline]
 kmem_cache_free+0x145/0x350 mm/slub.c:4539
 pmd_ptlock_free include/linux/mm.h:3081 [inline]
 pagetable_pmd_dtor include/linux/mm.h:3122 [inline]
 ___pmd_free_tlb+0x7c/0x1a0 arch/x86/mm/pgtable.c:72
 __pmd_free_tlb arch/x86/include/asm/pgalloc.h:93 [inline]
 free_pmd_range mm/memory.c:228 [inline]
 free_pud_range mm/memory.c:246 [inline]
 free_p4d_range mm/memory.c:280 [inline]
 free_pgd_range+0x9fe/0xdd0 mm/memory.c:360
 free_pgtables+0x653/0x730
 exit_mmap+0x447/0xc80 mm/mmap.c:3352
 __mmput+0x115/0x380 kernel/fork.c:1343
 exit_mm+0x220/0x310 kernel/exit.c:566
 do_exit+0x9b2/0x27f0 kernel/exit.c:864
 do_group_exit+0x207/0x2c0 kernel/exit.c:1026
 __do_sys_exit_group kernel/exit.c:1037 [inline]
 __se_sys_exit_group kernel/exit.c:1035 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035
 x64_sys_call+0x26c3/0x26d0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f310bf11e09
Code: Unable to access opcode bytes at 0x7f310bf11ddf.
RSP: 002b:00007ffeb5a4e7b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f310bf11e09
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f310bf92390 R08: ffffffffffffffb8 R09: 00007ffeb5a4e840
R10: 00007ffeb5a4e840 R11: 0000000000000246 R12: 00007f310bf92390
R13: 0000000000000000 R14: 00007f310bf93e60 R15: 00007f310bee2c60
 </TASK>

The buggy address belongs to stack of task syz-executor153/7026
 and is located at offset 0 in frame:
 exit_mmap+0x0/0xc80

This frame has 2 objects:
 [32, 160) 'tlb'
 [192, 256) 'vmi'

The buggy address belongs to the virtual mapping at
 [ffffc90003828000, ffffc90003831000) created by:
 copy_process+0x5d1/0x3dc0 kernel/fork.c:2203

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807a644dc0 pfn:0x7a644
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: ffff88807a644dc0 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5077, tgid 5077 (syz-executor153), ts 85811625558, free_ts 85310218450
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1473
 prep_new_page mm/page_alloc.c:1481 [inline]
 get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3425
 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4683
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 vm_area_alloc_pages mm/vmalloc.c:3583 [inline]
 __vmalloc_area_node mm/vmalloc.c:3659 [inline]
 __vmalloc_node_range_noprof+0x971/0x1460 mm/vmalloc.c:3840
 alloc_thread_stack_node kernel/fork.c:311 [inline]
 dup_task_struct+0x444/0x8c0 kernel/fork.c:1111
 copy_process+0x5d1/0x3dc0 kernel/fork.c:2203
 kernel_clone+0x223/0x870 kernel/fork.c:2780
 __do_sys_clone kernel/fork.c:2923 [inline]
 __se_sys_clone kernel/fork.c:2907 [inline]
 __x64_sys_clone+0x258/0x2a0 kernel/fork.c:2907
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 6980 tgid 6980 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_folios+0xf12/0x19c0 mm/page_alloc.c:2637
 folios_put_refs+0x93a/0xa60 mm/swap.c:1024
 free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:332
 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373
 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465
 exit_mmap+0x44f/0xc80 mm/mmap.c:3354
 __mmput+0x115/0x380 kernel/fork.c:1343
 exit_mm+0x220/0x310 kernel/exit.c:566
 do_exit+0x9b2/0x27f0 kernel/exit.c:864
 do_group_exit+0x207/0x2c0 kernel/exit.c:1026
 __do_sys_exit_group kernel/exit.c:1037 [inline]
 __se_sys_exit_group kernel/exit.c:1035 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035
 x64_sys_call+0x26c3/0x26d0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffffc9000382f980: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc9000382fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc9000382fa80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
                                           ^
 ffffc9000382fb00: 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2
 ffffc9000382fb80: 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
   0:	c3                   	ret
   1:	00 00                	add    %al,(%rax)
   3:	00 81 48 89 ef 48    	add    %al,0x48ef8948(%rcx)
   9:	c7 c6 00 00 00 81    	mov    $0x81000000,%esi
   f:	e8 e7 4d 55 00       	call   0x554dfb
  14:	49 c7 c6 00 00 c0 8b 	mov    $0xffffffff8bc00000,%r14
  1b:	48 89 ef             	mov    %rbp,%rdi
  1e:	48 c7 c6 00 00 c0 8b 	mov    $0xffffffff8bc00000,%rsi
  25:	e8 d1 4d 55 00       	call   0x554dfb
* 2a:	48 39 dd             	cmp    %rbx,%rbp <-- trapping instruction
  2d:	48 89 6c 24 38       	mov    %rbp,0x38(%rsp)
  32:	0f 82 27 01 00 00    	jb     0x15f
  38:	4c 39 f5             	cmp    %r14,%rbp
  3b:	0f                   	.byte 0xf
  3c:	83 1e 01             	sbbl   $0x1,(%rsi)

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: stack-out-of-bounds in bq_xmit_all+0x134/0x11d0 kernel/bpf/devmap.c:385
Read of size 8 at addr ffffc9000382fac0 by task syz-executor153/7026

CPU: 1 PID: 7026 Comm: syz-executor153 Not tainted 6.10.0-syzkaller-08676-g720261cfc732 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 bq_xmit_all+0x134/0x11d0 kernel/bpf/devmap.c:385
 __dev_flush+0x81/0x160 kernel/bpf/devmap.c:425
 xdp_do_check_flushed+0x129/0x240 net/core/filter.c:4300
 __napi_poll+0xe4/0x490 net/core/dev.c:6774
 napi_poll net/core/dev.c:6840 [inline]
 net_rx_action+0x89b/0x1240 net/core/dev.c:6962
 handle_softirqs+0x2c4/0x970 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649
 common_interrupt+0xaa/0xd0 arch/x86/kernel/irq.c:278
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:206 [inline]
RIP: 0010:unwind_next_frame+0x1ef/0x2a00 arch/x86/kernel/unwind_orc.c:494
Code: c3 00 00 00 81 48 89 ef 48 c7 c6 00 00 00 81 e8 e7 4d 55 00 49 c7 c6 00 00 c0 8b 48 89 ef 48 c7 c6 00 00 c0 8b e8 d1 4d 55 00 <48> 39 dd 48 89 6c 24 38 0f 82 27 01 00 00 4c 39 f5 0f 83 1e 01 00
RSP: 0018:ffffc9000382f260 EFLAGS: 00000293
RAX: 0000000000000000 RBX: ffffffff81000000 RCX: ffff888022579e00
RDX: ffffc9000382f3d5 RSI: ffffffff8bc00000 RDI: ffffffff814149cb
RBP: ffffffff814149cb R08: ffffffff8141193f R09: 0000000000000000
R10: ffffc9000382f3a0 R11: fffff52000705e80 R12: ffffc9000382f3a0
R13: ffffc9000382f3f0 R14: ffffffff8bc00000 R15: ffffffff814149cc
 __unwind_start+0x641/0x7c0 arch/x86/kernel/unwind_orc.c:760
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0x103/0x1b0 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240
 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2235 [inline]
 slab_free mm/slub.c:4464 [inline]
 kmem_cache_free+0x145/0x350 mm/slub.c:4539
 pmd_ptlock_free include/linux/mm.h:3081 [inline]
 pagetable_pmd_dtor include/linux/mm.h:3122 [inline]
 ___pmd_free_tlb+0x7c/0x1a0 arch/x86/mm/pgtable.c:72
 __pmd_free_tlb arch/x86/include/asm/pgalloc.h:93 [inline]
 free_pmd_range mm/memory.c:228 [inline]
 free_pud_range mm/memory.c:246 [inline]
 free_p4d_range mm/memory.c:280 [inline]
 free_pgd_range+0x9fe/0xdd0 mm/memory.c:360
 free_pgtables+0x653/0x730
 exit_mmap+0x447/0xc80 mm/mmap.c:3352
 __mmput+0x115/0x380 kernel/fork.c:1343
 exit_mm+0x220/0x310 kernel/exit.c:566
 do_exit+0x9b2/0x27f0 kernel/exit.c:864
 do_group_exit+0x207/0x2c0 kernel/exit.c:1026
 __do_sys_exit_group kernel/exit.c:1037 [inline]
 __se_sys_exit_group kernel/exit.c:1035 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035
 x64_sys_call+0x26c3/0x26d0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f310bf11e09
Code: Unable to access opcode bytes at 0x7f310bf11ddf.
RSP: 002b:00007ffeb5a4e7b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f310bf11e09
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f310bf92390 R08: ffffffffffffffb8 R09: 00007ffeb5a4e840
R10: 00007ffeb5a4e840 R11: 0000000000000246 R12: 00007f310bf92390
R13: 0000000000000000 R14: 00007f310bf93e60 R15: 00007f310bee2c60
 </TASK>

The buggy address belongs to stack of task syz-executor153/7026
 and is located at offset 0 in frame:
 exit_mmap+0x0/0xc80

This frame has 2 objects:
 [32, 160) 'tlb'
 [192, 256) 'vmi'

The buggy address belongs to the virtual mapping at
 [ffffc90003828000, ffffc90003831000) created by:
 copy_process+0x5d1/0x3dc0 kernel/fork.c:2203

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88807a644dc0 pfn:0x7a644
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: ffff88807a644dc0 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5077, tgid 5077 (syz-executor153), ts 85811625558, free_ts 85310218450
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1473
 prep_new_page mm/page_alloc.c:1481 [inline]
 get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3425
 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4683
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 vm_area_alloc_pages mm/vmalloc.c:3583 [inline]
 __vmalloc_area_node mm/vmalloc.c:3659 [inline]
 __vmalloc_node_range_noprof+0x971/0x1460 mm/vmalloc.c:3840
 alloc_thread_stack_node kernel/fork.c:311 [inline]
 dup_task_struct+0x444/0x8c0 kernel/fork.c:1111
 copy_process+0x5d1/0x3dc0 kernel/fork.c:2203
 kernel_clone+0x223/0x870 kernel/fork.c:2780
 __do_sys_clone kernel/fork.c:2923 [inline]
 __se_sys_clone kernel/fork.c:2907 [inline]
 __x64_sys_clone+0x258/0x2a0 kernel/fork.c:2907
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 6980 tgid 6980 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_folios+0xf12/0x19c0 mm/page_alloc.c:2637
 folios_put_refs+0x93a/0xa60 mm/swap.c:1024
 free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:332
 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373
 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465
 exit_mmap+0x44f/0xc80 mm/mmap.c:3354
 __mmput+0x115/0x380 kernel/fork.c:1343
 exit_mm+0x220/0x310 kernel/exit.c:566
 do_exit+0x9b2/0x27f0 kernel/exit.c:864
 do_group_exit+0x207/0x2c0 kernel/exit.c:1026
 __do_sys_exit_group kernel/exit.c:1037 [inline]
 __se_sys_exit_group kernel/exit.c:1035 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1035
 x64_sys_call+0x26c3/0x26d0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffffc9000382f980: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc9000382fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc9000382fa80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
                                           ^
 ffffc9000382fb00: 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2
 ffffc9000382fb80: 00 00 00 00 00 00 00 00 f3 f3 f3 f3 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
   0:	c3                   	ret
   1:	00 00                	add    %al,(%rax)
   3:	00 81 48 89 ef 48    	add    %al,0x48ef8948(%rcx)
   9:	c7 c6 00 00 00 81    	mov    $0x81000000,%esi
   f:	e8 e7 4d 55 00       	call   0x554dfb
  14:	49 c7 c6 00 00 c0 8b 	mov    $0xffffffff8bc00000,%r14
  1b:	48 89 ef             	mov    %rbp,%rdi
  1e:	48 c7 c6 00 00 c0 8b 	mov    $0xffffffff8bc00000,%rsi
  25:	e8 d1 4d 55 00       	call   0x554dfb
* 2a:	48 39 dd             	cmp    %rbx,%rbp <-- trapping instruction
  2d:	48 89 6c 24 38       	mov    %rbp,0x38(%rsp)
  32:	0f 82 27 01 00 00    	jb     0x15f
  38:	4c 39 f5             	cmp    %r14,%rbp
  3b:	0f                   	.byte 0xf
  3c:	83 1e 01             	sbbl   $0x1,(%rsi)