Extracting prog: 3m7.474743848s
Minimizing prog: 41m21.479198519s
Simplifying prog options: 1m33.591539548s
Extracting C: 28.868669582s
Simplifying C: 0s


extracting reproducer from 25 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
single: failed to extract reproducer
bisect: bisecting 25 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 10, 20, 30, 6, 30, 19, 30, 24, 16, 16, 8, 28, 11, 9, 13, 3, 18, 5, 3, 16, 21, 10, 20, 8]
detailed listing:
executing program 2:
socket$inet6(0xa, 0x5, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040), 0x0)
executing program 2:
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket$unix(0x1, 0x1, 0x0) (async)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020) (async)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e) (async)
bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x74, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x44, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x2, 0x2, 0x2, 0x0, {0x9, 0x4, 0x0, 0x8, 0x0, 0x1, 0x1, 0x3}, 0x1, 0x1, 0x4}}, @void, @void, @void}}], @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}, @beacon=[@NL80211_ATTR_IE={0x4}]]}, 0x74}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff)
r9 = socket$nl_route(0x10, 0x3, 0x0)
fcntl$dupfd(r9, 0x0, r9)
ioctl$FS_IOC_GETFSSYSFSPATH(r7, 0x80811501, &(0x7f0000000040)={0x80})
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@gettfilter={0x13, 0x2e, 0x201, 0x0, 0x0, {}, [{0x8, 0xf}]}, 0x2c}}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001500)={0x34, r8, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}]}, 0x34}}, 0x0)
executing program 1:
r0 = ioctl$KVM_CREATE_GUEST_MEMFD(0xffffffffffffffff, 0xc040aed4, &(0x7f0000000000)={0x5, 0x3ff})
ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000040)=0x6)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x900, 0x0)
ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f00000000c0))
connect$caif(r1, &(0x7f0000000100)=@util={0x25, "8f8cec9483f2ef1dec89bb7ca15e954a"}, 0x18)
ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000140)=0x6)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x2})
ioctl$FS_IOC_READ_VERITY_METADATA(r1, 0xc0286687, &(0x7f0000000200)={0x2, 0x3, 0xf, &(0x7f00000001c0)=""/15})
ioperm(0x0, 0x101, 0xe0000000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=@deltaction={0x6c, 0x31, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x58, 0x1, [{0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x880}}, {0x14, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000001}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
ioctl$TCXONC(r1, 0x540a, 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x8000, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000440)={0x4, 0x0, &(0x7f0000000400)=[0x0, 0x0, <r4=>0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_RMFB(r3, 0xc00464af, &(0x7f0000000480)=r4)
ioctl$TCXONC(r1, 0x540a, 0x3)
stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = getgid()
fchown(r0, r5, r6)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), r1)
sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, r7, 0x8, 0x70bd26, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x84)
close(r2)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), r1)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x2c, r8, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8004}, 0x80000)
ioctl$IOMMU_VFIO_SET_IOMMU(r1, 0x3b66, 0xf7d54e7163899e00)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000840), r1)
sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)={0x30, r9, 0x300, 0x70bd28, 0x25dfdbff, {{}, {}, {0x14, 0x18, {0x4, @bearer=@l2={'eth', 0x3a, 'macsec0\x00'}}}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000980), r1)
sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000ac0)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)={0x84, r10, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3bbe}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7a99}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xf}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x81}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x800}, 0x8000)
executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r0, r1}, 0xc)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000001280), 0xffffffff, r1}, 0x38) (fail_nth: 41)
executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) (async)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000005a006da80000007ae1d34f001c14000000000000000002000800010000120000ff7da8c7c88a21acddc80d88d10018839cd6a9b1de011f32d43ea37b0f4ff980cd372a5106953d70928ad17788e4"], 0x24}}, 0x0) (async)
r2 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f080003400000000464"], 0xf0}}, 0x0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r4 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) (async)
r5 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r5, 0x0, 0x0) (async)
syz_open_dev$evdev(&(0x7f0000000080), 0x4, 0x300) (async)
syz_usb_disconnect(0xffffffffffffffff) (async)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
poll(&(0x7f00000000c0)=[{r6, 0x48}], 0x1, 0x62) (async)
write$char_usb(r6, &(0x7f0000000180)='0', 0xfe64) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r8 = syz_open_dev$loop(0x0, 0x81, 0x2)
ioctl$LOOP_GET_STATUS(r8, 0x1263, 0x0) (async)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0) (async)
fdatasync(0xffffffffffffffff)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) (async)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0xff, 0x1, 0x428}}}, 0x7) (async)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xc, 0x2, 0xb, '\x00', 0x8})
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r4, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"})
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c000180060006006558000004050280ff0411"], 0x528}}, 0xc000) (async)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r2)
executing program 1:
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setuid(r1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x100000, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@euid_gt={'euid>', r1}}, {@smackfshat={'smackfshat', 0x3d, 'overlay\x00'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = fanotify_init(0x200, 0x0)
fanotify_mark(r3, 0x201, 0x4800003e, r2, 0x0)
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x2000, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r5 = open(&(0x7f0000000080)='./bus\x00', 0x62142, 0x0)
ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000040)={'wlan0\x00', 0x400})
r6 = open$dir(&(0x7f0000000180)='./file1\x00', 0x204100, 0x10)
r7 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', &(0x7f0000000240)={0x80000, 0xc8, 0x21}, 0x18)
linkat(r6, &(0x7f00000001c0)='./file1\x00', r7, &(0x7f0000000280)='./bus\x00', 0x1000)
open(&(0x7f0000000780)='./bus\x00', 0x14117e, 0x0)
executing program 1:
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0)
ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r1, 0x101, 0x1, &(0x7f0000000040)=0x6, 0x4)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x175a81, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000240)={<r4=>0xffffffffffffffff}, 0x13f, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000200)={0x7, 0xffc1, 0xfa00, {r4, 0x55ab}}, 0x10)
mknodat(r2, &(0x7f0000000280)='./file0\x00', 0x8, 0x800)
socketpair(0x2b, 0x80001, 0x0, &(0x7f0000000000))
chdir(&(0x7f00000000c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x4)
r5 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000002a00)={0xa0, 0xfffffffffffffff5, 0x0, {{0x0, 0x0, 0xfb9, 0x0, 0xe1, 0x9, {0x6, 0x6, 0x4, 0x0, 0x9, 0xa, 0x7fffffff, 0x358, 0xc, 0xa000, 0x100, 0x0, 0x0, 0x0, 0x5}}}}, 0xa0)
setpgid(r5, 0x0)
setpgid(0x0, r5)
openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x10000, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x40000)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={0x0, 0x0, 0x80000, <r7=>0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r6, 0xc00464c9, &(0x7f0000000100)={r7})
lstat(&(0x7f0000002800)='./file0\x00', &(0x7f0000002900)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000009740)='./file0\x00', &(0x7f0000009780)={0x0, 0x0, 0x0, 0x0, <r10=>0x0, <r11=>0x0}, 0x2000)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000500)="fef294f77f3d160248202661718b458a60f48114de7bdda6d2e1273bc22762cc315ba98698452d25194d502b4cbf61c7fa1703983d3bc2ccb535bf670309c7606ad415488eea74edb42e65902abe07c911f948c926c58d491b68282ea332597e647cd2ef9d7cb4e244f08d2a7d3581a2d67027aa3d0db460d5792b8d38011d26fa507772269fb6214f0195d943dd310a2bf262d45d5aacbdc4f645742df381ed4bcfa38ee761eb2b8e6990db79fad62a4550d8e7494acdf1459317b283f0931d4d623967a25eaf97fdce017b2687f4b80e7e490050c75fd1237c5acb94d845b0f2410595a394510957e18524ba82e5bf90287c818cca2649ea0982c51bc9bb1b140839c2cf2f129207ce8ac32e32186f763464d28eaee2aba6f98f3f4700235e77753ad92dd9d96f1e529a40dcb5ed1451ca572d8887b7a94d5d700838297ebaee60bbc77fb8287df8d5a39fb6927c0beb481e2f5672ab61c0164f698799bce19974a4c8f0cb48c1646f19943e1668d56038c81b75c9bc9bdc4c88a0331aaa8de65c4b72ab8d03606a8945ad4afdb520b985d161fd8329b0d114c5404ea4ff90fd1f1a513fbe2df274f374ebfb448f4b52f7099e4d0b6ed0c64f0e05669ffe4d462d46f4b1e29a939227f00be04ed27fb4dd36a56f8289d6765dc37b701f92851938732040de311bd449f9f3ef50b591df403008f14ec11d7df83aa02ab1b4a809b8a1e5589fe88770fef41837461ea2fa79bded4a6611a7e8711b86f062bcd9aab85961ca46af0e3e52e77c7e1e8395238641e753b8b86c7b3eee2f3d4db72d7d8ac7178b7dd03a817a13bc3cb808424ccad6ba909a1bc729a3cc612c855f7bfe7f409e6c6c75f482e677c0f5cc231dd61a888344ce711ba28babdbbca0e39a310abf6060a2efd6e82c77d56094e1a5a4e9f589ad6e5ab89629f149b7125d20f5cecd604c7171dede37a4f0fe566e108a45e84017cc07485a9c21181d55c2f3c825e6a61b01edb3c053798c3ae842d4be6dd8830265426f0cbdb5280cfd74cdd02b505c4425a3d8d70b360659a129bd777c0cd17bed9bf6111abe27e7713d006182ce1769dc7a4f860ed4b39a01dcfaf9e1a0eb3025912e1b88b17808ca646c0433e1604cf9fd0e76e9ed420ee41acb57f4b9aa292918d38a991e7c54c3ce76d7281be47ca5c2104d0063a9b2230d4855f90b53e2b2c7bb43043f2e85f8d41d4a858ca6eaa32c2295b466fb9345f5d6b06252cf4c4e181bed1125bec1192a9b9210f4b65c1d3d8f6d3dcb8791a9b43565883747e7174c3c345835b0ffde4fd00560b17441d6eb528e39c8a8dc331e496914fd23d2f8d331f42da02c89bb3807852e0dd90b5f8e6cb873315f2e862a232c91405b70d79dc9ff49f4ada6e57528310ae0841106c6adf9526a0025c11e2e52a28d4ee06dd575ed9c4c85ab583226dd92cd4b8fa8e00fe98605ba6b76bd90f76b211c22d7ac409f95143a53994f22283fd651cecab923550b9392c6db4a18493ad951e2d5cf746c39645d61a0693403cb15fa885b44ed1d838d0ecc0955aeb607300d333dc33f0987a18e5b67cc1600f7df64f3cb3938b9381c7675a49ace960873d70cfb4a1594b03a575d501ea08e09c41d16fc5c576ed58da3dd44ae4e21d3f8486f158ab8ce5c6c09d549d732bf2da0c3c4b851cdb64815726807219b9adc1a410f5d9d15f65b9bf42e3cae1cc9a9b2698f48ed55176cee95f8acd80e220eb252a77d7a31f7634eed0011215c2eecf1a1fe5fae85f6771e5441888a191226948ef36cbf5dd6eb9c211283e113fc1f02dabf524cb4ac928c4adc1969bc6bc6d2e41897f13aac0a9e230f2e6a85b5de113c1e0f8a6d9419224f23956e0e9000c3d9b7103ac6e00a34a08f3ba91b449a971d7686aea680a340beff8a5ee1b00f9c90e824515607dbaa747f0a0ab630841f9ae9ad8c4a4edd3b3c903761c5f8a0e20f8985f954c06bb02541d9109f027868bfd00a0ac1fe82f3493c781b769448b4ee462ed0e7f08c51e167abba86773db874ee3125d7b932061f2ce2912d2bca8182758c7395d1f6769a6a3c246b21278305e43b8032c95d562f3a24125f7f1b79feb8a863db663d2bafae23476a1f16c50e6fe50ce86ec2ebe097b54686e46633d9b84a9be2de2b271d339158907ac39bd564dfbe4d969f94785531cd4a27fa42d5d3938340e24dbe15061421efeb799fde44a603aaaddd6acdaa3a529716f63a8214bbd98ab688c6c83498bd9f187085d5df7dbe34184b0a5a62ad69fbbdd2e8778b4cfb9b43cc29ec1632b13c747d5b2b38c8333bdc0d9516ea3c9b022151a1417196ee2cdf62188ed5e05a8905cef1b0da42a84e6053fd77008bf25ad9dbc94b95a07e76fb63df54e9a5ac1e41a9423d498b1bed6a7d9b1eebbc59708ea84aecb1b1712e5f5ac16186f8f991240b2e744eaec42dcded6dec3f050bbb7394ff90002f5015e304b4b47f58c4a16944388ffb15ffd2b0f4e108f45d72693e185f3424fa9ddb45dbcbc1296ee706b38429f8920a18522af39d9025542cf36d9504aa3301f4b4a93294c2b4044e96f4d964d21dc0e99badd1e3b7c2de2343fd9dcb475bbfd7fa0efccb6adfcb968083089738e1c240cf01d5dd0851bfb1cfc6acff79419eda9420b56d1dde44c1661bbfada8cad701a82dcf17050580ee1c02466274c32a02df457a30a54555c251e0338dbf51fc03834502b23b2444eeea8ac8a7a8c11508895994f48cb2a9a737f570f83fd24446ff193b21dfdf48875c2ede3a2a619be123c915f21a29f6738af5ad4234993efcbf0c9b975199e7bef131071ab8fa470384997d12aec650a40d34dc54cf9a0af04f97d64df02c9bce59e91d327fbdcbfdf05f01d549b4aee4e9a7f68c4d654ad1570d4bfaf7a4ba9c13d034079e8406a0e948a18e08cd4ac04e1bf09ae9e6b334be11ff61cee7c763ceb26dd81d7a819b50d8d88192db0a49425ac2ac3b2c68a746bdf9dc621f26517ae6b6e250827da51ffb29f21199a9502c9261826358ffec7134b42dc34fab8fe8615e94803b4d18e3f6ece51d1a276fd996a125a71bc6d4afbdb048dadf97ecd9471bb5a27a2a86ba0b0bcbe7d3e1e3075b109e87267f4921d464ef563a1ca5640adde8838ccedf89cb422738119084fbda890a73f294d6bd305e2cdd57c4f995dc96eeb4cb886bdc22242a6d32f371c3c023b7f5fba29663d896f5133ab8aa7ee8fd27ea6f1981ecb2772b3796d8b910032b5a7b0ad9b8686efa20c1060d1f7291f2e23effd67931b2cead81f09d4cc01effa9554d48336dd7b58ecd0ed80633e21a809a1937c817c3c6b3e126ab68cc12ebfcd3337a534b44bae075f04d73875bbaf6d135ca43ec2188bb06d1072c05ff10af745b9acfd01298ba1865c59dbdc1970cb6654db495a3c877e2c79d4283c2c531b24025e8c5b4d9a3a7fc3e6b6d7762e98066f2c1e2ac881b27a6761870e1df539764bbfa888fe9131ca685b1a9b45a89df2600146ad74282cd9bfb82c123b786b25a8d760d59e3482db800ad86423dfdcd9df4741c38610471321915d9c86a563fb0cf0bb0ded45f4eb121ddfc8c68cc790a042ceff8cd23a7bde1f0a0efe03df92eb6189a27d4570a801e34e7ee3d55bb17ebfc817d601449b87998141fd4267c7dfb9685cc49204669ae8f7ec739b7a39c50cdcdebea63541db2e53a1037e91ba50a8660ee11b6df7cf50551ea446bba9e306ab24d1a039424d4371b7ee8075c1b072151381c805fc16e1afc3a07ae337afb841871a0a187632613b8ae5b81f269990cc69505965fa92b6cf4f19be3ab33db75c19d356c7eb14580c62f249e16e90e397edc88eb3b4df8f1ff27c330d51509daf5b181faacc6f7b1440b37bee2df1372481f0405d1782ae4e31fb837c20072716df93e00635528da442868e4189471a432cd803ce3091ff25df47e0cd06a378917bba9bb33309428390c2aeff2f854260054e7235ec36345fa7dd863c9c80e40e4dd4f0c689b04190f71f8b04850eda92de0a93d6b0db10e74ab0d88f105e8d7b8aaf7b6523ada714fa17f2eb34633b4a663e0fd9e0dc831cd373822593426f639d719484db83605087c45c075945798d8ad6ddb09a24346c80d602607329539d420e59d70fd0d2e38fce35cfc7cae695bcd006eaf606959f6d22ef59a2932b1cf8d49e6bc0a11f87ee0ee6e16258727b97c7eab5ccb25cddc8026f5d3e02cfb5a07978fbd4279fdf00fd6388c70e5daed8e6b9a607263b473db17ed232f94a9161097e6cd6fbaaea7a9516a78e7e93825469de6fda1c09551a612e94b0b565450bbe8a8e25a218fd43d4816718c64bf1800cfc562b8e13edd93950916f30dbefd43d6b4be5a462469b1048bbe573e1c99c7257dc469498b5c4c6fc64e3dc509e28ee41b7085238bd7df014d38c01099b58c0a45677318d6fdb76df838b77223ac738787bb80fd6820ae7432500f4dc01e0d2e24c96bed1ef446d201d76191d81639c1b794823b58659c34dda402c81a061d402c061e8c8cf671b487f94d497b544631548c6245a36a2ebc499aa5b0939fe0432963b21062e2c24ba90d46903a75d37f13cf3002404bc4888210db027e337687f7502b5c7637f8be09b388f4fd4b8e2ff3fd86861b62ce5d0957bd3b5b3e1ba6f690f8dbaf9f428cfd9d545cabd55bb21b98422286c5754428d25945d530d9a623f5da4b20b6986e1d2b7a665a719afa7c8b596a2549145178e8296555dd0148a72de93f2a4422e9c68b30c8ac16d8c889d2ec438db4c431885abfe1f7d662cac8248f77818055ebd2b76f4a28545e473d75fc9c51e328a760f18cdd73779396e54b1ec6f8e6f9123efa5e4f319e6e1997bfcd85fc8fedf71a51c40bbeb9c0762dc54591af03732525e28dda81c5fdd39366e190dc2e759f67ce2c01efdf3443d061559313dba250167ec09bea6ab92991e199b818df2782c13d64df69e7e2af88b51376cb4eaceb8fb5a614d69e1914f8f45e5a95721b54ba8662f250cb4bfcde5366e07dee91c4f8338a6e0be888026300a1f0598f8eb1a323257b152754060ee7bd0ffe06eb6b1809ff54a0dcc86864666fd83c308dd0fb8e105553e8dd345beeee0ddd01600275a77dd37b6674e81517e797e6d4958c61ad7468eef2b3bec52a93829534c7ae7c94b01332b2bf0bac23461e4cbec86c5c5e1c2f62282424a9f6573a7ae57931bd53ff4bdab64d47553f92422faaea84d096387ae9f9c4ebde000959e149ffb3455816ceed4c9edbe6b2e8d0688f05c05de6f3268f0dcf423b077eb78e949c6ed81f404fad6266bcfe505fbdb4c150d4a125cb81b9f799ddf2fcceb8ac5fb2295a22ce3df5a2a89a430bf06bdc6882898f917ec01af4df451a1781eb500626a34e07cfde4696fca08941990a4aababdb5f9de41d0eeb2cb166161004d31cda38bfeab35ff0e9a667d63feafe5bc28e6e7cf40b7d881764bfb98fc3e51034ee978484830ea0e118d032e1750a70ac5e6a5932e3d812970d6a790ef296372961922ab509203e4aa5cf56084c19470b79ef80d6d985440b59e301876e67d5e42de697d7c576a0fc23a0af03617d848f36f11ae7b95428dcfff5743f7ebc875194b00f015fe490c1c24dbecb44960ea67a870d04390ea550166700762a6951be7ad778cd301b7bee550db837a3cf9ab63bfc6065fcb4c740f94c081c1658a4add38eceff75fd1f2711319dc081cb479956cd7a1e2d8df6b519d65f899ca06f508da86b1d6bff8618c872acfba75d19c6a68e727b09bfbd7bdacc02ded4ace5ecfcc15a2038ce87c715bd9300ce29e4fb9f9b7523c91c46d3982f1de9b6b64c07ad1e242209e21ba12b5cb318ea58582b89a81de676d3d9ecdef72498c1f2f90171569ee3a0efc09a9a716b1afe4c26c6db04b54f311f479251b4b614184a20337692f87f2a79620c74be49705faa9762b52874a82c195f7d317e8f9e103f7ee591ac9997ba34bb9dc5150c5cd665911cdef55d846a4dd744808777514dd9cbd554f71cbe186cc1645bc38a46947628192ad73595fc93439f13ff0410721eb413e7f9505fb0d76b14884f8b9a5f45028f31a425077a5ff7e313ef31a61a6314474d9b2591ed1bd99491ff89475a05307411eb8e5f43fb0d565b03792ab335f1b5357eadb2cab6222437d91d619c896e35c19de726a2f2c521a407b961b87b899624f9be4461bfbeef6ddc3a0d55931fcf903dafa2e323d6fbe7457434033b5f7ecfd7b0edc4bc6ad58d6838bda30c9ea4ddd0f48200aedbed4b00887c1fd26901fe9aee69ae2208edfa27f3a113730cafa2f28604fcb390c6cb2e4d0c566fdf85fa39acf8b6cdfb774e635f04a981ebdd50ebde7c6fccccc9083e23fff30e8ff2af09ab67a4a8987d13d78fc36b95e444c4d5cdf5445c771a475c4bf8ad6a5a55ffc2affb0b9c906740c302668df7adeb0502e109b4d9b46a0afd8f0a57e697964041a584ec0b20b931d2bb753d280a8fce5aa05f9f936bf0fb9275b3b1abc3aa4b8ab9bf7abfea6263143b1dfa4eec2db195e4aa6791f71c703ff633ba413642c48f9d5d23c21ad75242c83b2d0015df639e18ecd15775d7c5cd65d7aec4e3ad77fc5a1ba2693c9f6d93411b921d01050d4153b9ad823744a28f460d6a88f99a6637f12c508875f0aade0056a604cd089c74beb885f5f5a01c1711aa57607abacdc6148fe61855bc237f463865ae9b682e172022cb8fbad96e72fc21f6a2835d33eecf7f6b3067663a7359224c19d46af76558dc86eb3be931caeca70d8cc85bd6bd54f76fa768ecd891ccaaa345cd107d746adc146a1ac1e5cf6113a50cdd3f989e999c3e6f767a80175a6570e803768c9dc60fd1c44fa141a824084f08fd5e86ea19b9cb61f7c6b385d80a2ad9c4ed82811fb553be5ffd626824ae3baf62d42601f49482d2a6806cfcda5579bcd068e6e99617bc1ba62ec784e8e29e4247627b89300607abec06d74e15bfdcde39f599065b9e17afbf97a2e7bef55183d23684baf41d70cfa76f1ebff1e396d8beba384e5d931f16aa1af86440b9d22f9af1025bb91f7744e4637d5725663d772f0bf77d69f8b3bd133c0297b44a73c42c6b40df05e5df36654741a6309f2e9547602d2770cf2d461db267c2ef79f4b51ad205e5ce07ff8fd93511256bff1b1a3b6b4e5dc151ab006e341a269d221a82cac7492a6c21a90fe1682545d30b9491e92d2a761a09680a387eb9a3164d74ffdbb37f38056ab86a416378d16b909e344cc23453e05e16427b3f22fe7e8674852fc4b0317c2a52e3259fc064ceb1a6e99b67d6080ba86d363db17dfb07313c115310a98b6d8323ddd5d70082f9260aa8d115bd1ce8d099729be8994d02c66ba089847f52c5d65d021223abde05b8433db184cc68645caf67ec18ae14f2ab24cc1b8249d5ab81553aedfc5cc09f6eb9e70efe901a478b77ed1baa30e22ed42b2124a60851990b61ef5c81d043b3466875ca3aac9399b267177b08d788b39a28272fad981f54c158a337c8916819957dc2bdb747c39e54fcf42ff64d22d0c35f95d4083162eca86a00bc91b3615e02d0b5eaf9de694d38b164e950db2266caad18ee1d1cf9f58639d07173f212c662674869d218d8158c56f453732d6478791c678f2380884b50057e2e54d1efa921cb4195ac391a0d91956da50a6e227874be8328330570a44918e4b1bdc8d861771a4087e0ae6f9b3f47727e167f248b492e08075700d7d6b33191384f6e71572da0308d0c069e081994bcff748ccf8d4168a511d786c0fde72e56e8581489696c68f434016ce0ed689dfb68b58045a23db0004a8a88c1214f3663f4f3f945a20bb36416bdac64f0b0bb2186ff698e3805ca3aac4ef4a1b109810e8699c7c86b4973e6e168fcf6b274d802be2f2cd221ecc417b3c01200e31598e158ad4d72890d3a8fa1cc869b5ba0657d3dbe2967abd2c7fd202bd8e34e2d6f16ab2bf60bc1945ff4781c458cc923cd5783d836e18bba18821b6eb8e7df141b302a64999964949457d2dd8041daf65073b3497b6e12c3a39609dfd7a63cb7a177d5ca4f422d0d06a7b152a920790d5351626a61df25d576f5f30718b3da54a988d6f7e7ebb5297d7bcb3babe135ecf6add15b4eecf8ccb2cff43e3e83c95afcb95cc0d95a81332a030de8df91696a1e6c0766541cbaa67dbb04de8dda63104572d269377a6cace5821608a77091bac1d14c8d40fb0c0dab3de9950f723a4db2cd4532dd6f477c437bbf78b759fd60716e2735adba748f168e692a3da77708aec6ff1befcc41dad3d31644db5a8b5a03b38b898f7c46b52f5f36aa1e1fa7bc8fc1ff0e02ddae14479137cdbe7196b644ea1e83b4aaa6eabb8fa2113b9a4e22c7041f14415077087cd5396232563bdc094b267787695dc429696004406de944f70d0566aada71e3798e8fe74825dfed1b8ac7b0edb60cdb25f4c4cd4c9fa7b3ddc5c4547c27418d1de0c80cdf2d3f3048fdfc035c6065d1900c9f4bc4f6313b6b2501a24bf70ec40e477c2e584c145ec7a1c4cae251cf3fb75336125883db814fcf29cf3eb593d5e6049cb24d2919aa83c488528ec2c49ab5edda17df7d24c34cfa21bafe9828ac3d3949ef34188bcf0ab241d1016ab1af2255534639b4402cb759c73cbe1726dc834b90d50b2a101404177b80619109f1db1e5e9e05fca9c1bef7a784cf3287f919451ce20e0ed062de16c1699d3be2784ef3e02c6e707a17c5ca84e64b1ff319d09df79f07ee0e262486334ce7623c3c2030964c63156cd3bd61f874ea11779753cb35e79f9b0d4ec235cc2fcd56ac39e199ba68cb97524e04c7b6bebcae4b6bd09d110a5a15c3740b609efb3608e2590f394f80f3bf415b617362959dc0f4fa2963ea1f8c9eed82ae1e6e7c115dbbb25a172753d59504b5d69d6c140c105ed5e768a5e033d1912fd2b1398bae648a0acbda0cb466277dc33359bb6f3e43ec4116802885f814691b701d566fa7f765db7b32778873fd72888966721b2c839edbb32f3d33d8a21f5f98bec01b5879bda39888291daf6e3b5586d780b2fbcd3eef74f126050f97b66a930a84e780db3f323603da2c55495c822f23489ed8e4b725f40e6b97866bd1ec86ec0031a1bfaf0aa839c835477ef7bdec24a12318283d100f377571a7ef6f6f8748eb88f130c6a6f78975540647589d10c243ce0c7c6af3ca196678d9614e9639224a6a68629807fb73af4da4a8378b792b75df4bae115e2f499c82d72f9b4aa688ebeafffa841e638a682a8d75e2e590b384185683413440eaff7078b4821f409d4e59cb18ec83caac35f280da856ef49706b6b2f0f1a8ea93e6ebe1a658c6c1305d17d0a3147d4eb5cbec7c2a4fd44071bfa167b5bb7323f760d0d4875c3a2a4d31556cfbc3552ee94295b7b3246e2ec28efed0ec4ea3a8343b7746c919be190f2a0f75bf68f3dd4e080582335a0365b5c48380a8887c6b80f30f44e118663571f44a098994da7a4754a44cc69788454d28be48c79c3355380fd3605793fcd567a403b4221a182e6dd67a6d50b12d662eccbaba782ae0eb146c8462d6a936b4d12be00aeff4b9e6aa45d5e954791361bd0996895c7c69a4f212b63cb3ce5c11ad775c4287ea328fc596ff97430258ac9efcd5fb7791d8e9997107c69bc4a51a5ce3526f03bc22cefb52cb07ca0286e7f65b0b081684bc21dbb68f07444f90ce92933dbf944a00e13a14daaa2301ba3a23c6fad8c49d3ee038d5588b6aadfef3afeed0ff2267168b4a4b3665d83d32d896623d66cbd1aabdd4ca756748e2f720684d3d625af6197eb4e8a19ec48d4d17d57f685261007e7305d4011aeb4eca20bb246b7ae58403afe308660cb769a2cca88d21cda7654709b87a2c476b262f4706688138066b34bb7e56be429bac1ad3561a9fd0f3128f0a5573e61224bb4438ea154c96f9ab60e4c640c1cdbe59d959fd7004c5c215e8c75242cb41ba40ff0062eeaa56396624a36c2859353370bb80b3d090857f97fa6a04373dee07b389a19726ed06c21d89625fed774f1e38d5675d2befced9f6863c34732b2c56613ba93260c36da11e802fd0295a383fcfc8bb4372deebd1f37a4a7dbceb09466da742250ec5f45de301c8486262ce6e4f3db277c845544057a8008bbac4eae8f87dd027f02d56524f9b56f2c64a50edb6d78f271fff2e5303e1ac64a0ca48f78b4f7d75ed4f0b67de4e333ff2512c6ac08f3cdf5d8c213659a7fb10b3dcee68f293effefef91c90fc94314c4d31e06cda54f2d604386d86aa1468f6f59d885b59c629fd658f5e39e6efdd125af5196d2721fafc6d95f51e7617e1d7d585a3e6248e4b4e47798e599c90301cf78e92d842864d28203772f26cbb5db24088b0c830462325b785b3a098c568407fa48e9f351ab76e51e16630a2099dcee3504ef854eca7923e35dfc392dd31810a5d7fa669c3f8b2c9ea20ea0bc2734287650d069be17533a0b465d603833fe07d542f0b9f19463ffa093c8635cd9b395029fd9213699a95ca3748106325a35256c28eed6ee0732c32f944db0f70760c82ce8e9f7d84692264de947854e41bc03e4bed49b2c573436fc514a9a5bf8609977dbbd968b33e2bb05caf884ce4f2464618b52b9bcb2a523b64c5ed3aba69fbc1b579c263fabd3f136793639f28c85198946115a9719ca865b8f05fb75af5b21475e1683847dc1f68e87b792225fae93de23c0c88f137d86f1521f4a1a548aa493ffab8088a8cb5aa593ddd26283ab47082235de3039c3dc48778c62fa21bdb2691c94ae46d04cdbae8da129186d0dd90b00ea7d2adea179703f7f4ab5a30734d4b17c0a66a25e75d1f23860fae2f9b9bbc997ec21c9546c42534fcd06e88771d6c5be29540b16d2d00cb5a0f972c89b19f4736687ac7c58599103f979f5a177d8218f0281812d4f09f9a625b3f419f67ba0e5e6839c8dc0050af88f29e62d8ac48915bf1f4ea81096323f8ab6d07e96b65eb0a171a2b0670049d06314c6fac0a3000ada86bf21a7f92b7148891ad304612a23099f322dc3f41ba97454c8c691be18cec6527e689f8711fcfadeb99e80340dfa1f8742739ab891ed4211d35adc52b4b2fa078ef35d28ba61d88d2f196dc29abd40dfa6091ee17dfe7f18f1f3051f9de7c240c0101cd23c05fb60db576d040fff06bde6a7263b0065129725ea663339733361efb3191255c9485dc772702e0245947f393461ecf1290426c606f234c85c9c4e5414ccc78c6cdc239ae071bac0b91fd4dae024e93316e64ac6610d900989b230f0d05fb645ca31cc8216474fd2982b321cbdcbf108aa525ce81c80574c1aa40de6d68916627b30c327ee02cdb5331753833e58a46ea58c546a7581269f8ff74b2b0f53db915012cd59ec66e991d6f8d1c972413c36dc684ff9d2ffed5b220b4031587bbd3ba0f7b610dcbb4092a3eb1d86b564f0c1bc58e34f43065be1a485536a0d8965b126ab913647cc67a57e6facaca2b999779e1d7f2ceb34b56ec0ecfca3a73f8827a7f10bae0b7c5b30f87eec0b467b9bd8278baacbfcaebb2", 0x2000, &(0x7f0000009940)={&(0x7f0000002500)={0x50, 0x0, 0x35, {0x7, 0x29, 0x170c, 0x2002040, 0x8, 0x9, 0x1, 0x1, 0x0, 0x0, 0x8, 0x1}}, &(0x7f0000000440)={0x18, 0xffffffffffffffda, 0x9, {0x7}}, &(0x7f0000002580)={0x18, 0x0, 0x5, {0x3}}, &(0x7f00000025c0)={0x18, 0x0, 0x0, {0x8}}, &(0x7f0000002600)={0x18, 0xfffffffffffffff5, 0x1, {0x8}}, &(0x7f0000002640)={0x28, 0x0, 0xaeb5, {{0xf, 0x4, 0x1, r5}}}, &(0x7f0000002680)={0x60, 0xfffffffffffffff5, 0x100, {{0x3e, 0x9, 0xb, 0x0, 0x100000000, 0x9, 0x979, 0x502c}}}, &(0x7f0000002700)={0x18, 0xffffffffffffffda, 0x4, {0x40}}, &(0x7f00000027c0)=ANY=[@ANYBLOB="18a441e171431d000074238d0000000000010000408b83a32675a1f0262e254026252d2f00"], &(0x7f0000002780)={0x20, 0x0, 0x7, {0x0, 0xf}}, &(0x7f0000002880)={0x78, 0x0, 0x5, {0x9, 0x7f, 0x0, {0x5, 0x9, 0x0, 0x0, 0x1, 0x5, 0x4, 0x8001, 0x401, 0x1000, 0xb1, 0x0, 0x0, 0x401, 0x4}}}, &(0x7f0000004a00)={0x90, 0xfffffffffffffff5, 0x6, {0x6, 0x1, 0x1, 0x2, 0x7, 0x1, {0x2, 0x196, 0x88, 0x293, 0x3, 0x9, 0x2, 0x6, 0x0, 0x4000, 0x6, r10, 0x0, 0xffffffff, 0x5c34}}}, &(0x7f0000004ac0)=ANY=[@ANYBLOB="c8000000790f0000000000000300000000000000e7f600000000000005000000ed0400005e2b5c262b000000000000000000000006c7000000000000010000000002000023000000000000000600000000000000030000000000000014000000080000002f6465762f6472692f72656e640000000000040000000000000006000000000000000700000000040040776f726b646972000000000000000000020000000100000009000000ff0700002f6465762f66623000"/200], &(0x7f0000008fc0)=ANY=[@ANYBLOB="18050000daffffff0104000000000000030000000000000000000000000000000100000000000000080000000000000007000000070000000000000000000000020000000000000003000000000000000800000000000000030000000000000000000000000000000800000009000000080000000020000001000100", @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="c300000001000000000000000100000000000000050000000000000014000000020000002f6465762f6472692f72656e6465724431323800000000000400000000000000030000000000000001000000000000000800000000000000e40000000503000002000000000000000500000000000000ff0f000000000000f1000000000000004d47000000000000f8ffffffffffffff4700000092000000050000000010000001000000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0400000002000000000000000300000000000000020000000000000001000000060000002800000000000000040000000000000001000000000000000000000000000000090000000000000009000000060000000100000000000000070000000000000005000000000000000200000000000000010000000000000062000000000000000100008002000000010000000040000009000000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="0001000004000000000000000100000000000000090000000000000002000000130800005e2700000000000005000000000000000200000000000000240000000000000001000000000000800800000009050000020000000000000007000000000000008100000000000000018000000000000000000000000000008608000000000000000000000000000006000000000000000180ffff", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff0f000091ec0000000000000300000000000000bf0000000000000008000000090000006f7665726c6179000200000000000000000000000000000000000100000000000400000000000000040000007400000003000000000000000100010000000000070000000000000003000000000000000000010000000000ff0f00000000000000000000a80b00000900000000c0000007000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="07000000020000000000000004000000000000000200000000000000000000007f0000000000000000000000000000000000000000000080ffffffff05000000000000000200000008000000040000000000000004000000000000000b00000000000000ff7f00000000000045000000000000000000000001000000f5ffffff04000000be250000001000000a010000", @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="ff7f000002000000000000000500000000000000070000000000000001000000000800002700000000000000040000000000000003100000000000000100000000000000e8000000000000007f0000000100010005000000000000005c010000000000000500000000000000fffffffffeffffff1d030000000000000300000000000000ad5b0000e4e60000ffffffff00c0000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="060000000600000000000000050000000000000000000700000002000000776f726b6469720002000000000000000200000000000000870400000000000007000000000000000600000002000000010000210000000000000000000000000600000000000000040000000000000001000000000000000000000000000000b300000004000000010000000040000000000100", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000012060000000000000000000000000000001d000000000000000200000006000000b700000000000000"], &(0x7f0000009580)={0xa0, 0x0, 0x4, {{0x5, 0x0, 0xfff, 0x1, 0x8, 0x7, {0x2, 0x49, 0x8001, 0x100, 0x4, 0x8, 0xf69, 0x2, 0x4, 0x6000, 0x703, 0x0, 0x0, 0x5, 0x9}}, {0x0, 0x36}}}, &(0x7f0000009640)={0x20, 0xfffffffffffffffe, 0x4, {0x4, 0x0, 0x9, 0x1fff}}, &(0x7f0000009800)={0x130, 0x3d, 0x40, {0x606, 0x5, 0x0, '\x00', {0x4, 0x5, 0x8, 0x9, r9, r11, 0x8000, '\x00', 0x1, 0x3, 0x8000, 0x1, {0x6, 0xab7a}, {0x8, 0xd}, {0x9, 0x3}, {0x0, 0xc018}, 0x7f, 0x0, 0x0, 0xffffaa4e}}}})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r8, 0xc00464c9, &(0x7f0000000400)={r7})
renameat2(r2, &(0x7f0000000480)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x5)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x1, &(0x7f0000000480)={[0x5]}, &(0x7f00000004c0), 0x8)
r1 = syz_open_dev$media(&(0x7f0000000280), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc0287c02, &(0x7f00000000c0)={0x80000000, 0x0, &(0x7f0000000300)=[{}, {{}, {<r2=>0x80000000}}]})
ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f0000000080)={{}, {r2}, 0x2})
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = msgget$private(0x0, 0x80)
msgctl$IPC_STAT(r4, 0x2, &(0x7f0000000000)=""/121)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
readv(r3, &(0x7f00000001c0)=[{&(0x7f0000000540)=""/227, 0xe3}], 0x1)
r5 = socket$kcm(0x2, 0xa, 0x2)
r6 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r7 = syz_open_dev$vim2m(&(0x7f0000000440), 0x9, 0x2)
ioctl$vim2m_VIDIOC_QBUF(r7, 0xc058560f, &(0x7f00000001c0)=@userptr={0x0, 0xae6ce9e832876da9, 0x4, 0x352c34c113f2f238, 0x0, {}, {0x0, 0xc, 0x6, 0x0, 0x0, 0x0, "0ed290c8"}, 0x0, 0x2, {0x0}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x200000c0}, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x0, 0x298, 0x200, 0x200, 0x298, 0x330, 0x330, 0x330, 0x330, 0x330, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x98}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'veth0_virt_wifi\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r8, 0x80047437, &(0x7f0000001f00))
sendmmsg$inet(r8, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001680)=[{0x0}, {&(0x7f00000014c0)="b522f58cec6370a10d37427daf9d9f56e90aedee3c43d823e2b49e7f4940ac1f3c34ec2f13fff4b012f88640c03e0749c61adeb51fc75b2562ec3df7f0d1ab615a1a49df5a3a43c7f8e21de85035c25064745f33da2a835beb159791b0f77933fbe3a9c7bc87d206ce858188a752deb6dd67de97e7fd986c25178289c66bb053663e8a", 0x83}, {0x0}], 0x3}}], 0x1, 0x4004010)
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0xf8}, @val={0x2, 0x3, 0x6, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x8, 0x0, @void}}}}}, 0x2e)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
process_vm_readv(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, &(0x7f0000001dc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
socket$kcm(0x2, 0x3, 0x2) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) (async)
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0xf8}, @val={0x2, 0x3, 0x6, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x8, 0x0, @void}}}}}, 0x2e) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
process_vm_readv(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, &(0x7f0000001dc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)
executing program 32:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0xf8}, @val={0x2, 0x3, 0x6, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x8, 0x0, @void}}}}}, 0x2e)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
process_vm_readv(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, &(0x7f0000001dc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
socket$kcm(0x2, 0x3, 0x2) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) (async)
write$tun(r0, &(0x7f0000000080)={@val={0x8, 0xf8}, @val={0x2, 0x3, 0x6, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x20, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @multicast1}, {0x4e20, 0x4e22, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0x8, 0x0, @void}}}}}, 0x2e) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0xc, 0xb, &(0x7f00000000c0)=ANY=[@ANYBLOB="18040000000000000000000000000000180000002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
process_vm_readv(0xffffffffffffffff, &(0x7f00000018c0)=[{&(0x7f0000000340)=""/160, 0xa0}], 0x1, &(0x7f0000001dc0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001040)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f00800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async)
executing program 2:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0xffff, 0x0, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])
executing program 2:
close(0xffffffffffffffff)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, &(0x7f00000003c0)="440f20c0663503000000440f22c0650f01c33e660f3880a80000baf80c66b89446368366efbafc0c66b8f579000066ef0f01c83601c1f0f614b804008ed80f01df0f1ecf", 0x44}], 0x1, 0x0, &(0x7f0000000480)=[@vmwrite={0x8, 0x0, 0x8, 0x0, 0x2, 0x0, 0x3, 0x0, 0x4}, @cstype3={0x5, 0x2}], 0x2)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000280)={{0x0, 0xea}, 'syz0\x00', 0x52})
ioctl$UI_DEV_CREATE(r0, 0x5501)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x72, 0x0)
ioctl$EVIOCGEFFECTS(r2, 0x80044584, &(0x7f00000027c0)=""/220)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0xa6e059442bb9cbfd}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x68, r4, 0x200, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e20}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0xf, 0x28}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x10}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7ff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x57a9}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000080}, 0x810)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40404}, 0x110)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_PRI(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r6, 0x1, 0x0, 0x400000, {{}, {0x0, 0x410c}, {0x4c, 0x14, {0xfffffff0, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xc5, 0xaa, 0x6d, 0x8, 0xccd, 0x38, 0x9903, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x84, 0xdc, 0x6a}}]}}]}}, 0x0)
r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'bond_slave_0\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=@dellinkprop={0x24, 0x2e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r10, 0x0, 0x10008}, [@IFLA_PROP_LIST={0x4}]}, 0x24}}, 0x0)
close_range(r0, r9, 0x2)
syz_emit_ethernet(0x136, &(0x7f0000000000)={@random="cf702e8cf675", @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x100, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @dev, @dev, [{0x2, 0x1b, "703b744dc5c6a05fed0c0a28a5c04ec93b15911c51d9f1f265deed8eccd95784a601a0b0e6a4c3111b910f0173045fa2141e5b4595c5c99a9e655650a618f1e1b87d92c6bdc8822504781c5a026526818ceac3312187ff298ddd0b51e329a0555c732fabd5572626bc738bf5440cf57f442ac9bd7656e69c22df50f22d2bbe513c01be63f88b0536f418ebe0bf8f7e1c7ec73cf47ec436ed1d6060a46f881e8d701f56440e5259da2369e350ab54d342e18ac1fc323c56eee2eef13fd238914de7816db149570fe8ec5a49f055ba6a24df8c00000000"}]}}}}}}, 0x0)
pipe2$watch_queue(&(0x7f0000000200)={<r11=>0xffffffffffffffff}, 0x80)
read$watch_queue(r11, &(0x7f0000000300)=""/171, 0xab)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r8}, 0x8)
ioctl$EVIOCGKEYCODE_V2(r7, 0x80284504, &(0x7f0000000040)=""/95)
executing program 0:
mkdir(&(0x7f0000000180)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002a80)=ANY=[@ANYBLOB="b702000004000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0x2000, 0x2000, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000500)=""/130, 0x0, 0x0, 0xdf, 0xc4, &(0x7f0000000840)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc6bd5e6effd652c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804ea76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917e4ea15b1a6c7ee605b32b91eaa05000000000000002b1e63e9e52ae43197fd72de1f71801e1f9f1369d1f53002960787827692ead840ffcab9ebe21c7aba23d1413d05344f74572c33b3556eb643a3e93344d7cc6ccd5e912c5a474c51b641c4ad9dbd55c3b7e433f3c32e419c67e14c473427fc441dea9e47e889140bfee5294c4caa59c14722cbe83d90bbf32704263036e0ace2eca28a293ad699fdb5264f90c102f67ee6ac215c81075b95a948577e544e4b6f184ef1fd4a0d56bbd8a8b309073af864cee3d19394153539914e1d1b328362d8a6243070e38784ef8219c6f3698fefb178b945f431f7bffa6fea541b237e2280a41a0a2021a6af6cae5d41afc371a0142e89a9cc664b044bb864f6e367c1671e4c8a6e9762f4b13a202c391f803fc6e7074aa1ddfbb4f3d4b1af579be74248d6821478aa2126fcc47bba6c3be2e2086d8cf6aff73b4ba6c16b9a28b6a65804acf3fc5309d5ec66e7b761c981124af931943dc5376913d153088dd9ed4187a817d7a792aa8319936fe33bbada169c922ac157b3aa0c110b416ca17909e50f413ca988c244192d42adfe3432d8a441c95daf3ad7ac362e823df158897dab1d0a239c234a843c8cbb36d266541b38e67530cfd4e5684a3540dccc6fe8bca7f801", &(0x7f00000005c0)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a926fc09499395b2db5af40bb6f4c526", 0x1, 0x8000, 0x1}, 0x24)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@verity_on}]})
creat(&(0x7f0000000340)='./file0/file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000280), &(0x7f0000000380)=@sha1={0x1, "e4a3186656e05fab9468f405313ac4c83f286a14"}, 0x15, 0x1)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001440)={'\x00', 0x52d35ce30131f272}) (async)
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x149c29da27ce1101) (async)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x304) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, r2, 0xb03}, 0x14}}, 0x0) (async)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000080)={'team0\x00', 0x8})
executing program 0:
r0 = io_uring_setup(0x3c92, &(0x7f0000000100)={0x0, 0x3, 0x0, 0xffffffff})
r1 = semget$private(0x0, 0x6, 0x0)
semtimedop(r1, &(0x7f0000000180)=[{0x0, 0xfff}], 0x1, 0x0)
semtimedop(r1, &(0x7f0000000040)=[{}, {}], 0x2, 0x0)
semctl$IPC_RMID(r1, 0x0, 0x0)
r2 = getpid()
r3 = getpgid(r2)
kcmp(r2, r3, 0x4, 0xffffffffffffffff, 0xffffffffffffffff)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r5, &(0x7f0000000080), &(0x7f00000002c0)=@tcp6=r4}, 0x20)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 0:
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="d8000000180081034e81f783db4cb9040a1d02", 0x13}], 0x1}, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0xfffd, 0x100, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1b}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000001d80)='~', 0x1}], 0x1, &(0x7f0000000300)=[{0x18, 0x84, 0x0, 'b'}], 0x18, 0x2c010000}, 0x41)
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x9000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_uring_setup(0x1697, &(0x7f0000000080)={0x0, 0xfc72, 0x40, 0x2, 0x19b}) (async)
r0 = io_uring_setup(0x1697, &(0x7f0000000080)={0x0, 0xfc72, 0x40, 0x2, 0x19b})
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) (async)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x3}) (async)
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x3})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x2000, 0x3})
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
openat(r2, &(0x7f0000000100)='./file0\x00', 0x0, 0x143)
pause()
socket$xdp(0x2c, 0x3, 0x0) (async)
socket$xdp(0x2c, 0x3, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c40)=ANY=[@ANYBLOB="4c0000001a001100000000000000000002000000000000000000000005001b0006000000080001007f000001"], 0x4c}}, 0x0)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x30, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}]}, 0x30}}, 0x0)
executing program 3:
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="d8000000180081034e81f783db4cb9040a1d02", 0x13}], 0x1}, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0xfffd, 0x100, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1b}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000001d80)='~', 0x1}], 0x1, &(0x7f0000000300)=[{0x18, 0x84, 0x0, 'b'}], 0x18}, 0x41) (fail_nth: 78)
executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f0000002000), 0xd, 0x20041) (async)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) (async)
r1 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0) (async)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0}) (async)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x17, &(0x7f0000000000), 0x4) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000009e842905a6cf878ab18bf420f478a743646e1b4f70ece9c85d8e91db29d50e7e", @ANYRES16=r5, @ANYBLOB="01002cbd7000ffdbdf253900000008000300", @ANYRES32=r3, @ANYBLOB="10005a800c0000800500010011000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async)
r6 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000000), 0x101800, 0x0)
ioctl$CDROM_GET_MCN(r6, 0x5311, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0, 0x2}, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000540)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000500000085000000ba0000005f0000000000000018000000000000000000000000000000950000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x600, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
ioctl$USBDEVFS_REAPURBNDELAY(r0, 0x4004550d, 0x0)
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r2, 0x19, &(0x7f0000000180)={0x0, 0x9, 0x1}, 0x0)
write$binfmt_misc(r2, &(0x7f0000000040), 0xe09)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x2, 0x0, 0xce})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r3, 0x33be, 0xb85, 0x3, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x400, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
r7 = openat$nmem0(0xffffffffffffff9c, &(0x7f0000000000), 0x400080, 0x0)
sendmsg$IPSET_CMD_SWAP(r7, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x6, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r7, 0x0, 0x93, 0x92, &(0x7f0000000480)="1044d1aa0fd7334426ebd1b1d3412accf3c9197e195810d6152fd54f88f5672eaa763b041a783a30b366495e49e335e81d1d30fb7462c195270601fef8b62b24ba883e6ae3eedb4b6b6bb3742476096dd5114bab0ef2e13dbb107821c8a98ca6ec38be4a2196d7769e79f3d8bf329b8fdf5428867ac5a4be228ca314d2a13ddf6c67181d534fdb79ccac6d127abf26f06a0922", &(0x7f0000000540)=""/146, 0x100, 0x0, 0x4b, 0xc9, &(0x7f0000000600)="99ce0bd89e16c439f28a50dbebc0d8f7aa228c4a2aa15f60e07d8c8289a85f0b460a3dc989a4f82e6523f7523a341525fa4f78acef9dfb88c823211351d7dca2cc49aa796983df1d7f269d", &(0x7f0000000680)="3371a8f5d30642dc38bee407b55436b5191d5e0d02b8f56fd32363babebf99e6d872cc9457940ae5589f5954930979341364c8a9e8408a1b3712383456e9003f304692bf9819a396c7e153400c46788772f581e56777c7becd51830be583225b61ed44153c862e142667852377e97b8ee028324e810038342f44e387274a71f315c9c2e801a06b85d788727e51beac37b6bbf766a56ea988efe4e57f93d840e42c3f747b90f2c47a597e4ca0c29d382155c654a705d152e13b9d101f48af968efdda41115e244ef7a2", 0x0, 0x0, 0x40}, 0x50)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
executing program 3:
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0x5, 0x62c7, 0x6, 0xcc6, 0x7})
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="bc0000002b0001000000000000000000aa0000800c000000000000000000000014000100fe8000000000000000000000000000aa50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd712120765fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b94825661f329ebc92a5856555ee923c65973deb0a99b962bc0fe9400005b23a13934e1e6288c90d5fc8fc36823d9944fc0"], 0xbc}], 0x1}, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000180)={0x800, 0x2, {0x0, 0x1, 0x0, 0x2, 0x1}, 0x1c4d})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRES64=r0, @ANYRES32=0x0, @ANYRESOCT=r0], 0x48}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0)
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth1_to_bond\x00', @ifru_map={0x4, 0x9e, 0x80, 0x3f, 0xf, 0x1}})
ioctl$sock_ifreq(r0, 0x891d, &(0x7f0000000280)={'geneve1\x00', @ifru_data=&(0x7f00000000c0)="2939f9c4afe69c690c57a69f0f1bea12e47f8d16d8bc1ab97b8d52f25d01cfbd"})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup(r1, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0)
r3 = openat$cgroup_freezer_state(r2, &(0x7f0000000240), 0x2, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x2710, @local}, 0x10)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
r6 = socket$inet6(0xa, 0x80003, 0xff)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="d8000000190081054e81f782db4cb904021d0800fe007c05e8fe55a1040012000a0014260c600e12100005007f370401a8001000200002400400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x19, &(0x7f0000000000), 0x4)
bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
r8 = openat$cgroup_procs(r1, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000180), 0x12)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r5, 0x28, 0x6, &(0x7f0000000080)={0x0, 0x2710}, 0x10)
write$cgroup_freezer_state(r3, &(0x7f0000000200)='THAWED\x00', 0x7)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
executing program 3:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program crashed: WARNING: refcount bug in netfs_put_subrequest
single: successfully extracted reproducer
found reproducer with 8 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0))
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r0, 0x0, 0x27)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r1, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, 0xffffffffffffffff, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r1, 0x0, 0x27)
io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r0, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(0x0, 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(0x0, &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), 0x0, &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', 0x0, 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(0x0)
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r1, 0x0, 0x27)
io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r0, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r1, 0x0, 0x27)
io_submit(r0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r1, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[0x0])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, 0x0, 0x0, 0xff010000}])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0), 0x0, 0xff010000}])

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
program crashed: KASAN: slab-use-after-free Write in io_submit_one
a never seen crash title: KASAN: slab-use-after-free Write in io_submit_one, ignore
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program crashed: KASAN: slab-use-after-free Write in io_submit_one
a never seen crash title: KASAN: slab-use-after-free Write in io_submit_one, ignore
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mkdir-mount$9p_virtio-chdir-io_setup-openat-openat-write$FUSE_NOTIFY_INVAL_ENTRY-io_submit
detailed listing:
executing program 0:
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
mount$9p_virtio(&(0x7f0000000100), &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0), 0x814004, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x101042, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x401, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r2, 0x0, 0x27)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000300)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0xeffd, r1, &(0x7f00000001c0)="ba", 0x1, 0xff010000}])

program crashed: KASAN: slab-use-after-free Write in io_submit_one
a never seen crash title: KASAN: slab-use-after-free Write in io_submit_one, ignore
reproducing took 46m31.414181707s
repro crashed as (corrupted=false):
netfs: Couldn't get user pages (rc=-14)
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 3 PID: 6306 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 3 UID: 0 PID: 6306 Comm: syz.2.100 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 78 71 f5 fc 84 db 0f 85 66 ff ff ff e8 cb 76 f5 fc c6 05 e5 68 86 0b 01 90 48 c7 c7 00 fb d2 8b e8 97 b2 b5 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 a8 76 f5 fc 0f b6 1d c0 68 86 0b 31
RSP: 0018:ffffc900030d7750 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a1159
RDX: ffff88805135c880 RSI: ffffffff817a1166 RDI: 0000000000000001
RBP: ffff88802d916fa0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000005
R13: 000000000000006f R14: 0000000000000001 R15: ffff88802d916fa0
FS:  00007fee79bce6c0(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fee79bad000 CR3: 00000000233ec000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __refcount_sub_and_test include/linux/refcount.h:275 [inline]
 __refcount_dec_and_test include/linux/refcount.h:307 [inline]
 netfs_put_subrequest+0x2c1/0x4d0 fs/netfs/objects.c:230
 netfs_collect_read_results fs/netfs/read_collect.c:300 [inline]
 netfs_read_collection+0x25af/0x3cb0 fs/netfs/read_collect.c:417
 netfs_wait_for_pause+0x31c/0x3e0 fs/netfs/read_collect.c:689
 netfs_dispatch_unbuffered_reads fs/netfs/direct_read.c:106 [inline]
 netfs_unbuffered_read fs/netfs/direct_read.c:144 [inline]
 netfs_unbuffered_read_iter_locked+0xb50/0x1610 fs/netfs/direct_read.c:229
 netfs_unbuffered_read_iter+0xc5/0x100 fs/netfs/direct_read.c:264
 v9fs_file_read_iter+0xbf/0x100 fs/9p/vfs_file.c:361
 aio_read+0x313/0x4e0 fs/aio.c:1602
 __io_submit_one fs/aio.c:2003 [inline]
 io_submit_one+0x1580/0x1da0 fs/aio.c:2052
 __do_sys_io_submit fs/aio.c:2111 [inline]
 __se_sys_io_submit fs/aio.c:2081 [inline]
 __x64_sys_io_submit+0x1b2/0x340 fs/aio.c:2081
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fee78d8cde9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fee79bce038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00007fee78fa5fa0 RCX: 00007fee78d8cde9
RDX: 00004000000002c0 RSI: 0000000000000001 RDI: 00007fee79bad000
RBP: 00007fee78e0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fee78fa5fa0 R15: 00007ffe1e525b98
 </TASK>

final repro crashed as (corrupted=false):
netfs: Couldn't get user pages (rc=-14)
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 3 PID: 6306 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Modules linked in:
CPU: 3 UID: 0 PID: 6306 Comm: syz.2.100 Not tainted 6.14.0-rc1-syzkaller-00276-g69b54314c975 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:refcount_warn_saturate+0x14a/0x210 lib/refcount.c:28
Code: ff 89 de e8 78 71 f5 fc 84 db 0f 85 66 ff ff ff e8 cb 76 f5 fc c6 05 e5 68 86 0b 01 90 48 c7 c7 00 fb d2 8b e8 97 b2 b5 fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 a8 76 f5 fc 0f b6 1d c0 68 86 0b 31
RSP: 0018:ffffc900030d7750 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817a1159
RDX: ffff88805135c880 RSI: ffffffff817a1166 RDI: 0000000000000001
RBP: ffff88802d916fa0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000005
R13: 000000000000006f R14: 0000000000000001 R15: ffff88802d916fa0
FS:  00007fee79bce6c0(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fee79bad000 CR3: 00000000233ec000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __refcount_sub_and_test include/linux/refcount.h:275 [inline]
 __refcount_dec_and_test include/linux/refcount.h:307 [inline]
 netfs_put_subrequest+0x2c1/0x4d0 fs/netfs/objects.c:230
 netfs_collect_read_results fs/netfs/read_collect.c:300 [inline]
 netfs_read_collection+0x25af/0x3cb0 fs/netfs/read_collect.c:417
 netfs_wait_for_pause+0x31c/0x3e0 fs/netfs/read_collect.c:689
 netfs_dispatch_unbuffered_reads fs/netfs/direct_read.c:106 [inline]
 netfs_unbuffered_read fs/netfs/direct_read.c:144 [inline]
 netfs_unbuffered_read_iter_locked+0xb50/0x1610 fs/netfs/direct_read.c:229
 netfs_unbuffered_read_iter+0xc5/0x100 fs/netfs/direct_read.c:264
 v9fs_file_read_iter+0xbf/0x100 fs/9p/vfs_file.c:361
 aio_read+0x313/0x4e0 fs/aio.c:1602
 __io_submit_one fs/aio.c:2003 [inline]
 io_submit_one+0x1580/0x1da0 fs/aio.c:2052
 __do_sys_io_submit fs/aio.c:2111 [inline]
 __se_sys_io_submit fs/aio.c:2081 [inline]
 __x64_sys_io_submit+0x1b2/0x340 fs/aio.c:2081
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fee78d8cde9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fee79bce038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00007fee78fa5fa0 RCX: 00007fee78d8cde9
RDX: 00004000000002c0 RSI: 0000000000000001 RDI: 00007fee79bad000
RBP: 00007fee78e0e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fee78fa5fa0 R15: 00007ffe1e525b98
 </TASK>