Extracting prog: 1m14.536585153s
Minimizing prog: 11m19.76809791s
Simplifying prog options: 3m1.107312487s
Extracting C: 1m51.612003105s
Simplifying C: 0s


extracting reproducer from 69 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-socket$nl_generic-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-socket$nl_generic-sendmsg$nl_generic-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r5}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r6, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000400007012bbd700000000000017c040042800c00018006000600800a00001800028012001480b02bd329b12082e8700f7ff46b480000f1791022a2956030795c91fc75ce754fa14cacb4c8f76585547657abc1f73e33dfa78002d85d2c8ee64f7446d26cc9a161773b0089433fe2cdce0802f066f34bfd07"], 0x3c}, 0x1, 0x0, 0x0, 0x48815}, 0xc020) (async, rerun: 32)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
single: successfully extracted reproducer
found reproducer with 29 syscalls
minimizing guilty program
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-socket$nl_generic-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-socket$nl_generic-sendmsg$nl_generic
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r5}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r6, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000400007012bbd700000000000017c040042800c00018006000600800a00001800028012001480b02bd329b12082e8700f7ff46b480000f1791022a2956030795c91fc75ce754fa14cacb4c8f76585547657abc1f73e33dfa78002d85d2c8ee64f7446d26cc9a161773b0089433fe2cdce0802f066f34bfd07"], 0x3c}, 0x1, 0x0, 0x0, 0x48815}, 0xc020) (async, rerun: 32)

program did not crash
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-socket$nl_generic-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-socket$nl_generic-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r5}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r6, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-socket$nl_generic-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r5}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r6, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-socket$nl_generic-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r5}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r5}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-fstat-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}) (rerun: 64)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r5}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-sendmsg$nl_route-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-socket$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-socket$nl_route-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x7}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @exthdr={{0xb}, @void}}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r3}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

minimization failed with failed to copy syz-executor to VM: scp failed: failed to run ["scp" "-P" "15163" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "/syzkaller/syzkaller/current/bin/linux_amd64/syz-executor" "root@localhost:/syz-executor"]: exit status 1
extracting C reproducer
testing compiled C program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
program did not crash
simplifying guilty program options
testing program (duration=35.006310603s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
testing program (duration=35.006310603s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
validation run: crashed=false
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
validation run: crashed=false
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
validation run: crashed=false
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
validation run: crashed=false
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
validation run: crashed=true
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program did not crash
validation run: crashed=false
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
validation run: crashed=true
testing program (duration=35.006310603s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-socket$nl_netfilter-close-sendmsg$nl_route-sendmsg$nl_route-sendmsg$nl_route-futex-futex-futex-mprotect-exit-socket-sendmmsg-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$nl_route-fstat-sendmsg$IPSET_CMD_TYPE-mount$overlay-setsockopt$netlink_NETLINK_LISTEN_ALL_NSID-sendmsg$NFT_BATCH
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) (async)
listen(r0, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4044091}, 0x4010800) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 64)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) (async, rerun: 32)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) (rerun: 32)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
exit(0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_delroute={0x24, 0x1a, 0x0, 0x0, 0x20000000, {0xa, 0x0, 0x0, 0x7, 0xfd, 0x0, 0x0, 0x0, 0x400}, [@RTA_DPORT={0x6, 0x1d, 0x4e22}]}, 0x24}, 0x1, 0x0, 0x0, 0x4008044}, 0x800) (async, rerun: 64)
fstat(r2, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}) (rerun: 64)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x90}, 0x8001)
mount$overlay(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480), 0x2, &(0x7f0000000540)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file0'}}], [{@uid_lt={'uid<', r4}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}]})
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(0xffffffffffffffff, 0x10e, 0x8, &(0x7f0000000100)=0x6, 0x4)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a236b20bd45c802010100000000000000000a0000060900020173797a31000000000900010073797a31000000001c000380180000800c0001800600010000000000080003400000000114000000110013000000000000"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (rerun: 32)

program crashed: general protection fault in remove_waiter
validation run: crashed=true
reproducing took 25m27.878883797s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000151: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000a88-0x0000000000000a8f]
CPU: 2 UID: 0 PID: 6157 Comm: syz.3.37 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:kasan_byte_accessible+0x15/0x30 mm/kasan/generic.c:210
Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00
RSP: 0018:ffffc90003c4f9b0 EFLAGS: 00010082
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8b8c8c8e RDI: dffffc0000000151
RBP: 0000000000000a88 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8b8c8c8e
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f1de46966c0(0000) GS:ffff8880d6579000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1de4633d58 CR3: 00000000479b7000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 __kasan_check_byte+0x13/0x50 mm/kasan/common.c:573
 kasan_check_byte include/linux/kasan.h:402 [inline]
 lock_acquire kernel/locking/lockdep.c:5842 [inline]
 lock_acquire+0x12a/0x370 kernel/locking/lockdep.c:5825
 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158
 class_raw_spinlock_constructor include/linux/spinlock.h:535 [inline]
 remove_waiter+0x159/0x1200 kernel/locking/rtmutex.c:1561
 rt_mutex_start_proxy_lock+0x103/0x120 kernel/locking/rtmutex_api.c:369
 futex_requeue+0x10e4/0x20d0 kernel/futex/requeue.c:643
 do_futex+0x2af/0x350 kernel/futex/syscalls.c:156
 __do_sys_futex kernel/futex/syscalls.c:207 [inline]
 __se_sys_futex kernel/futex/syscalls.c:188 [inline]
 __x64_sys_futex+0x34f/0x4d0 kernel/futex/syscalls.c:188
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1de379cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1de4696028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 00007f1de3a15fa0 RCX: 00007f1de379cdd9
RDX: 0000000000000001 RSI: 000000000000000c RDI: 000020000000cffc
RBP: 00007f1de3832d69 R08: 0000200000048000 R09: 0000000000000000
R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1de3a16038 R14: 00007f1de3a15fa0 R15: 00007ffea9ca8968
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:kasan_byte_accessible+0x15/0x30 mm/kasan/generic.c:210
Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00
RSP: 0018:ffffc90003c4f9b0 EFLAGS: 00010082
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8b8c8c8e RDI: dffffc0000000151
RBP: 0000000000000a88 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8b8c8c8e
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f1de46966c0(0000) GS:ffff8880d6579000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1de4633d58 CR3: 00000000479b7000 CR4: 0000000000352ef0
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	0f 1f 00             	nopl   (%rax)
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	0f 1f 40 d6          	nopl   -0x2a(%rax)
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 c1 ef 03          	shr    $0x3,%rdi
  27:	48 01 c7             	add    %rax,%rdi
* 2a:	0f b6 07             	movzbl (%rdi),%eax <-- trapping instruction
  2d:	3c 07                	cmp    $0x7,%al
  2f:	0f 96 c0             	setbe  %al
  32:	c3                   	ret
  33:	cc                   	int3
  34:	cc                   	int3
  35:	cc                   	int3
  36:	cc                   	int3
  37:	66                   	data16
  38:	66                   	data16
  39:	2e                   	cs
  3a:	0f                   	.byte 0xf
  3b:	1f                   	(bad)
  3c:	84 00                	test   %al,(%rax)

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000151: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000a88-0x0000000000000a8f]
CPU: 2 UID: 0 PID: 6157 Comm: syz.3.37 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:kasan_byte_accessible+0x15/0x30 mm/kasan/generic.c:210
Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00
RSP: 0018:ffffc90003c4f9b0 EFLAGS: 00010082
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8b8c8c8e RDI: dffffc0000000151
RBP: 0000000000000a88 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8b8c8c8e
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f1de46966c0(0000) GS:ffff8880d6579000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1de4633d58 CR3: 00000000479b7000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 __kasan_check_byte+0x13/0x50 mm/kasan/common.c:573
 kasan_check_byte include/linux/kasan.h:402 [inline]
 lock_acquire kernel/locking/lockdep.c:5842 [inline]
 lock_acquire+0x12a/0x370 kernel/locking/lockdep.c:5825
 __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
 _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:158
 class_raw_spinlock_constructor include/linux/spinlock.h:535 [inline]
 remove_waiter+0x159/0x1200 kernel/locking/rtmutex.c:1561
 rt_mutex_start_proxy_lock+0x103/0x120 kernel/locking/rtmutex_api.c:369
 futex_requeue+0x10e4/0x20d0 kernel/futex/requeue.c:643
 do_futex+0x2af/0x350 kernel/futex/syscalls.c:156
 __do_sys_futex kernel/futex/syscalls.c:207 [inline]
 __se_sys_futex kernel/futex/syscalls.c:188 [inline]
 __x64_sys_futex+0x34f/0x4d0 kernel/futex/syscalls.c:188
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1de379cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1de4696028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: ffffffffffffffda RBX: 00007f1de3a15fa0 RCX: 00007f1de379cdd9
RDX: 0000000000000001 RSI: 000000000000000c RDI: 000020000000cffc
RBP: 00007f1de3832d69 R08: 0000200000048000 R09: 0000000000000000
R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f1de3a16038 R14: 00007f1de3a15fa0 R15: 00007ffea9ca8968
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:kasan_byte_accessible+0x15/0x30 mm/kasan/generic.c:210
Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00
RSP: 0018:ffffc90003c4f9b0 EFLAGS: 00010082
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8b8c8c8e RDI: dffffc0000000151
RBP: 0000000000000a88 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8b8c8c8e
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f1de46966c0(0000) GS:ffff8880d6579000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1de4633d58 CR3: 00000000479b7000 CR4: 0000000000352ef0
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	0f 1f 00             	nopl   (%rax)
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	0f 1f 40 d6          	nopl   -0x2a(%rax)
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 c1 ef 03          	shr    $0x3,%rdi
  27:	48 01 c7             	add    %rax,%rdi
* 2a:	0f b6 07             	movzbl (%rdi),%eax <-- trapping instruction
  2d:	3c 07                	cmp    $0x7,%al
  2f:	0f 96 c0             	setbe  %al
  32:	c3                   	ret
  33:	cc                   	int3
  34:	cc                   	int3
  35:	cc                   	int3
  36:	cc                   	int3
  37:	66                   	data16
  38:	66                   	data16
  39:	2e                   	cs
  3a:	0f                   	.byte 0xf
  3b:	1f                   	(bad)
  3c:	84 00                	test   %al,(%rax)