Extracting prog: 7m7.534376444s
Minimizing prog: 9m15.090324853s
Simplifying prog options: 0s
Extracting C: 1m18.646681915s
Simplifying C: 9m3.144202907s


30 programs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 30 programs
single: executing 5 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_BTF_LOAD-bpf$BPF_GET_BTF_INFO
detailed listing:
executing program 0:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00')
ioctl$NS_GET_PARENT(r0, 0x8004b706, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): iopl-timerfd_create-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-socket$inet-socket$packet-syz_open_dev$dri-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_MODE_DIRTYFB-dup-futex-futex-futex-openat$ppp-futex
detailed listing:
executing program 0:
iopl(0x3)
timerfd_create(0x0, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$dri(&(0x7f00000005c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000002f00)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r1, 0xc01864b1, &(0x7f00000000c0)={r3, 0x0, 0x0, 0x0, &(0x7f0000000040)})
dup(r0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x2, 0x0, &(0x7f0000048000), 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$ptmx-ioctl$TIOCSETD-openat$cgroup_ro-mmap-ioctl$TCSETS
detailed listing:
executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
ioctl$TCSETS(r0, 0x89f1, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$PROG_LOAD-bpf$BPF_PROG_TEST_RUN-bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH
detailed listing:
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x0, r2}, 0x38)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 15s
testing program (duration=22s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 7, 6, 6, 6, 21, 12, 2, 4, 7, 6, 17, 25, 4, 20, 5, 30, 2, 11, 19, 2, 9, 7, 10, 5, 25, 15, 2, 10, 2]
detailed listing:
executing program 3:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r0, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000003700)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001)
sendmsg$inet6(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
executing program 3:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
listen(r0, 0x20000005)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000180)='wg0\x00', 0x10)
write$binfmt_script(r1, 0x0, 0x0)
executing program 3:
unshare(0x60480)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2}, 0x10)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
executing program 3:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000300))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600016, 0x15)
epoll_pwait(r1, &(0x7f0000000140)=[{}], 0x1, 0x0, 0x0, 0x0)
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x0, r2}, 0x38)
executing program 1:
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = userfaultfd(0x1)
ioperm(0x0, 0xbbd3, 0x1)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = open(&(0x7f0000000140)='.\x00', 0x0, 0x0)
r3 = dup2(r2, r2)
openat$cgroup_int(r3, &(0x7f00000001c0)='io.weight\x00', 0x657, 0xfeffffff)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, &(0x7f0000000180))
r4 = io_uring_setup(0x4d63, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
getpid()
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD(0x2, 0x0, 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000})
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
unshare(0x22020600)
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@cred={{0x1c}}], 0x20}, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2c0000001a0001000000000000000000020000000000000000000000f0eca5194b908be83c06001c004e23000006001d004e240000"], 0x2c}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="0100000000000000000001000000000000000741000000140017000000000000000069623a6772653069965d1b5fe27bc6eb1e7bbcee009a57d851f45e73e99f67faa5fbc23420f84c7d41e165110783364b88c0a3414da07717c522566ad8a46cfc986eae6fe11d112a1d2d5a1d9dcbdac8778244b92f777c7cc888880dd9a39b72dc7913d4d73adbabd38117ff843b6038f7233c8e9d184e95f8da72bea9301d63438206c980184cbdce6f9859fd29f41a7885eb8da135ae765a0c599f5313c6d843a844e91d9ab72f57268df5ad82d170db0fe4e25a2b40e0d10e9eb5"], 0x30}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @broadcast}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2}}}})
executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x20, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0, 0x0}}, 0x10)
executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000080))
executing program 0:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
listen(r0, 0x20000005)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='wg0\x00', 0x10)
write$binfmt_script(r1, &(0x7f0000000400)={'#! ', './file0', [{}, {0x20, '\xff\x03\x00\x00\x00\x00\x00\x00'}], 0xa, "4decf3889422872ed4c48e4184ee96c7aa83a1b028c1a7037fea5b8533fb17e2"}, 0x35)
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x0, r2}, 0x38)
executing program 1:
iopl(0x3)
timerfd_create(0x0, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$dri(&(0x7f00000005c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000002f00)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r1, 0xc01864b1, &(0x7f00000000c0)={r3, 0x0, 0x0, 0x0, &(0x7f0000000040)})
dup(r0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x2, 0x0, &(0x7f0000048000), 0x0)
r4 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil)
shmctl$IPC_SET(r4, 0x1, &(0x7f0000000140)={{0x3, 0x0, 0x0, 0xee01}})
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
fcntl$getown(r2, 0x9)
ptrace$setsig(0x4203, 0x0, 0xb, &(0x7f0000000140)={0x33, 0xfff})
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000280)='wlan1\x00', 0x10)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000140), 0x4)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300)="ecab5329269972f145883fef0be71d70c188594bf89a5adaef0704ad67faf87fb50d21384b2ab982aaa9178abb878db234fcee71f2a3eb772da0da2e0fcab20a94463c2dd91b3ccf1241a07660aeb4655bf29d65fb3f3c548573d096c0d15ee237570afa9fe4d0b2be5cd2ea7d3675e2e2cc0b27db4f43ac1348b2d57cec24d85817a66e968973bfb3e7", 0x8a)
setsockopt$inet_mreqsrc(r3, 0x0, 0x0, &(0x7f0000000240)={@private=0xa010100, @broadcast, @multicast1}, 0xc)
socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="8907040400", 0x5)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x17, 0x17, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@printk={@p, {}, {0x5}, {0x7, 0x0, 0x9}, {}, {}, {0x15}}], {{}, {0x5}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000200095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0xc09, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8}]}}}]}, 0x3c}}, 0x0)
executing program 0:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'ip6gretap0\x00', <r2=>0x0})
r3 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000080)={@remote, @private0, @ipv4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6060000, r4})
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000080)={@dev, @remote, @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80600087, r2})
r6 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r7=>0x0})
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f0000000640)={@loopback, @local, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80600087, r7})
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r10=>0x0})
ioctl$sock_inet6_SIOCADDRT(r9, 0x890b, &(0x7f0000000080)={@mcast2, @ipv4, @dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80600087, r10})
r11 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r11, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', <r12=>0x0})
r13 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet6_SIOCADDRT(r13, 0x890b, &(0x7f0000000640)={@loopback, @local, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80600087, r12})
ioctl$sock_inet_SIOCSIFFLAGS(r13, 0x8914, &(0x7f0000000140)={'batadv_slave_0\x00'})
executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x0, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x3}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "ec9700", 0xf98, 0x2c, 0x0, @local, @mcast2, {[@fragment={0x3a}], @ndisc_redir={0x89, 0x2, 0x0, '\x00', @mcast1, @ipv4={'\x00', '\xff\xff', @multicast1}, [{0x0, 0x1ec, "b72c2f206c88de53573d5d7a33e98070e28b3697a6ea37817f8b9bf04e456dd7e36feb39d044e20c96752cd920ed2d5f901a7875a2147b3cebb35102162c36e0c3c701aad9c07828d51bb3277606cc6463b23e2ba8652b8a6dbb69f94a2bdf0b57cbf5f4a04ad5c1bd681a720a45099989535abefd1595ea19096699457e03be6699da909044c3eed9b06fa89007b4e05f2ce5e5fb1cbda7b7801183188358b6c914d98562b49bc9a0ceb9c5bded888db46f7b227569b3e929a7beebb8117a74416f8196f0ffb9cc62603531f3d391faf5b3f68a3588ed68a7af8fd28199eb596398b284e948345d98d7b13030284f7c1e09a5d79d14d6ee1486239fee476e970749be311529dbc9b461d9bc71b45b9e33cf4c5807dbf88142150afbd44633f085745a444072579b07413c65a6f606e018e5726d0de1f08d4099c95e6409bdba10c010cc28332e4bf46fd2fae5c35030144a0844219b0749007359133c55728d7462140663bc8c2997fa99b378beb0255e95676c835fe8c6c041af36af43d8c3e5afe8517568dceba064e76a37de68274f6b97b00df676a025506a6fa98d76db4e2685c97e659ff4a1b985fa9279fc10edddf9dd9c9b144352c6bdca691dee973bbef4810d2bbd5857e9fc425648ba9dabd4176623887e47b93b0ad02a339d20318dac467b9dcaf701de56078a21d4c659ed7ab7249a37d8e803dc67dc478924e1edd1e6fd46323e0d11a61e9b4f4b8ecf1ec42091c2f6a40327b9113d09b83c14ae2e31e56c864cd8bbddda8aaf9e760d34822bc215cc09cbf01ebb802521cc1a70c571fefcd6286c16a0100b6337955349d9713a6ac1e787341758546f91085d446b75cc00ef5e865eed8cfcbdc65518abf9baf09b3d0cb532ebe8f8e59693944ace37b1666b7f3bed1bd024dda368de5e248a65f1a5c79ef266fd976dbe2bef51167070851f4bbcd978e07675f1d98d8c522d2eaaf00caf0bb2d025718554dbe2d19a27715cd2ac6c39c71072b677ea957df197a316d761bd8242c1590621378664a8abe77758f828e49ad7df14fd4d1672a7633845817812616e8be2d89ddb3373dd6cc064d8a6a2c99a5465d53d945d0f4650b02f5be6cbfd5e3015c48cfe50b5b41f4b8f59053859ade4cf03aeef0b3964b9d3d42efc678e5f737608010ec0b96b74f67365e07c204fe3d0a23fd5c0476286d4ebeaaf8fb68f5879fb3fdf117aee9a1633764961f0880db00ec4d7a99c7250c4823174905ac1d330ad4bc973ef392d4837444df29891dfffc6ae7907b7db19a1f3ab18054b7fd9e298b329ef2b4dbd933c993771ed4bc1e79ed375f795370c77ce20be16ecb436e902653ba293b5eabbd3870749bf2a8ed596e4ea434f55f910381c135ca3e90be8369c26d3e6f35a738eb73b4928b9212981568dce36729f21889da963978e274eba6324d3e0f10d022de63bfe0df3e888f3c57bd5100f788104b79e636c32b742fd11fc88de1c710d088644e30e53a7ebb36f6115b6d83d9d9348940f0884e181ef353c9c51b40284cbd60c536f1980483d62ef8978de06acce5c68bce4fd966df5832da6a745a8b813f8fb56ad51dfa308ca5da3310cb190bb379d03722e91c5ec237306db82ded7115aed526be57071a6bb804b9fb14ffa5102346bad18b700cbe11e3e78b6d8efca5fc2b91556e31178ebfc026065b77f7bc3ce4eca42bb52effc17e16c6137fbd6557eaca3e972fc3e1b10355d835028c789baf331b81024692b2fb87a00bb648f730a2e2cc7c6ae5114fb4b5d4ce4ff3b2ca9a146bf27df5471a7a33fa7f7be6d447621430e03192748f076010e9bfd0fddf2edcf33646edccea84c6f3881d554b024d72b7da56ebae7a67a7a75bf88e46a44c726cfadad0debf5c6be61c0b5f68b7179aae063f57f3d4bae44b4ed470643e96dc2fafc58e618966366e59e6b8475fe325639626cab8ae03cecf8f6d813fac3f9b5de67a330061b1258515740e9c16ff7b057fd9574dc2eac6a9455b3050dc17cb1df5b7973b57b39b613a8c360317f55ba91e95940a1a166a1ff8bc3da79ef78496dd0de5057fc76f1fa7cebf5c424bed7d7f2c917c7a6b453bd26ba2c4be5d96e76192047078f006e8bcc876c157b528411b7d6d2e232e79494a2af10a87955ad06a95e617a0326981be02099729d97ec08a7c6b3ca683ddb4b1ec6de2b5b63d679f7067e63eb832bebca6f851726b1185d08fb53c611f7a16848b9f2670dc7c03765dc0ae0bb8d6dd4e94d3f20b46c8147f82f039ab92c385d8348529fee0807d12e1d59a3102b9f51b71a2d4142f661aa82ef1e61eda672de67a22223d96b650e7c5f7da712bf585e05ff5f58ddd24c5cc91a12911cd1eb95efea897ed1787b91d9edcab0797f606c19208912613095322798dc623ef418bdc0771fc8ee645251fededd6d4749ab49b79ebcd6d09cca2811d8a9aefb2e82a38b382293c797ed699ddfec8acd813632943714199d51bedfe7c0dbc7522eb2be861e89a181296b3c1283b7f121ab9d6d846c0ed2618eac911721495d7d648c509b5be467c167d9a85a97c2cbabd59e1347f51b5dd8fe4c487635228f9848077b1392f83f0a586928827227827f8cf75dccd72dfc96398f87e6b6f1062c18da51d4247ae9c1fa2ba9274da0ab3ef9d32f1bf08dc9c032170beb56664919113a3b4fc6f7202f1129c5195fbdc6ae5cdff4b4bb5346fb05e80a7c364723218d3418e6ea69a32003a1fa0ad6050857da33ab4be576faf87b59de87582a165fbd344db42064737f232b918b0db172c6a4d9b62845ec1dfb459db5bdaa69beaa3441a122cb9880cf857b31cb41dfc4c1537fdae375f9928a77eeeaff11bc1a3638168ce69a45d5954f301a595b75570109425a81e64f09f63cba549653255957c2aa28315ee6fd4baafc7d6f687946d46e5f083b901f0826993fcc71715e687fff92c4cd7441013646746668bd3db28f07d4d30380a774918e6921fe5454596a1320990cdc7fa652444039e54731f52cc534ba716e971880ae03d26fda1809e81945f2f6fa1ce82c97ac0e116ab951cc44fd04aad4dd1dd1476f32c16d25cfbe4fc527aea623600ebc3c4de7871703b18e621d66260a1d10a14b99290e71bf349038b6f49d846503ff4d88fce0fb3b41ff0eec68e261a769e1cead81aa6e9e19388340594a69c58860541a153b517b7d039347a0812476521ce1444bddd3fb96ace96ec46df4ca0a0509c7d8c9c2359a96a52fac70aca6052b8157b335bdb44b19c703d1a0af3e6d498eb93373c06ca3020c62c7ed34b69a15d30d56191774755711eb405d24e7a01302dcac5efb2beab63227fce18ede52f5255c2644858fe141c65bf18d22289dfcca7ba5b64675050781a4061baee134ffd5575b2fa5ae59b815cf1556d559805a565d6a31a5c3de872d8ce71257f4e679df224434f9529ad3c01197a314e7763b6ff1a4e8f0a45bb5ac91ffdba2b9999d432204d98d431b8bdf3742e10fcc183b4a72e7cab9b0b807c054a7826645971a0a38de6229144d7c3a5db25f0290b893a6e70d3f711cfbf92d38fcac9164cb706bd1505d5f7309b21b7a320a25447af316ec1b51e62bd6c95834543b67ec4664e3902003df21f2cfe4594f11e32cc930bd0d6564a8835925d0ef49bebeaa840aff4c639c326ba1e4a42e2d5f6e043c15469e4e35ded8c8f532f5603aefae5f8efe01ed68783264004319c241b7242e830f7fb79c9b8799239c474141961965575160ceca109d37b02fb203ed18f98c317c45c0d4757a1db9c05060355ffcf2bf26c8cfc89a25c3714cfa0028138d3b5bdf48e081e689596fa7c4913e17a676e05c6e46f9425ab87c4fb96d7e81f4fdd9d6286a35ceba09504551a5d9f98f7b1b0eba4cffd3a2c9fdfab64ec36a93dc44291ca298b4f6594b81e432907dd3d827c56854320e2f6cc020dbde1f0c9f2007be5259676010016cd082a03d2835e6c58d40fa8d111bbb0e804cd2d8a06bec93ece0701b3f212001bb4c3bb1b84d0d97de3eb7d403c2bcdd66293ab284460ad8241487b518b06e352c44b052d6c0201e5a927c22317484b163f7625504fab36856d7cbb09e13c8092ff0896ee7bc4fb0dac2b57551e7a061276ee8f1800362f31185d48f37b3a04412f6a038a4b30f5f3ed35ed849ead22ea401ae841cff10f59bd226cbf484dbf69848db8e07668361b7068d6611c7cb20ca9951b367b4a3415b02258c6e47613a2155d41c60b6f3d231315710e428721e205ba77b337aead17978ecf1c3b129f68ae2c8a5b7510cbc666e509cea4ec91a5c18874778f40e48196a5045d76ae519521fb780d8a63d632ac22be7ab7c9ce1a31263af0941713137740ab43dc9227b6327cf381e3885f6ccca4299308c9d5b5f6eac3d4271e0b47feb7d28f0febbea1562d5cc164fb675aa7572e62822638aaf5e4fd59751b4370a76e3624d073edde6b832ca414a5e97f877daabd290e2ad627f016d9bb0ed0cbd40275df9ab0c7050702ca69c040e623f742107fbd997447240560e3ce0c955fd8d093db011e00424053b9e327b8e0ff7893b9ffd58851e0f5a8992b236e993e06fa328edabeb68670cdbe8cccd0cf4a22acc3529a6f891ec2443ed16ece77018f206cd8b01e1336f819006782539109a49418616872275f18b0adc33f3adec0547ef362644bd71deed579fedefd46bb75f63929f90e634d2c09e3875d680138c95f8faa1b5cce23349ec5d3f855d80eb8474de5707c71d32b1eb3accfa7daf126e63f68f8ad71f3f91ff2a111a99a61dd41e8c575dbfdcc5f381e26c365675c803ddd2f72a8e330c509c770b7d1642770503f47d0916bf2ab890d3352dde4b77689219ccf2919efa9e30babaa948cc4b74142a20b688739a8b22b0eca7dd3376c62a39b7690ec48922932dce5dfe24e779af3ab135c344fb875a4098e6e3e4e6c239d9b2c661b50e99c9704f02e6c45695e5f4108d0c12d650fd5beb2fc01d7976ba03e8caea0b888d5ce7a0254b264377ca4fb85d3085351e05ad06881ad5e3c015350bf27dbbbdcc1a1242b75465f392ad01fdf164870a30a1be5390302f6ddcecd2da01ca088aa6ddfeef68a9b245e4a5dc2213d3ed3edbc41fd72956d7f9d876379080fd52fffb57a38cd9b7e41d620b4d4559a43337c7d8771e2062b2106d19f6f63d7711fb7c745a89a99a8137f4ea894f940b32466f00a5b97caf4eb682ba40bea08579e6f9f1ae0cbb24aa16ba02c3a66a4df00da7db722b9a5ec7b8c99d0528dca09ed5705738ffa31d87a8e9ad525c1af3be22d8f82a7e8394099acbdcfd42f012a9fc2e529c8bf77edc5bc16e0c6a9574c434100665213d0fa3047df3dea01dfe5d8302f69960fa9100929b7eb5dc800e5d4cdf9b99c76a7b49b34cb47b609862548a71bc38299498125f1f60138d91118d16475fcd482c4a34d496bb9aace859cc94e6186e8b5f84d25a3a121678d293b72ccd93f3ead7d9c1a54bb231dd0347436ecee23c45113af0203a5e8dbeb3f6eedd0ad78b9639c5bc2b0d99319102cb82218e"}, {}]}}}}}, 0xfce)
executing program 1:
socket$packet(0x11, 0x2, 0x300)
unshare(0x20000400)
socket$xdp(0x2c, 0x3, 0x0)
unshare(0x20000400)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r1, &(0x7f0000000000), 0x10)
r2 = accept4(r0, &(0x7f00000001c0)=@in={0x2, 0x0, @loopback}, &(0x7f0000000000)=0x80, 0x1800)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000400)=ANY=[@ANYBLOB="80000000080211000001080211000000505050505050008000000000000000006400307b00060202020202020100060204000503008d002503000c043c04000000002d1a00000000000000000000000000000000000000000000000000007206030303030303dd2ea7bb422327263ea0e122dda5e4921550101ee0bae5d6e564c634492fadfe9bab9db2595228827470ba3e8090ac3cddcc09b202d675c576a9d79f359d00c939ef2f4797ba37bfbcc91edd4050432a51ff32148e3d41080a722b0bae4f6ac96fe80069dcdd94a526631eaff948c68e375e099d4a116be05d1e5495c83563ceb5cfc35d9bcc3a50215bbebddc3be5c2d1e0c7f7579837ee6348fda75a0bde23743db921eed9cc9eef4f0ab07dc2ccde51f5a09c89060e302b0b6d21e9c36a845cccbc113dc7f9cddc5790f41bd15dcc025be1a194a2f3d2d02ac16201d22b3a1794d8f85a53faf7cdbb877df287d9fd051a19923ae98dfcdddc87bbfd2ef6dd67f10ecf253af862f5d1390427a47e8e4065761232f93a2be07e23b7945c83a551b56d2ab767395368a904163007ede726d16f97b3d7b022dd66a9d4f3275f4cdf1a59981884911cdbde4948c79c0c39c13037f80152dd2674deebe28c931b7808a75d731d201f498f19129389e151a25c4b8a988256f243097d5c6399de5f3a30e767acaf58fde9cdd04deb59578052b803decd45ceee5d4a0bf9c975bbfc960f71122345dc18ed9408451056f66d25d5861bf389b9717ca02aadf39eb5a43f2a09bb662277c2045557957159b4b1e6073d06c9aa6e5ea92eed29bae9fe9eaa0b98a8b51070dd60049be2d32a3538099709aaadef50a21584b96df0acddbcd3e1afb434bbf4bc1ef49e2a3cf76b303815cd1d04ddba69ace6349127f9e248aec0f2427f3b15dc3b592ee451cf77c0227057ea862e85d706a6995ca5e778587eb22714c8aa3ca476ddf6c15429b51b464b5f7c34b2432bd7cc02d0dc7b6210486a33e0393a4a3482998c6cefc34adaa252159de6e4f27685fdcb9c726a00dccfdba7a3cb1fbbf52dcb6ce6b264c512168a0b292e929c5efe860f66705325b1d9bf07e24d58c722bc009482138e3f0e8222bc0d961218af4a3d0e58b3fd05a1819c1da1d9233aec892a16d07bfe8e6690f89f540d0625230550de37e7eb10f0a48718348bcb7cfec3b55f1db7b36e6d693375f060918c7ef9e0d6c895fc160000eea2e19c5299a0bcdec54b14201a76f4cf8980d2ab43c6ce7160f61a4961d0d59fd42b3508c6d6ced0f7fbac56ae04c0feba3c45186d6c2f7400411ed1d2a1c4ddc659feaf9969a86b87e0ff0d31770c7a0fbf78f82bf41645b3bf5a43cead8034ed785e8f85b392ca31c7bae2541f188f6ed89b2f1b6e87c130ea7d04af50b4840ed711c5719a3c91281f17bbb64afa920fdd1f8864f943fc74d3998a9782ad3de2"], 0x464)
sendmsg$nl_route(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYRESOCT=r1], 0xb8}, 0x1, 0x0, 0x0, 0x40044}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000140)=ANY=[@ANYBLOB="08000000080211000001080211000000500cc0fee6af93e3f35ddf178f50505050500000d2e1"], 0x28)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f00000007c0), 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000dc0)=ANY=[@ANYBLOB="80ffffffffffffffffff0802110000005050505050500000000000640c0000005aaf734b2496440b0602020202020201000503002000710700000006000000000000000065fbdb1db0aa34734b137502475b456d66e418c9758d748a7a83e746243e1b6844821efbd6030de842cc41e14f3c1939e5401cd55936cc05c6aa80ec9fc1d31eb73076675da1a18e7b6afb42368bb7e781532428d45c06496c9d0658408e9951daef9fbe4f07fc76f44d0b8b25f2e8924ce2216c77188e7d4c03135f3bba3a3f7a18ca2e4980f7b7d5c2d5da8971e3413d7250eb050cd1039aa6f97ea0e4ef1b4bd90f"], 0x3c)
socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000700)={'veth1_macvtap\x00', 0x1000})
sendmmsg$inet6(r0, &(0x7f000000cf00)=[{{&(0x7f00000084c0)={0xa, 0xfffc, 0x0, @loopback}, 0x1c, &(0x7f0000008900)}}], 0x1, 0x0)
unshare(0x20000400)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000002c0)=[0x0, 0x0], ""/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0], 0x0, 0x7d, &(0x7f0000000380)=[{}, {}], 0x10, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0xce, 0x8, 0x8, &(0x7f0000000440)}}, 0x10)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
setsockopt$MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000740)={{0xa, 0x4e24, 0xc, @private2, 0x6}, {0xa, 0x4e22, 0x101, @private0, 0x4364}, 0xffffffffffffffff, {[0x9, 0x0, 0x18, 0x9, 0x0, 0x8, 0x2, 0x23]}}, 0x5c)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000006c0)={'syztnl2\x00', &(0x7f00000004c0)={'syztnl0\x00', r3, 0x2f, 0xff, 0x40, 0x9, 0x41, @private0={0xfc, 0x0, '\x00', 0x1}, @private0, 0x80, 0x40, 0x0, 0x7}})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
unshare(0x42000000)
syz_emit_ethernet(0x1f, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000000114200bf7f349aaf8a480f34c38b63d798e9"], 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
sendmsg$tipc(r5, &(0x7f00000026c0)={0x0, 0x0, 0x0}, 0x0)
bind$inet(r4, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
executing program 2:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0x20, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0, 0x0}}, 0x10)
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
unshare(0x22020600)
setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4)
sendmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@cred={{0x1c}}], 0x20}, 0x0)
poll(&(0x7f0000000040), 0x55, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2c0000001a0001000000000000000000020000000000000000000000f0eca5194b908be83c06001c004e23000006001d004e240000"], 0x2c}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="0100000000000000000001000000000000000741000000140017000000000000000069623a6772653069965d1b5fe27bc6eb1e7bbcee009a57d851f45e73e99f67faa5fbc23420f84c7d41e165110783364b88c0a3414da07717c522566ad8a46cfc986eae6fe11d112a1d2d5a1d9dcbdac8778244b92f777c7cc888880dd9a39b72dc7913d4d73adbabd38117ff843b6038f7233c8e9d184e95f8da72bea9301d63438206c980184cbdce6f9859fd29f41a7885eb8da135ae765a0c599f5313c6d843a844e91d9ab72f57268df5ad82d170db0fe4e25a2b40e0d10e9eb5"], 0x30}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @broadcast}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f3, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2}}}})
executing program 0:
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYBLOB, @ANYRES8=0x0, @ANYBLOB="fea8"], 0x48}}, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
socket$alg(0x26, 0x5, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6307ce22667f2f0001"], 0xfdef)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.self_freezing\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
ioctl$SIOCSIFHWADDR(r1, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @remote})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000200)={{{@in=@local, @in6=@ipv4={""/10, ""/2, @private}}}, {{@in=@multicast2}, 0x0, @in6=@local}}, &(0x7f0000000300)=0xe8)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10)
setsockopt$inet6_int(r2, 0x29, 0x2b, 0x0, 0xfff3)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xd, &(0x7f0000000400)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xbc}, @ringbuf_output]}, &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes)\x00'}, 0x3a)
setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0xe)
executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @random="cb2440ac9e0c"}]}, 0x44}}, 0x0)
executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000180)=0x100003, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="0001"], 0x18)
sendto$inet6(r0, &(0x7f0000000080)='w', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)=ANY=[], 0x8)
sendto$inet6(r0, &(0x7f0000000280)="03", 0xfeaa, 0x4008000, 0x0, 0x0)
executing program 2:
bpf$OBJ_GET_MAP(0x7, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1}, 0x48)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180))
socket$kcm(0x2, 0x3, 0x106)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000380)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000500)=[{&(0x7f0000000700)="fbd2b9ed29d8974a6ce75f08916ac3b4dafef92c", 0xffeb}], 0x1}, 0x0)
executing program 4:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x0, 0x0, 0x101, 0x100}})
executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0)
ioctl$TCSETS(r0, 0x89f1, 0x0)
executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
fcntl$getown(r2, 0x9)
ptrace$setsig(0x4203, 0x0, 0xb, &(0x7f0000000140)={0x33, 0xfff})
r3 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='batadv_slave_0\x00', 0x10)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000280)='wlan1\x00', 0x10)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000140), 0x4)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000300)="ecab5329269972f145883fef0be71d70c188594bf89a5adaef0704ad67faf87fb50d21384b2ab982aaa9178abb878db234fcee71f2a3eb772da0da2e0fcab20a94463c2dd91b3ccf1241a07660aeb4655bf29d65fb3f3c548573d096c0d15ee237570afa9fe4d0b2be5cd2ea7d3675e2e2cc0b27db4f43ac1348b2d57cec24d85817a66e968973bfb3e7", 0x8a)
setsockopt$inet_mreqsrc(r3, 0x0, 0x0, &(0x7f0000000240)={@private=0xa010100, @broadcast, @multicast1}, 0xc)
socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="8907040400", 0x5)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x17, 0x17, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@printk={@p, {}, {0x5}, {0x7, 0x0, 0x9}, {}, {}, {0x15}}], {{}, {0x5}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
executing program 1:
iopl(0x3)
timerfd_create(0x0, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_dev$dri(&(0x7f00000005c0), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000002f00)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_DIRTYFB(r1, 0xc01864b1, &(0x7f00000000c0)={r3, 0x0, 0x0, 0x0, &(0x7f0000000040)})
dup(r0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x5, 0x2, 0x0, &(0x7f0000048000), 0x0)
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00')
ioctl$NS_GET_PARENT(r0, 0x8004b706, 0x0)
executing program 4:
syz_io_uring_setup(0x7414, &(0x7f0000000080), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000001d40)={0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000001bc0)="a9", 0x1}], 0x1}, 0x8010)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0}], 0x1, 0x0)
executing program 4:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_BTF_LOAD-bpf$BPF_GET_BTF_INFO
detailed listing:
executing program 0:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00')
ioctl$NS_GET_PARENT(r0, 0x8004b706, 0x0)

program crashed: WARNING: lock held when returning to user space in ns_ioctl
single: successfully extracted reproducer
found reproducer with 2 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace
detailed listing:
executing program 0:
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00')

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$NS_GET_PARENT
detailed listing:
executing program 0:
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0x8004b706, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
detailed listing:
executing program 0:
r0 = syz_open_procfs$namespace(0x0, 0x0)
ioctl$NS_GET_PARENT(r0, 0x8004b706, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
program crashed: WARNING: lock held when returning to user space in ns_ioctl
simplifying C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
program crashed: WARNING: lock held when returning to user space in ns_ioctl
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
program crashed: WARNING: lock held when returning to user space in ns_ioctl
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
program crashed: WARNING: lock held when returning to user space in ns_ioctl
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
program crashed: WARNING: lock held when returning to user space in ns_ioctl
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
program crashed: WARNING: lock held when returning to user space in ns_ioctl
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
program crashed: WARNING: lock held when returning to user space in ns_ioctl
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_procfs$namespace-ioctl$NS_GET_PARENT
program crashed: WARNING: lock held when returning to user space in ns_ioctl
reproducing took 26m44.415614625s
repro crashed as (corrupted=false):
================================================
WARNING: lock held when returning to user space!
6.10.0-syzkaller-04472-g51835949dda3 #0 Not tainted
------------------------------------------------
syz-executor257/5082 is leaving the kernel with locks still held!
1 lock held by syz-executor257/5082:
 #0: ffffffff8e335fe0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #0: ffffffff8e335fe0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #0: ffffffff8e335fe0 (rcu_read_lock){....}-{1:2}, at: ns_ioctl+0x3e0/0x740 fs/nsfs.c:184
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5082, name: syz-executor257
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
INFO: lockdep is turned off.
CPU: 1 PID: 5082 Comm: syz-executor257 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 __might_resched+0x5d4/0x780 kernel/sched/core.c:8437
 might_alloc include/linux/sched/mm.h:337 [inline]
 prepare_alloc_pages+0x1c9/0x5d0 mm/page_alloc.c:4454
 __alloc_pages_noprof+0x166/0x6c0 mm/page_alloc.c:4672
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 vma_alloc_folio_noprof+0xf3/0x1f0 mm/mempolicy.c:2304
 folio_prealloc+0x31/0x170
 wp_page_copy mm/memory.c:3285 [inline]
 do_wp_page+0x11cc/0x52f0 mm/memory.c:3677
 handle_pte_fault+0x117e/0x7090 mm/memory.c:5397
 __handle_mm_fault mm/memory.c:5524 [inline]
 handle_mm_fault+0xfb0/0x19d0 mm/memory.c:5689
 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f72e4df2de0
Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 0d 02 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 e0 2e 0a 00 0f 85 0f 02 00 00 4c 8d 25 d3 2e 0a 00 4c
RSP: 002b:00007ffd9317a820 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 00007f72e4e93110 RDI: 0000000000000000
RBP: 00007f72e4e93110 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
 </TASK>

final repro crashed as (corrupted=false):
================================================
WARNING: lock held when returning to user space!
6.10.0-syzkaller-04472-g51835949dda3 #0 Not tainted
------------------------------------------------
syz-executor257/5082 is leaving the kernel with locks still held!
1 lock held by syz-executor257/5082:
 #0: ffffffff8e335fe0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:327 [inline]
 #0: ffffffff8e335fe0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:839 [inline]
 #0: ffffffff8e335fe0 (rcu_read_lock){....}-{1:2}, at: ns_ioctl+0x3e0/0x740 fs/nsfs.c:184
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5082, name: syz-executor257
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
INFO: lockdep is turned off.
CPU: 1 PID: 5082 Comm: syz-executor257 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 __might_resched+0x5d4/0x780 kernel/sched/core.c:8437
 might_alloc include/linux/sched/mm.h:337 [inline]
 prepare_alloc_pages+0x1c9/0x5d0 mm/page_alloc.c:4454
 __alloc_pages_noprof+0x166/0x6c0 mm/page_alloc.c:4672
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 vma_alloc_folio_noprof+0xf3/0x1f0 mm/mempolicy.c:2304
 folio_prealloc+0x31/0x170
 wp_page_copy mm/memory.c:3285 [inline]
 do_wp_page+0x11cc/0x52f0 mm/memory.c:3677
 handle_pte_fault+0x117e/0x7090 mm/memory.c:5397
 __handle_mm_fault mm/memory.c:5524 [inline]
 handle_mm_fault+0xfb0/0x19d0 mm/memory.c:5689
 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f72e4df2de0
Code: 41 54 55 48 89 f5 53 89 fb 48 83 ec 18 48 83 3d 0d 02 0a 00 00 89 54 24 0c 74 08 84 c9 0f 85 09 02 00 00 31 c0 ba 01 00 00 00 <f0> 0f b1 15 e0 2e 0a 00 0f 85 0f 02 00 00 4c 8d 25 d3 2e 0a 00 4c
RSP: 002b:00007ffd9317a820 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 00007f72e4e93110 RDI: 0000000000000000
RBP: 00007f72e4e93110 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
 </TASK>