Extracting prog: 16m39.602581984s
Minimizing prog: 1h27m48.802987281s
Simplifying prog options: 0s
Extracting C: 1m19.393908533s
Simplifying C: 26m6.599331983s


26 programs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 26 programs
single: executing 5 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$alg-bind$alg-ioctl$sock_SIOCGIFINDEX-socket$inet6_sctp-socket$inet6_mptcp-socket$nl_xfrm-sched_setaffinity-syz_open_dev$MSR-read$msr-prctl$PR_SCHED_CORE-socket$alg-bind$alg-accept4-openat$nullb-syz_open_dev$vim2m-landlock_create_ruleset-syz_io_uring_submit-setsockopt$ALG_SET_KEY-socket$inet6_udplite-epoll_create1-epoll_wait-mmap-epoll_ctl$EPOLL_CTL_ADD-recvmmsg-openat$ptp0-ioctl$PTP_EXTTS_REQUEST2-memfd_create-ioctl$sock_inet6_SIOCSIFADDR-ioctl$sock_inet6_SIOCADDRT
detailed listing:
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', <r1=>0x0})
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
accept4(r3, 0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000300), 0x0, 0x2)
landlock_create_ruleset(&(0x7f0000000440)={0x2}, 0x10, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/14, 0xe)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = epoll_create1(0x0)
epoll_wait(r7, &(0x7f0000000180)=[{}, {}, {}, {}], 0x16, 0x7ff6)
mmap(&(0x7f000000b000/0x3000)=nil, 0x3000, 0x0, 0x11, r6, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000040)={0x7})
recvmmsg(r2, 0x0, 0x0, 0x40002041, 0x0)
r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r8, 0x40043d14, &(0x7f0000000000))
memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x6)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000100)={@local, 0x0, r1})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, r1})

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_BTF_LOAD-syz_emit_ethernet-io_uring_setup-pipe2$watch_queue-bpf$PROG_LOAD-bpf$ENABLE_STATS-socketpair$unix-close-bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$PROG_LOAD-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-recvmsg$unix-io_uring_register$IORING_REGISTER_BUFFERS-syz_init_net_socket$nl_rdma-sendmsg$netlink-syz_io_uring_setup-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_FRAME-io_uring_setup-syz_open_dev$dri-sendmsg$NL80211_CMD_TDLS_OPER-ioctl$DRM_IOCTL_GET_MAGIC-close_range-syz_genetlink_get_family_id$ipvs-sendmsg$IPVS_CMD_NEW_DEST-io_uring_register$IORING_UNREGISTER_IOWQ_AFF
detailed listing:
executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000700000030000000020000821300000000000006040b00ba4700000000000000010000000000000000000002000000040000000000"], 0x0, 0x4a}, 0x20)
syz_emit_ethernet(0x6e, &(0x7f0000000200)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @time_exceed={0xd, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00', 0x0, 0x6c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback={0x0, 0xffffac1414aa}, [], "a5f7c70c777fc9b9"}}}}}}}, 0x0)
r0 = io_uring_setup(0x29e6, &(0x7f0000000480)={0x0, 0x0, 0x2})
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90000007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000850000008b000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000280)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000140)=""/57, 0x39}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f0000000300)=""/137, 0x89}, {&(0x7f0000001500)=""/210, 0xd2}, {&(0x7f0000001600)=""/211, 0xd3}, {&(0x7f00000001c0)=""/9, 0x9}], 0x7)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x14, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0)
syz_io_uring_setup(0x4919, &(0x7f0000000080)={0x0, 0x8720, 0x2001, 0x0, 0x1d7, 0x0, r0}, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001440)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="5a00330080000000ffffffffffff080211000000505050505050000000000000000000006400024001010c040603000000000025030000002a01003c0400000000710700000000000000"], 0x78}}, 0x0)
r10 = io_uring_setup(0x1cb2, &(0x7f0000000300))
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000001740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001700)={&(0x7f0000000400)={0x7c, r8, 0x0, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x7c}}, 0x1)
ioctl$DRM_IOCTL_GET_MAGIC(r11, 0x80046402, 0x0)
close_range(r10, 0xffffffffffffffff, 0x0)
r12 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r7, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8020000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c010091", @ANYRES16=r12, @ANYBLOB="100028bd7000fcdbdf2505000000740001800c00070002000000020000000800090013000000140003000a010101000000000000000000000000060002001d000000060001000a00000014000300e0000002000000000000000000000000060001000a000000080009006c00000014000300ffffffff00000000000000000000000030000180070006006c63000008000500040000000800060077727200140003000000000000000000000000000000000114000280060002004e210000060002004e2400002c000180060004004e230000060004004e210000060004004e210000060004004e210000060004004e230000540001800800050002000000060001000a00000008000b0073697000060002000c000000060001000a0000000600010002000000090006006e6f6e650000000007000600727200000c0007000800000002000000"], 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0xc0)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r0, 0x12, 0x0, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv-syz_open_procfs-read$FUSE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$nl_route-socket$inet6_udp-ioctl$TIOCSETD-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')
read$FUSE(r5, &(0x7f0000002100)={0x2020}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x8)
syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "e90e5b", 0x10, 0x11, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, {[], {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL-sendmsg$nl_xfrm-prlimit64-sched_setscheduler-getsockopt$inet6_int-bpf$PROG_LOAD-sched_setaffinity-syz_open_dev$MSR-read$msr-prctl$PR_SCHED_CORE-sendmsg$nl_route-socket$inet_tcp-bind$inet-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_GET-setsockopt$SO_TIMESTAMPING-setsockopt$inet_tcp_int-setsockopt$inet_tcp_TCP_REPAIR_QUEUE-connect$inet-setsockopt$inet_tcp_TCP_REPAIR_OPTIONS-write$binfmt_elf64-sendmsg$BATADV_CMD_GET_MESH-setsockopt$inet_tcp_TCP_REPAIR-sendto$inet-ppoll-socket$inet_tcp-socket$nl_generic
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'erspan0\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}}}})
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc0000000000000000000000000000000000000000000000000000000000008107e0b6d0", @ANYRES32=0x0, @ANYRES32=0x0], 0x120}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0xffffffffffffffff, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x30, 0x1, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x6}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x2}]}, @CTA_STATUS={0x8}]}, 0x30}}, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x200, 0x4)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x8)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x40)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x24}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
ppoll(&(0x7f0000000080)=[{r2}], 0x1, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$tun-openat$tun-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-creat-close-syz_open_dev$tty20-socket$inet_dccp-shutdown-mount$9p_fd-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-semget$private-ioctl$TUNSETIFF-ioctl$TUNSETPERSIST-close-ioctl$TUNSETNOCSUM-socket$nl_route-socket$inet6_icmp_raw-openat$rdma_cm-ioctl$sock_SIOCGIFINDEX-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socket$inet_udp-close_range-sendmsg$IPSET_CMD_CREATE-ioctl$TUNGETVNETLE-openat$binderfs-openat$binderfs-openat$binder_debug-lseek
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x48, 0x0, 0x0, 0x9}, {0x6, 0x0, 0x0, 0x7ffffffb}]})
r2 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
close(r2)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
shutdown(r3, 0x1)
mount$9p_fd(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000200), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x14}, {0x84}, {0x6, 0x0, 0x0, 0x7ffffd3e}]})
semget$private(0x0, 0x1, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1)
close(r1)
ioctl$TUNSETNOCSUM(r0, 0x400454ca, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]})
socket$inet_udp(0x2, 0x2, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x13, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}}, 0x0)
ioctl$TUNGETVNETLE(r1, 0x800454dd, &(0x7f0000000080))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 26 programs with base timeout 15s
testing program (duration=21s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 27, 29, 30, 18, 26, 28, 28, 28, 30, 30, 26, 30, 28, 27, 30, 3, 26, 1, 28, 28, 27, 28, 23, 30, 29]
detailed listing:
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
recvfrom(r1, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_GET_REPORT_REPLY(r4, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4)
sendmsg$AUDIT_ADD_RULE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000002c0)={0x450, 0x3f3, 0x4, 0x70bd2c, 0x25dfdbfb, {0x6, 0x1, 0x0, [0x200, 0x1, 0x1, 0x8, 0xe, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x0, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x0, 0x4, 0x0, 0x7e0, 0x10000, 0x0, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x1, 0x9, 0x7, 0x2, 0x5, 0xc, 0x0, 0x0, 0x0, 0x6, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x5, 0x0, 0x8, 0x1, 0x2, 0x2, 0x4, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0x0, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x0, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x0, 0x0, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x0, 0x300000, 0x200, 0x7, 0x2, 0xfffe, 0x0, 0x0, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0xfffffff7, 0x0, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0x0, 0x1, 0x9, 0x7, 0x3, 0xb, 0x1b9, 0x3, 0x2, 0x7f, 0x8, 0x6, 0x1, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x400, 0x7, 0xcc, 0x0, 0x1, 0x0, 0x8, 0x1, 0x3e6f9426, 0x6, 0x1, 0x409, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x3ff, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0xe2e, 0x63b, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x7, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x2e, ['!}\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x450}, 0x1, 0x0, 0x0, 0x40150}, 0x4000041)
sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0)
syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="02c90012000e00050018010a0000dd3c0d022a705f9e93"], 0x17)
r5 = dup(0xffffffffffffffff)
ioctl$VIDIOC_QUERYBUF_DMABUF(r5, 0xc0585609, 0x0)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc9}}, 0x4)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300c713d530e3ffcec67cb7f06b90", @ANYRES32=r8, @ANYBLOB="080026008f0900000800b700000000000400b800"], 0x30}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
executing program 2:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x3c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000280)={0xfff, 0xa7b4}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000240)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
fcntl$getown(0xffffffffffffffff, 0x9)
connect(0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000400)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x10, "1728b4c92c6c109e20e4a71ddc9372308a873990a2387b0537d1fa94639f7e647979ab5d8382ad9f760a6bdcc3e0eb473418ed02ed0521941662355a3c067367", "6a67f10d1a56fe87371877df32502ab7bba2ffc30103ec7476de2c5887a2c00d", [0x9, 0x2]})
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x80801)
syz_io_uring_submit(r7, 0x0, 0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r8, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', <r1=>0x0})
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
accept4(r3, 0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000300), 0x0, 0x2)
landlock_create_ruleset(&(0x7f0000000440)={0x2}, 0x10, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/14, 0xe)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = epoll_create1(0x0)
epoll_wait(r7, &(0x7f0000000180)=[{}, {}, {}, {}], 0x16, 0x7ff6)
mmap(&(0x7f000000b000/0x3000)=nil, 0x3000, 0x0, 0x11, r6, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000040)={0x7})
recvmmsg(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x40002041, 0x0)
r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r8, 0x40043d14, &(0x7f0000000000))
memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x6)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000100)={@local, 0x0, r1})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, r1})
executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000700000030000000020000821300000000000006040b00ba4700000000000000010000000000000000000002000000040000000000"], 0x0, 0x4a}, 0x20)
syz_emit_ethernet(0x6e, &(0x7f0000000200)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @time_exceed={0xd, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00', 0x0, 0x6c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback={0x0, 0xffffac1414aa}, [], "a5f7c70c777fc9b9"}}}}}}}, 0x0)
r0 = io_uring_setup(0x29e6, &(0x7f0000000480)={0x0, 0x0, 0x2})
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90000007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000850000008b000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000280)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000140)=""/57, 0x39}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f0000000300)=""/137, 0x89}, {&(0x7f0000001500)=""/210, 0xd2}, {&(0x7f0000001600)=""/211, 0xd3}, {&(0x7f00000001c0)=""/9, 0x9}], 0x7)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x14, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0)
syz_io_uring_setup(0x4919, &(0x7f0000000080)={0x0, 0x8720, 0x2001, 0x0, 0x1d7, 0x0, r0}, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001440)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="5a00330080000000ffffffffffff080211000000505050505050000000000000000000006400024001010c040603000000000025030000002a01003c0400000000710700000000000000"], 0x78}}, 0x0)
r10 = io_uring_setup(0x1cb2, &(0x7f0000000300))
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000001740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001700)={&(0x7f0000000400)={0x7c, r8, 0x0, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x7c}}, 0x1)
ioctl$DRM_IOCTL_GET_MAGIC(r11, 0x80046402, 0x0)
close_range(r10, 0xffffffffffffffff, 0x0)
r12 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r7, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8020000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c010091", @ANYRES16=r12, @ANYBLOB="100028bd7000fcdbdf2505000000740001800c00070002000000020000000800090013000000140003000a010101000000000000000000000000060002001d000000060001000a00000014000300e0000002000000000000000000000000060001000a000000080009006c00000014000300ffffffff00000000000000000000000030000180070006006c63000008000500040000000800060077727200140003000000000000000000000000000000000114000280060002004e210000060002004e2400002c000180060004004e230000060004004e210000060004004e210000060004004e210000060004004e230000540001800800050002000000060001000a00000008000b0073697000060002000c000000060001000a0000000600010002000000090006006e6f6e650000000007000600727200000c0007000800000002000000"], 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0xc0)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r0, 0x12, 0x0, 0x0)
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd63a34e786cbc325, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4})
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r2, 0xc01c64a3, &(0x7f0000000040)={0x3, r4, 0x0, 0x0, 0xb, 0x1fd, 0x1})
executing program 4:
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)=0x40000000010001)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x8)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
connect$inet6(r0, &(0x7f0000001340)={0xa, 0x4e21, 0x10000, @local}, 0x1c)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_emit_vhci(0x0, 0x22)
getrandom(0x0, 0x0, 0x0)
syz_emit_ethernet(0x2a, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/igmp\x00')
prlimit64(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e)
connect$pptp(r2, 0x0, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080), 0x6)
setuid(0xee00)
write(r4, &(0x7f0000000000)="01dd3b74", 0x9)
readv(r3, &(0x7f0000000680), 0x0)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f00000001c0)={0x7, 0x8, 0x9, 0x3, 0x5, 0x3})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x48, 0x0, 0x0, 0x9}, {0x6, 0x0, 0x0, 0x7ffffffb}]})
r2 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
close(r2)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
shutdown(r3, 0x1)
mount$9p_fd(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000200), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x14}, {0x84}, {0x6, 0x0, 0x0, 0x7ffffd3e}]})
semget$private(0x0, 0x1, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1)
close(r1)
ioctl$TUNSETNOCSUM(r0, 0x400454ca, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]})
socket$inet_udp(0x2, 0x2, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x13, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}}, 0x0)
ioctl$TUNGETVNETLE(r1, 0x800454dd, &(0x7f0000000080))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x20}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r6, 0x5609, &(0x7f0000000000))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0)
r7 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x108)
r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r8, 0xc008551b, &(0x7f0000000040)=ANY=[@ANYBLOB="a65b000010000000a7a0000000000000010400002c83"])
ioctl$TCFLSH(r1, 0x8910, 0x20001114)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x2, 0x6, 0x801}, 0x14}}, 0x0)
executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'erspan0\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}}}})
sendmsg$nl_xfrm(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0xffffffffffffffff, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x28, 0x1, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x6}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x2}]}]}, 0x28}}, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x200, 0x4)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x8)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0x40)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x24}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
ppoll(&(0x7f0000000080)=[{r2}], 0x1, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 1:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000300)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
r3 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
r5 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r5, &(0x7f0000000000)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14)
preadv(r4, &(0x7f0000000000)=[{&(0x7f0000000480)=""/187, 0xbb}], 0x1, 0x4c, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='tlb_flush\x00', r0}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
setreuid(0x0, 0xee00)
keyctl$invalidate(0x15, 0x0)
r8 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000040))
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r8, 0x80489439, &(0x7f0000000240))
syz_emit_ethernet(0xc2, &(0x7f0000000240)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x26, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @local, {[@noop, @generic={0x0, 0xd, "ee0dd9de36ed4bcc5b4e23"}, @timestamp_prespec={0x44, 0xc, 0x0, 0x3, 0x0, [{@private}]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@private}, {}, {@local}, {@loopback}, {@private}, {@broadcast}, {@broadcast}]}, @timestamp={0x44, 0x14, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0)
r9 = gettid()
process_vm_writev(r9, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
socket$packet(0x11, 0x3, 0x300)
r10 = fsopen(&(0x7f0000000000)='tmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
fsmount(r10, 0x0, 0x0)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket(0x10, 0x3, 0x0)
sendto$inet6(r2, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
recvfrom(r1, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_GET_REPORT_REPLY(r4, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4)
sendmsg$AUDIT_ADD_RULE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000002c0)={0x450, 0x3f3, 0x4, 0x70bd2c, 0x25dfdbfb, {0x6, 0x1, 0x0, [0x200, 0x1, 0x1, 0x8, 0xe, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x0, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x0, 0x4, 0x0, 0x7e0, 0x10000, 0x0, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x1, 0x9, 0x7, 0x2, 0x5, 0xc, 0x0, 0x0, 0x0, 0x6, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x5, 0x0, 0x8, 0x1, 0x2, 0x2, 0x4, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0x0, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x0, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x0, 0x0, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x0, 0x300000, 0x200, 0x7, 0x2, 0xfffe, 0x0, 0x0, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0x0, 0x2, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0x0, 0x1, 0x9, 0x7, 0x3, 0xb, 0x1b9, 0x3, 0x2, 0x7f, 0x8, 0x6, 0x1, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x400, 0x7, 0xcc, 0x0, 0x1, 0x0, 0x8, 0x1, 0x3e6f9426, 0x6, 0x1, 0x409, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x3ff, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0xe2e, 0x63b, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x7, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x2e, ['!}\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x450}, 0x1, 0x0, 0x0, 0x40150}, 0x4000041)
sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0)
syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="02c90012000e00050018010a0000dd3c0d022a705f9e93"], 0x17)
r5 = dup(0xffffffffffffffff)
ioctl$VIDIOC_QUERYBUF_DMABUF(r5, 0xc0585609, 0x0)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc9}}, 0x4)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000006600000008000300c713d530e3ffcec67cb7f06b90", @ANYRES32=r8, @ANYBLOB="080026008f0900000800b700000000000400b800"], 0x30}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket(0x10, 0x3, 0x0)
recvfrom(r1, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
write$UHID_GET_REPORT_REPLY(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000200), &(0x7f0000000940)=0x4)
sendmsg$AUDIT_ADD_RULE(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000002c0)={0x450, 0x3f3, 0x4, 0x70bd2c, 0x0, {0x0, 0x1, 0x0, [0x0, 0x1, 0x1, 0x8, 0xe, 0x1, 0x1, 0x7d0d, 0x3, 0x5, 0x7, 0x0, 0x3, 0xb, 0x7, 0x3, 0x0, 0x8, 0x0, 0x4, 0x0, 0x7e0, 0x10000, 0x0, 0x800, 0x7fffffff, 0xcac, 0x0, 0x8, 0x1038, 0x1ff, 0xfffffffc, 0x6, 0xdfa0, 0x0, 0x0, 0x7, 0x2, 0x5, 0xc, 0x0, 0x0, 0x0, 0x0, 0xc, 0x62, 0x9f2, 0x10, 0x0, 0x5, 0xe, 0x5, 0x0, 0x8, 0x1, 0x2, 0x2, 0x0, 0x8144, 0x9, 0x339, 0x0, 0x0, 0x5], [0x7, 0x5, 0x1, 0x0, 0xde2, 0x7, 0x0, 0x6, 0x3, 0x7, 0x8f, 0xfffffff6, 0x9b8, 0x4, 0x53, 0x2, 0x9, 0x2, 0x80000001, 0x4b4, 0xbdad, 0x200, 0x0, 0x0, 0x0, 0x8000, 0xace4, 0xd594, 0x8, 0x5, 0x0, 0x0, 0x7fff, 0x7, 0x4, 0x2, 0x7, 0x9, 0x6, 0x0, 0x4, 0x7fff, 0x0, 0x7, 0x5, 0x2, 0x6, 0x0, 0x0, 0x787, 0x3, 0x3, 0xfff, 0x5, 0x0, 0x300000, 0x200, 0x7, 0x2, 0xfffe, 0x0, 0x0, 0x9, 0xed9], [0x9, 0xfffffeff, 0x3, 0x1, 0x0, 0x4, 0xfffffff7, 0x2, 0x5, 0x0, 0xfffffffa, 0x401, 0x0, 0xd32, 0x0, 0x1, 0x9, 0x7, 0x3, 0xb, 0x1b9, 0x3, 0x2, 0x7f, 0x8, 0x6, 0x1, 0x3, 0x1, 0x2c8, 0x4, 0x15fd, 0x5, 0x8, 0x4c7, 0x5, 0xb1, 0x3, 0xca, 0x0, 0x7, 0xcc, 0x0, 0x1, 0x0, 0x8, 0x1, 0x3e6f9426, 0x6, 0x1, 0x409, 0x954d, 0x9a, 0x401, 0xffffff1a, 0x5, 0x5, 0xe134, 0x5, 0x96fe, 0x101, 0x77, 0x6, 0x3ca], [0xa, 0x8, 0xff1, 0x7fff, 0x2, 0x2, 0x6, 0x4, 0x2, 0x7fffffff, 0x3ff, 0x40, 0x30b4, 0x7, 0x1, 0x1, 0xfffffffd, 0xf, 0xe2e, 0x63b, 0x6f, 0xd1d, 0x9, 0x5, 0x1, 0x0, 0x7, 0x0, 0x4, 0x3, 0xfffffff9, 0x1, 0x9, 0x4, 0x5117, 0x1, 0x5e74810d, 0x1000, 0xffffff01, 0x5, 0x9, 0x101, 0xffffff80, 0x200, 0x0, 0x6, 0x5, 0x9, 0x9, 0x50, 0x1, 0x5, 0x4, 0x0, 0x5, 0x1, 0x9, 0xf6, 0xfffffffc, 0xdc, 0x0, 0x80, 0xfffffffa, 0x5], 0x2e, ['!}\x00', '/dev/uhid\x00', '@],:\x00', '-{/\x00', '[*\\[\x00', '/dev/uhid\x00', '$]}%*[]\x00', '\x00']}, ["", "", "", ""]}, 0x450}, 0x1, 0x0, 0x0, 0x40150}, 0x4000041)
sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0)
syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="02c90012000e00050018010a0000dd3c0d022a705f9e93"], 0x17)
r4 = dup(0xffffffffffffffff)
ioctl$VIDIOC_QUERYBUF_DMABUF(r4, 0xc0585609, 0x0)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000001380), 0xc, &(0x7f0000001480)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r2)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc9}}, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000280)={'wlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
executing program 3:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000098000000060a010400000000000000000100000008000b40000000000900010073797a30000000002c00048028000180080001006e6174001c00028008000540006219090800014000000000080002"], 0x120}}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
shmget$private(0x0, 0x1000, 0x100, &(0x7f000016f000/0x1000)=nil)
r1 = gettid()
process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)=""/246, 0xf6}], 0x1, &(0x7f0000000180)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0)
move_pages(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000323000/0x2000)=nil], &(0x7f0000000200)=[0x1], &(0x7f0000001500), 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000280)={0x28, 0x0, 0x0, @local}, 0x10)
getsockopt(r2, 0x1, 0x4, 0x0, &(0x7f00000000c0))
r3 = memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x3)
ptrace$ARCH_SHSTK_DISABLE(0x1e, r1, 0x1, 0x5002)
close_range(r3, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r6)
sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="3c020000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000005000000e00005800c00028008000100000000000c00028000000100000000004c00028008000100000000000800010000000000080003000000000008000200000000000000020000000000080004000000000000000400000000000800040000000000080001"], 0x23c}}, 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000740), r6)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r6)
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'erspan0\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}}}})
sendmsg$nl_xfrm(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0xffffffffffffffff, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x28, 0x1, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x6}, @CTA_FILTER={0x4}, @CTA_STATUS={0x8}]}, 0x28}}, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x200, 0x4)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x8)
write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0x40)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x24}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
ppoll(&(0x7f0000000080)=[{r2}], 0x1, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 1:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x3c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000280)={0xfff, 0xa7b4}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000240)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
fcntl$getown(0xffffffffffffffff, 0x9)
connect(0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000400)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x10, "1728b4c92c6c109e20e4a71ddc9372308a873990a2387b0537d1fa94639f7e647979ab5d8382ad9f760a6bdcc3e0eb473418ed02ed0521941662355a3c067367", "6a67f10d1a56fe87371877df32502ab7bba2ffc30103ec7476de2c5887a2c00d", [0x9, 0x2]})
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x80801)
syz_io_uring_submit(r7, 0x0, 0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r8, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000700000030000000020000821300000000000006040b00ba4700000000000000010000000000000000000002000000040000000000"], 0x0, 0x4a}, 0x20)
syz_emit_ethernet(0x6e, &(0x7f0000000200)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @time_exceed={0xd, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00', 0x0, 0x6c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback={0x0, 0xffffac1414aa}, [], "a5f7c70c777fc9b9"}}}}}}}, 0x0)
r0 = io_uring_setup(0x29e6, &(0x7f0000000480)={0x0, 0x0, 0x2})
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90000007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000850000008b000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000280)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000140)=""/57, 0x39}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f0000000300)=""/137, 0x89}, {&(0x7f0000001500)=""/210, 0xd2}, {&(0x7f0000001600)=""/211, 0xd3}, {&(0x7f00000001c0)=""/9, 0x9}], 0x7)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x14, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0)
syz_io_uring_setup(0x4919, &(0x7f0000000080)={0x0, 0x8720, 0x2001, 0x0, 0x1d7, 0x0, r0}, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001440)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="5a00330080000000ffffffffffff080211000000505050505050000000000000000000006400024001010c040603000000000025030000002a01003c0400000000710700000000000000"], 0x78}}, 0x0)
r10 = io_uring_setup(0x1cb2, &(0x7f0000000300))
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000001740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001700)={&(0x7f0000000400)={0x7c, r8, 0x0, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x7c}}, 0x1)
ioctl$DRM_IOCTL_GET_MAGIC(r11, 0x80046402, 0x0)
close_range(r10, 0xffffffffffffffff, 0x0)
r12 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r7, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8020000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c010091", @ANYRES16=r12, @ANYBLOB="100028bd7000fcdbdf2505000000740001800c00070002000000020000000800090013000000140003000a010101000000000000000000000000060002001d000000060001000a00000014000300e0000002000000000000000000000000060001000a000000080009006c00000014000300ffffffff00000000000000000000000030000180070006006c63000008000500040000000800060077727200140003000000000000000000000000000000000114000280060002004e210000060002004e2400002c000180060004004e230000060004004e210000060004004e210000060004004e210000060004004e230000540001800800050002000000060001000a00000008000b0073697000060002000c000000060001000a0000000600010002000000090006006e6f6e650000000007000600727200000c0007000800000002000000"], 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0xc0)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r0, 0x12, 0x0, 0x0)
executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000280))
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x2b0, 0x138, 0x0, 0x148, 0x0, 0x148, 0x218, 0x240, 0x240, 0x218, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ip6erspan0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310)
executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)=0x40000000010001)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x8)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
connect$inet6(r0, &(0x7f0000001340)={0xa, 0x4e21, 0x10000, @local}, 0x1c)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_emit_vhci(0x0, 0x22)
getrandom(0x0, 0x0, 0x0)
syz_emit_ethernet(0x2a, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/igmp\x00')
prlimit64(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
r3 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(0xffffffffffffffff, 0x0, 0x0)
connect$pptp(r3, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000015c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000040)=0x1)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000080), 0x6)
setuid(0xee00)
write(r5, &(0x7f0000000000)="01dd3b74", 0x9)
readv(r4, &(0x7f0000000680), 0x0)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f00000001c0)={0x7, 0x8, 0x9, 0x3, 0x5, 0x3})
close_range(r2, 0xffffffffffffffff, 0x0)
executing program 0:
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x54, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x54}}, 0x0)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x48, 0x0, 0x0, 0x9}, {0x6, 0x0, 0x0, 0x7ffffffb}]})
r2 = creat(&(0x7f00000001c0)='./bus\x00', 0x0)
close(r2)
syz_open_dev$tty20(0xc, 0x4, 0x1)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
shutdown(r3, 0x1)
mount$9p_fd(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000200), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{0x14}, {0x84}, {0x6, 0x0, 0x0, 0x7ffffd3e}]})
semget$private(0x0, 0x1, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x1)
close(r1)
ioctl$TUNSETNOCSUM(r0, 0x400454ca, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]})
socket$inet_udp(0x2, 0x2, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x13, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}}, 0x0)
ioctl$TUNGETVNETLE(r1, 0x800454dd, &(0x7f0000000080))
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
lseek(r6, 0x851, 0x0)
executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x20}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r6, 0x5609, &(0x7f0000000000))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0)
r7 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x108)
r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r8, 0xc008551b, &(0x7f0000000040)=ANY=[@ANYBLOB="a65b000010000000a7a0000000000000010400002c83"])
ioctl$TCFLSH(r1, 0x8910, 0x20001114)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x2, 0x6, 0x801}, 0x14}}, 0x0)
executing program 4:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x3c}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000280)={0xfff, 0xa7b4}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000240)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
fcntl$getown(0xffffffffffffffff, 0x9)
connect(0xffffffffffffffff, 0x0, 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, &(0x7f0000000400)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x0, 0x10, "1728b4c92c6c109e20e4a71ddc9372308a873990a2387b0537d1fa94639f7e647979ab5d8382ad9f760a6bdcc3e0eb473418ed02ed0521941662355a3c067367", "6a67f10d1a56fe87371877df32502ab7bba2ffc30103ec7476de2c5887a2c00d", [0x9, 0x2]})
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r8 = userfaultfd(0x80801)
syz_io_uring_submit(r7, 0x0, 0x0)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r8, 0xc020aa07, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000100)={'erspan0\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev}}}})
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc0000000000000000000000000000000000000000000000000000000000008107e0b6d0", @ANYRES32=0x0, @ANYRES32=0x0], 0x120}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0xffffffffffffffff, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x30, 0x1, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x6}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x2}]}, @CTA_STATUS={0x8}]}, 0x30}}, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000000)=0x200, 0x4)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss, @window, @timestamp, @sack_perm, @timestamp, @timestamp, @sack_perm], 0x8)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x40)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x24}}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r2, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
ppoll(&(0x7f0000000080)=[{r2}], 0x1, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')
read$FUSE(r5, &(0x7f0000002100)={0x2020}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x8)
syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "e90e5b", 0x10, 0x11, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, {[], {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0)
executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000700000030000000020000821300000000000006040b00ba4700000000000000010000000000000000000002000000040000000000"], 0x0, 0x4a}, 0x20)
syz_emit_ethernet(0x6e, &(0x7f0000000200)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @time_exceed={0xd, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00', 0x0, 0x6c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback={0x0, 0xffffac1414aa}, [], "a5f7c70c777fc9b9"}}}}}}}, 0x0)
r0 = io_uring_setup(0x29e6, &(0x7f0000000480)={0x0, 0x0, 0x2})
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90000007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000850000008b000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000280)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000140)=""/57, 0x39}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f0000000300)=""/137, 0x89}, {&(0x7f0000001500)=""/210, 0xd2}, {&(0x7f0000001600)=""/211, 0xd3}, {&(0x7f00000001c0)=""/9, 0x9}], 0x7)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x14, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0)
syz_io_uring_setup(0x4919, &(0x7f0000000080)={0x0, 0x8720, 0x2001, 0x0, 0x1d7, 0x0, r0}, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001440)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="5a00330080000000ffffffffffff080211000000505050505050000000000000000000006400024001010c040603000000000025030000002a01003c0400000000710700000000000000"], 0x78}}, 0x0)
r10 = io_uring_setup(0x1cb2, &(0x7f0000000300))
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000001740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001700)={&(0x7f0000000400)={0x7c, r8, 0x0, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x7c}}, 0x1)
ioctl$DRM_IOCTL_GET_MAGIC(r11, 0x80046402, 0x0)
close_range(r10, 0xffffffffffffffff, 0x0)
r12 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r7, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8020000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c010091", @ANYRES16=r12, @ANYBLOB="100028bd7000fcdbdf2505000000740001800c00070002000000020000000800090013000000140003000a010101000000000000000000000000060002001d000000060001000a00000014000300e0000002000000000000000000000000060001000a000000080009006c00000014000300ffffffff00000000000000000000000030000180070006006c63000008000500040000000800060077727200140003000000000000000000000000000000000114000280060002004e210000060002004e2400002c000180060004004e230000060004004e210000060004004e210000060004004e210000060004004e230000540001800800050002000000060001000a00000008000b0073697000060002000c000000060001000a0000000600010002000000090006006e6f6e650000000007000600727200000c0007000800000002000000"], 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0xc0)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r0, 0x12, 0x0, 0x0)
executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', <r1=>0x0})
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
accept4(r3, 0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000300), 0x0, 0x2)
landlock_create_ruleset(&(0x7f0000000440)={0x2}, 0x10, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/14, 0xe)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = epoll_create1(0x0)
epoll_wait(r7, &(0x7f0000000180)=[{}, {}, {}, {}], 0x16, 0x7ff6)
mmap(&(0x7f000000b000/0x3000)=nil, 0x3000, 0x0, 0x11, r6, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000040)={0x7})
recvmmsg(r2, 0x0, 0x0, 0x40002041, 0x0)
r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r8, 0x40043d14, &(0x7f0000000000))
memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x6)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000100)={@local, 0x0, r1})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, r1})

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$alg-bind$alg-ioctl$sock_SIOCGIFINDEX-socket$inet6_sctp-socket$inet6_mptcp-socket$nl_xfrm-sched_setaffinity-syz_open_dev$MSR-read$msr-prctl$PR_SCHED_CORE-socket$alg-bind$alg-accept4-openat$nullb-syz_open_dev$vim2m-landlock_create_ruleset-syz_io_uring_submit-setsockopt$ALG_SET_KEY-socket$inet6_udplite-epoll_create1-epoll_wait-mmap-epoll_ctl$EPOLL_CTL_ADD-recvmmsg-openat$ptp0-ioctl$PTP_EXTTS_REQUEST2-memfd_create-ioctl$sock_inet6_SIOCSIFADDR-ioctl$sock_inet6_SIOCADDRT
detailed listing:
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', <r1=>0x0})
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000240)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
accept4(r3, 0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000300), 0x0, 0x2)
landlock_create_ruleset(&(0x7f0000000440)={0x2}, 0x10, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/14, 0xe)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = epoll_create1(0x0)
epoll_wait(r7, &(0x7f0000000180)=[{}, {}, {}, {}], 0x16, 0x7ff6)
mmap(&(0x7f000000b000/0x3000)=nil, 0x3000, 0x0, 0x11, r6, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000040)={0x7})
recvmmsg(r2, 0x0, 0x0, 0x40002041, 0x0)
r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r8, 0x40043d14, &(0x7f0000000000))
memfd_create(&(0x7f0000000480)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd\xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\x96@i=G\x9ft\x1d\xcc\xc6Ys7\x7f\x8ehv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfaf$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c', 0x6)
ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000100)={@local, 0x0, r1})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, r1})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_BTF_LOAD-syz_emit_ethernet-io_uring_setup-pipe2$watch_queue-bpf$PROG_LOAD-bpf$ENABLE_STATS-socketpair$unix-close-bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$PROG_LOAD-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-recvmsg$unix-io_uring_register$IORING_REGISTER_BUFFERS-syz_init_net_socket$nl_rdma-sendmsg$netlink-syz_io_uring_setup-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_FRAME-io_uring_setup-syz_open_dev$dri-sendmsg$NL80211_CMD_TDLS_OPER-ioctl$DRM_IOCTL_GET_MAGIC-close_range-syz_genetlink_get_family_id$ipvs-sendmsg$IPVS_CMD_NEW_DEST-io_uring_register$IORING_UNREGISTER_IOWQ_AFF
detailed listing:
executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="9feb010018000000000000000700000030000000020000821300000000000006040b00ba4700000000000000010000000000000000000002000000040000000000"], 0x0, 0x4a}, 0x20)
syz_emit_ethernet(0x6e, &(0x7f0000000200)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x38, 0x3a, 0x0, @empty, @mcast2, {[], @time_exceed={0xd, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00', 0x0, 0x6c, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback={0x0, 0xffffac1414aa}, [], "a5f7c70c777fc9b9"}}}}}}}, 0x0)
r0 = io_uring_setup(0x29e6, &(0x7f0000000480)={0x0, 0x0, 0x2})
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90000007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000850000008b000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10)
recvmsg$unix(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000280)=[{&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000000140)=""/57, 0x39}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f0000000300)=""/137, 0x89}, {&(0x7f0000001500)=""/210, 0xd2}, {&(0x7f0000001600)=""/211, 0xd3}, {&(0x7f00000001c0)=""/9, 0x9}], 0x7)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x14, 0x13, 0x1, 0x0, 0x0, "", [@typed={0x4}]}, 0x14}], 0x1}, 0x0)
syz_io_uring_setup(0x4919, &(0x7f0000000080)={0x0, 0x8720, 0x2001, 0x0, 0x1d7, 0x0, r0}, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001440)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="5a00330080000000ffffffffffff080211000000505050505050000000000000000000006400024001010c040603000000000025030000002a01003c0400000000710700000000000000"], 0x78}}, 0x0)
r10 = io_uring_setup(0x1cb2, &(0x7f0000000300))
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r1, &(0x7f0000001740)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001700)={&(0x7f0000000400)={0x7c, r8, 0x0, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x7c}}, 0x1)
ioctl$DRM_IOCTL_GET_MAGIC(r11, 0x80046402, 0x0)
close_range(r10, 0xffffffffffffffff, 0x0)
r12 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DEST(r7, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8020000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c010091", @ANYRES16=r12, @ANYBLOB="100028bd7000fcdbdf2505000000740001800c00070002000000020000000800090013000000140003000a010101000000000000000000000000060002001d000000060001000a00000014000300e0000002000000000000000000000000060001000a000000080009006c00000014000300ffffffff00000000000000000000000030000180070006006c63000008000500040000000800060077727200140003000000000000000000000000000000000114000280060002004e210000060002004e2400002c000180060004004e230000060004004e210000060004004e210000060004004e210000060004004e230000540001800800050002000000060001000a00000008000b0073697000060002000c000000060001000a0000000600010002000000090006006e6f6e650000000007000600727200000c0007000800000002000000"], 0x14c}, 0x1, 0x0, 0x0, 0x40}, 0xc0)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r0, 0x12, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv-syz_open_procfs-read$FUSE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$nl_route-socket$inet6_udp-ioctl$TIOCSETD-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')
read$FUSE(r5, &(0x7f0000002100)={0x2020}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x8)
syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "e90e5b", 0x10, 0x11, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, {[], {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
single: successfully extracted reproducer
found reproducer with 23 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv-syz_open_procfs-read$FUSE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$nl_route-socket$inet6_udp-ioctl$TIOCSETD
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')
read$FUSE(r5, &(0x7f0000002100)={0x2020}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000100)=0x8)

program crashed: BUG: unable to handle kernel paging request in bq_flush_to_queue
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv-syz_open_procfs-read$FUSE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$nl_route-socket$inet6_udp
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')
read$FUSE(r5, &(0x7f0000002100)={0x2020}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in __xsk_map_flush
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv-syz_open_procfs-read$FUSE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-socket$nl_route
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')
read$FUSE(r5, &(0x7f0000002100)={0x2020}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv-syz_open_procfs-read$FUSE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')
read$FUSE(r5, &(0x7f0000002100)={0x2020}, 0x2020)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000}, 0x90)

program crashed: UBSAN: array-index-out-of-bounds in bq_xmit_all
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv-syz_open_procfs-read$FUSE
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')
read$FUSE(r5, &(0x7f0000002100)={0x2020}, 0x2020)

program crashed: BUG: unable to handle kernel paging request in bq_flush_to_queue
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv-syz_open_procfs
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00')

program crashed: BUG: unable to handle kernel paging request in bq_flush_to_queue
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open-preadv
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xffffffd7}], 0x1, 0x0, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in __xsk_map_flush
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop-open
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)
open(0x0, 0x0, 0x0)

program crashed: general protection fault in __dev_flush
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-mknod$loop
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
mknod$loop(0x0, 0x0, 0x1)

program crashed: general protection fault in __xsk_map_flush
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE-sched_setaffinity
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)

program crashed: general protection fault in __xsk_map_flush
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE-prctl$PR_SCHED_CORE
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

program crashed: general protection fault in __dev_flush
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-prctl$PR_SCHED_CORE
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE-bpf$PROG_LOAD
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000e7ff00000000000000000000181100000e1bfb45e2c0258b7ed4479297d69b30c2604c7f607e6cf353df7e43122d885ffb45380200000000000000305f991e15c24b6cb9106eb862a2d1c5314767033e645dd44e981d825aedae96100345e474e3ce5e82aa819eab1750c11ee2c178743e82ec3a12e0f7a22f4bcda446371457a759ce2be0f4e5de9685222145d2a374735ca05bab0a8677ccb53859", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet-bpf$MAP_CREATE
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x6, 0x4, 0x2}, 0x48)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-syz_emit_ethernet
detailed listing:
executing program 0:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
socket$packet(0x11, 0x2, 0x300)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r1=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r1}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r1=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, r1}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5800000090780000"], 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, 0x0, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB="aaaaaaaaaaaa01804200000086dd602e843500140600fe80000000000000ff07000000000000fe8000000000000000000000000000aa000000003b69ab3098406d37159fe9b29de41935cb99ee0270b8580153d9387de1749238b04dcee284bd93cb96006142b036bec7ce07be8b2d9dcc922d0beeb18d", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x40)
syz_emit_ethernet(0xe80, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)

program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
simplifying C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __dev_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __xsk_map_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: UBSAN: array-index-out-of-bounds in bq_xmit_all
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __xsk_map_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: UBSAN: array-index-out-of-bounds in bq_xmit_all
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __xsk_map_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __xsk_map_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __cpu_map_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __dev_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __xsk_map_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: general protection fault in __dev_flush
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD_XDP-socket$packet-ioctl$sock_SIOCGIFINDEX-bpf$BPF_LINK_CREATE_XDP-syz_emit_ethernet
program crashed: KASAN: stack-out-of-bounds Read in xdp_do_check_flushed
reproducing took 2h11m54.398831724s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: stack-out-of-bounds in list_empty include/linux/list.h:373 [inline]
BUG: KASAN: stack-out-of-bounds in bpf_net_ctx_get_all_used_flush_lists include/linux/filter.h:846 [inline]
BUG: KASAN: stack-out-of-bounds in xdp_do_check_flushed+0x429/0x4e0 net/core/filter.c:4298
Read of size 8 at addr ffffc90003157a68 by task syz-executor726/5705

CPU: 0 PID: 5705 Comm: syz-executor726 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:488
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 list_empty include/linux/list.h:373 [inline]
 bpf_net_ctx_get_all_used_flush_lists include/linux/filter.h:846 [inline]
 xdp_do_check_flushed+0x429/0x4e0 net/core/filter.c:4298
 __napi_poll.constprop.0+0xd1/0x550 net/core/dev.c:6774
 napi_poll net/core/dev.c:6840 [inline]
 net_rx_action+0xa92/0x1010 net/core/dev.c:6962
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:278
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:finish_task_switch.isra.0+0x220/0xcc0 kernel/sched/core.c:5062
Code: a9 0a 00 00 44 8b 0d 67 b8 8c 0e 45 85 c9 0f 85 c0 01 00 00 48 89 df e8 ae f8 ff ff e8 d9 ce 36 00 fb 65 48 8b 1d d0 0d a9 7e <48> 8d bb f8 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffffc90003157968 EFLAGS: 00000206
RAX: 0000000000000309 RBX: ffff88802b04bc00 RCX: 1ffffffff285ad2d
RDX: 0000000000000000 RSI: ffffffff8b2cbac0 RDI: ffffffff8b909200
RBP: ffffc900031579b0 R08: 0000000000000001 R09: fffffbfff2859c82
R10: ffffffff942ce417 R11: 0000000000000000 R12: ffff8880b923fa18
R13: ffff888017693c00 R14: ffff88807c191300 R15: ffff8880b923ec80
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 kthread_queue_work+0xa8/0x170 kernel/kthread.c:1025
 synchronize_rcu_expedited_queue_work kernel/rcu/tree_exp.h:488 [inline]
 synchronize_rcu_expedited+0x2f6/0x450 kernel/rcu/tree_exp.h:968
 synchronize_net+0x4e/0x60 net/core/dev.c:11225
 packet_release+0xb30/0xdd0 net/packet/af_packet.c:3231
 __sock_release+0xb0/0x270 net/socket.c:659
 sock_close+0x1c/0x30 net/socket.c:1421
 __fput+0x408/0xbb0 fs/file_table.c:422
 __fput_sync+0x47/0x50 fs/file_table.c:507
 __do_sys_close fs/open.c:1566 [inline]
 __se_sys_close fs/open.c:1551 [inline]
 __x64_sys_close+0x86/0x100 fs/open.c:1551
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff0b7e12e60
Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 41 e2 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c
RSP: 002b:00007fffe28bfef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007ff0b7e12e60
RDX: 0000000000000e80 RSI: 0000000020000400 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00007fffe28c0028 R09: 00007fffe28c0028
R10: 00007fffe28c0028 R11: 0000000000000202 R12: 0000000000000000
R13: 00007fffe28bff14 R14: 00007fffe28bff30 R15: 00007fffe28bff20
 </TASK>

The buggy address belongs to stack of task syz-executor726/5705
 and is located at offset 0 in frame:
 __schedule+0x0/0x5490

This frame has 3 objects:
 [48, 52) 'cid'
 [64, 80) 'rf'
 [96, 120) 'ac'

The buggy address belongs to the virtual mapping at
 [ffffc90003150000, ffffc90003159000) created by:
 kernel_clone+0xfd/0x980 kernel/fork.c:2780

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c21f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5088, tgid 5088 (syz-executor726), ts 82164216760, free_ts 81714521277
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1473
 prep_new_page mm/page_alloc.c:1481 [inline]
 get_page_from_freelist+0x1353/0x2e50 mm/page_alloc.c:3425
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4683
 alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2265
 vm_area_alloc_pages mm/vmalloc.c:3583 [inline]
 __vmalloc_area_node mm/vmalloc.c:3659 [inline]
 __vmalloc_node_range_noprof+0xa6a/0x1520 mm/vmalloc.c:3840
 alloc_thread_stack_node kernel/fork.c:311 [inline]
 dup_task_struct kernel/fork.c:1111 [inline]
 copy_process+0x2f3b/0x8de0 kernel/fork.c:2203
 kernel_clone+0xfd/0x980 kernel/fork.c:2780
 __do_sys_clone+0xba/0x100 kernel/fork.c:2923
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5665 tgid 5665 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_folios+0x991/0x1310 mm/page_alloc.c:2637
 folios_put_refs+0x487/0x6d0 mm/swap.c:1024
 free_pages_and_swap_cache+0x45f/0x510 mm/swap_state.c:332
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu mm/mmu_gather.c:373 [inline]
 tlb_finish_mmu+0x168/0x7b0 mm/mmu_gather.c:465
 exit_mmap+0x3d1/0xb20 mm/mmap.c:3354
 __mmput+0x12a/0x480 kernel/fork.c:1343
 mmput+0x62/0x70 kernel/fork.c:1365
 exit_mm kernel/exit.c:566 [inline]
 do_exit+0x9bf/0x2bb0 kernel/exit.c:864
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1026
 __do_sys_exit_group kernel/exit.c:1037 [inline]
 __se_sys_exit_group kernel/exit.c:1035 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1035
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffffc90003157900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90003157980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90003157a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
                                                          ^
 ffffc90003157a80: f1 f1 f1 04 f2 00 00 f2 f2 00 00 00 f3 f3 f3 f3
 ffffc90003157b00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
   0:	a9 0a 00 00 44       	test   $0x4400000a,%eax
   5:	8b 0d 67 b8 8c 0e    	mov    0xe8cb867(%rip),%ecx        # 0xe8cb872
   b:	45 85 c9             	test   %r9d,%r9d
   e:	0f 85 c0 01 00 00    	jne    0x1d4
  14:	48 89 df             	mov    %rbx,%rdi
  17:	e8 ae f8 ff ff       	call   0xfffff8ca
  1c:	e8 d9 ce 36 00       	call   0x36cefa
  21:	fb                   	sti
  22:	65 48 8b 1d d0 0d a9 	mov    %gs:0x7ea90dd0(%rip),%rbx        # 0x7ea90dfa
  29:	7e
* 2a:	48 8d bb f8 15 00 00 	lea    0x15f8(%rbx),%rdi <-- trapping instruction
  31:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  38:	fc ff df
  3b:	48 89 fa             	mov    %rdi,%rdx
  3e:	48                   	rex.W
  3f:	c1                   	.byte 0xc1

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: stack-out-of-bounds in list_empty include/linux/list.h:373 [inline]
BUG: KASAN: stack-out-of-bounds in bpf_net_ctx_get_all_used_flush_lists include/linux/filter.h:846 [inline]
BUG: KASAN: stack-out-of-bounds in xdp_do_check_flushed+0x429/0x4e0 net/core/filter.c:4298
Read of size 8 at addr ffffc90003157a68 by task syz-executor726/5705

CPU: 0 PID: 5705 Comm: syz-executor726 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xc3/0x620 mm/kasan/report.c:488
 kasan_report+0xd9/0x110 mm/kasan/report.c:601
 list_empty include/linux/list.h:373 [inline]
 bpf_net_ctx_get_all_used_flush_lists include/linux/filter.h:846 [inline]
 xdp_do_check_flushed+0x429/0x4e0 net/core/filter.c:4298
 __napi_poll.constprop.0+0xd1/0x550 net/core/dev.c:6774
 napi_poll net/core/dev.c:6840 [inline]
 net_rx_action+0xa92/0x1010 net/core/dev.c:6962
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 common_interrupt+0xb0/0xd0 arch/x86/kernel/irq.c:278
 </IRQ>
 <TASK>
 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
RIP: 0010:finish_task_switch.isra.0+0x220/0xcc0 kernel/sched/core.c:5062
Code: a9 0a 00 00 44 8b 0d 67 b8 8c 0e 45 85 c9 0f 85 c0 01 00 00 48 89 df e8 ae f8 ff ff e8 d9 ce 36 00 fb 65 48 8b 1d d0 0d a9 7e <48> 8d bb f8 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1
RSP: 0018:ffffc90003157968 EFLAGS: 00000206
RAX: 0000000000000309 RBX: ffff88802b04bc00 RCX: 1ffffffff285ad2d
RDX: 0000000000000000 RSI: ffffffff8b2cbac0 RDI: ffffffff8b909200
RBP: ffffc900031579b0 R08: 0000000000000001 R09: fffffbfff2859c82
R10: ffffffff942ce417 R11: 0000000000000000 R12: ffff8880b923fa18
R13: ffff888017693c00 R14: ffff88807c191300 R15: ffff8880b923ec80
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 kthread_queue_work+0xa8/0x170 kernel/kthread.c:1025
 synchronize_rcu_expedited_queue_work kernel/rcu/tree_exp.h:488 [inline]
 synchronize_rcu_expedited+0x2f6/0x450 kernel/rcu/tree_exp.h:968
 synchronize_net+0x4e/0x60 net/core/dev.c:11225
 packet_release+0xb30/0xdd0 net/packet/af_packet.c:3231
 __sock_release+0xb0/0x270 net/socket.c:659
 sock_close+0x1c/0x30 net/socket.c:1421
 __fput+0x408/0xbb0 fs/file_table.c:422
 __fput_sync+0x47/0x50 fs/file_table.c:507
 __do_sys_close fs/open.c:1566 [inline]
 __se_sys_close fs/open.c:1551 [inline]
 __x64_sys_close+0x86/0x100 fs/open.c:1551
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff0b7e12e60
Code: ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 80 3d 41 e2 07 00 00 74 17 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c
RSP: 002b:00007fffe28bfef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007ff0b7e12e60
RDX: 0000000000000e80 RSI: 0000000020000400 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00007fffe28c0028 R09: 00007fffe28c0028
R10: 00007fffe28c0028 R11: 0000000000000202 R12: 0000000000000000
R13: 00007fffe28bff14 R14: 00007fffe28bff30 R15: 00007fffe28bff20
 </TASK>

The buggy address belongs to stack of task syz-executor726/5705
 and is located at offset 0 in frame:
 __schedule+0x0/0x5490

This frame has 3 objects:
 [48, 52) 'cid'
 [64, 80) 'rf'
 [96, 120) 'ac'

The buggy address belongs to the virtual mapping at
 [ffffc90003150000, ffffc90003159000) created by:
 kernel_clone+0xfd/0x980 kernel/fork.c:2780

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c21f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 5088, tgid 5088 (syz-executor726), ts 82164216760, free_ts 81714521277
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1473
 prep_new_page mm/page_alloc.c:1481 [inline]
 get_page_from_freelist+0x1353/0x2e50 mm/page_alloc.c:3425
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4683
 alloc_pages_mpol_noprof+0x275/0x610 mm/mempolicy.c:2265
 vm_area_alloc_pages mm/vmalloc.c:3583 [inline]
 __vmalloc_area_node mm/vmalloc.c:3659 [inline]
 __vmalloc_node_range_noprof+0xa6a/0x1520 mm/vmalloc.c:3840
 alloc_thread_stack_node kernel/fork.c:311 [inline]
 dup_task_struct kernel/fork.c:1111 [inline]
 copy_process+0x2f3b/0x8de0 kernel/fork.c:2203
 kernel_clone+0xfd/0x980 kernel/fork.c:2780
 __do_sys_clone+0xba/0x100 kernel/fork.c:2923
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5665 tgid 5665 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_folios+0x991/0x1310 mm/page_alloc.c:2637
 folios_put_refs+0x487/0x6d0 mm/swap.c:1024
 free_pages_and_swap_cache+0x45f/0x510 mm/swap_state.c:332
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]
 tlb_flush_mmu mm/mmu_gather.c:373 [inline]
 tlb_finish_mmu+0x168/0x7b0 mm/mmu_gather.c:465
 exit_mmap+0x3d1/0xb20 mm/mmap.c:3354
 __mmput+0x12a/0x480 kernel/fork.c:1343
 mmput+0x62/0x70 kernel/fork.c:1365
 exit_mm kernel/exit.c:566 [inline]
 do_exit+0x9bf/0x2bb0 kernel/exit.c:864
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1026
 __do_sys_exit_group kernel/exit.c:1037 [inline]
 __se_sys_exit_group kernel/exit.c:1035 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1035
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffffc90003157900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffc90003157980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffc90003157a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
                                                          ^
 ffffc90003157a80: f1 f1 f1 04 f2 00 00 f2 f2 00 00 00 f3 f3 f3 f3
 ffffc90003157b00: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
   0:	a9 0a 00 00 44       	test   $0x4400000a,%eax
   5:	8b 0d 67 b8 8c 0e    	mov    0xe8cb867(%rip),%ecx        # 0xe8cb872
   b:	45 85 c9             	test   %r9d,%r9d
   e:	0f 85 c0 01 00 00    	jne    0x1d4
  14:	48 89 df             	mov    %rbx,%rdi
  17:	e8 ae f8 ff ff       	call   0xfffff8ca
  1c:	e8 d9 ce 36 00       	call   0x36cefa
  21:	fb                   	sti
  22:	65 48 8b 1d d0 0d a9 	mov    %gs:0x7ea90dd0(%rip),%rbx        # 0x7ea90dfa
  29:	7e
* 2a:	48 8d bb f8 15 00 00 	lea    0x15f8(%rbx),%rdi <-- trapping instruction
  31:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  38:	fc ff df
  3b:	48 89 fa             	mov    %rdi,%rdx
  3e:	48                   	rex.W
  3f:	c1                   	.byte 0xc1