Extracting prog: 1h11m41.886278346s
Minimizing prog: 1h0m52.726576645s
Simplifying prog options: 0s
Extracting C: 3m4.406100554s
Simplifying C: 24m11.442163851s


30 programs, 3 VMs, timeouts [6m0s]
extracting reproducer from 30 programs
single: executing 5 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-creat-mknod$loop-openat$cgroup_ro-link-rename
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10040, &(0x7f0000000200)={[{@journal_dev}, {@nouid32}]}, 0xfe, 0x254, &(0x7f0000000840)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzLTn1EkpvTXssvYReWgo9pW0O6aXQhh4aemgPW2Znt2yTDW2zyU7JfD4wO/P2vZnfDMz37V5mN4DCGo2IyYgoR8RYRFQjIuke8H62jLabK7X12Yhm85t7SWtc1s509huJiEZEfBZR6fQtrf2w9WDjq4/+Wax+eGrt+9qgrq/b9tbm1zsnp/8+O/Xp0pVrd6aTmIx6u6/7Og5T0uO9ShLxxlEUe0kklbzPgOcx8+eZ62nu34yID1r5r0apHdl/F165WI1PTuy37393r749yHMFDl+zWU0/AxtNoHBKEVGPpDQeEdl2qTQ+nn2Hv1EeLv02v/DH2K/zi3O/5D1TAYelHrH55fmhcyO78n+7nOUfOL7S/H87s3oz3d4p5302wEC8k63S/I/9tPxxyD8UjvxDcck/FJf8wzFwwOzKPxSX/ENxyT8cY9XORqNnt/xDcck/FJf8Q3F15x8AKJbmUN5PIAN5yXv+AQAAAAAAAAAAAAAAAAAA9lqprc92lkHVvPR/xPYXEVHpVb/c+j/iiFdbr8P3k3TYE0m2W19+fK/PA/TpdM5PX792K9/6l989muP+9XSztt+45bmIRjp4olLZe/8l7fvv4F5/Rn/15z4LvKBkV/vz7wZbf7dHq/nWn9qIuJDOPxO95p9SvNVa955/6t0/sXxAvz/s8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzOMAAAD//7MNbSk=")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$ITER_CREATE-bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-openat$kvm-ioctl$KVM_CREATE_VM-timer_create-timer_settime-timer_settime-unshare-mkdir-mount-unshare-rmdir-mkdirat-removexattr-mount-pivot_root-ioctl$KVM_CREATE_PIT2-timer_settime-getsockopt$sock_cred-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_IRQCHIP-timer_settime-getsockopt$sock_cred-unshare-unshare-ioctl$KVM_CREATE_VCPU-mkdirat-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$ITER_CREATE-bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-openat$kvm-ioctl$KVM_CREATE_VM-timer_create-timer_settime-timer_settime-unshare-mkdir-mount-unshare-rmdir-mkdirat-removexattr-mount-pivot_root-ioctl$KVM_CREATE_PIT2-timer_settime-getsockopt$sock_cred-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_IRQCHIP-timer_settime-getsockopt$sock_cred-unshare-unshare-ioctl$KVM_CREATE_VCPU-mkdirat-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_generic-socket$nl_generic-bind$l2tp6-socket$nl_generic-syz_genetlink_get_family_id$l2tp-sendmsg$L2TP_CMD_TUNNEL_CREATE
detailed listing:
executing program 0:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$ITER_CREATE-bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-openat$kvm-ioctl$KVM_CREATE_VM-timer_create-timer_settime-timer_settime-unshare-mkdir-mount-unshare-rmdir-mkdirat-removexattr-mount-pivot_root-ioctl$KVM_CREATE_PIT2-timer_settime-getsockopt$sock_cred-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_IRQCHIP-timer_settime-getsockopt$sock_cred-unshare-unshare-ioctl$KVM_CREATE_VCPU-mkdirat-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 6m0s
testing program (duration=6m7s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 7, 5, 6, 3, 7, 3, 6, 26, 3, 3, 30, 4, 7, 6, 8, 2, 8, 3, 6, 2, 16, 19, 2, 4, 30, 6, 30, 30, 6]
detailed listing:
executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x25}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
executing program 4:
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001ac0)={{r0}, &(0x7f0000001a40), &(0x7f0000001a80)='%+9llu \x00'}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 4:
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
symlinkat(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r1, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
executing program 4:
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff}, 0x6)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
executing program 3:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x43, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x2b, {0x2b, 0x0, "7ddeff220c0837b868d67858420f0fa2ac78caf60bb986971abb95f44914995b4aa6c3679c86271245"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 2:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x30}, 0xc)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000400)={0x0, 0x2}, 0x8)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000040)="93", 0x34000, 0x0, 0x0, 0x44)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000140)='I', 0x1}], 0x1)
executing program 1:
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x0, 0x0, 0xfffffffffffffffe)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x40}}, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x72, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x3c, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "5b29ab", 0x0, 0x11, 0x0, @remote, @remote, [], "8529baf364d3471a42ef5f74"}}}}}}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="6000000002061b76e890f7970b443330b39ead34a00103000000000008000000000001050001000700000016000300686173683a6e65742c706f72742c6e657400000005000400000000000500040000000000050005000200000014000780050015000400000008"], 0x60}}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x0, 0x84)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f0000000000)={0x0, 0x0, 0x10001, 0x0, 0xe})
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x248, 0xe0, 0x0, 0x0, 0x0, 0x0, 0x1b0, 0x1f0, 0x1f0, 0x1b0, 0x1f0, 0x3, 0x0, {[{{@ip={@private, @remote, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x1}, 0x0, 0xc0, 0xe0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@icmp={{0x28}, {0x0, "0bfb"}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2a8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, 0x0, 0x0)
r6 = socket(0x10, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000000)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
socket$inet(0x2, 0x80001, 0x84)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc}]}], {0x14}}, 0x54}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r8 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r8, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r8, &(0x7f00000009c0)=[{{&(0x7f0000000580)={0x2, 0x4e23, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000008c0)=[@ip_retopts={{0x88, 0x0, 0x7, {[@cipso={0x86, 0x3a, 0x0, [{0x0, 0xf, "705a9519b25e17211968387b40"}, {0x0, 0xe, "e64f348761567e8dfbd72b35"}, {0x0, 0x5, 'i#>'}, {0x0, 0x9, "daa732b1c6909f"}, {0x2, 0x9, "94e41fed84a134"}]}, @timestamp={0x44, 0xc, 0x84, 0x0, 0x1, [0x1f, 0xe3de]}, @noop, @timestamp={0x44, 0x10, 0x7d, 0x0, 0x1, [0x6, 0x5e, 0x46]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0xc, 0x18, 0x3, 0x0, [{@dev={0xac, 0x14, 0x14, 0x2f}, 0x6}]}, @timestamp={0x44, 0x10, 0xed, 0x0, 0xc, [0x1ff, 0x80000001, 0xa2]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @multicast2, @rand_addr=0x64010101}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x16}}}}], 0xc8}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000300)={0x0, 0x2}, 0x8)
shutdown(0xffffffffffffffff, 0x0)
r9 = socket$igmp(0x2, 0x3, 0x2)
ioctl$sock_inet_SIOCSARP(r9, 0x8955, &(0x7f0000000040)={{0x2, 0x0, @remote}, {}, 0x28, {0x2, 0x0, @empty}})
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x1}, 0x10)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)={0x4c, 0x8, 0x6, 0x201, 0x0, 0x0, {0xa, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40884}, 0x4c040)
executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000070000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10)
landlock_create_ruleset(0x0, 0x0, 0x10000000000001)
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0xab, {0xab, 0x0, "9a76e69c85a99bf24a663725295429ac4c4d6d3750eb0ef4f28740810360214fa87b57baa140c50ef04893897a41b30728908cf649c4877970a610684780f4e25f1bf483cf47f52dae24eebb71c6ffdac79964ca41c6e0c6e9de6e957f8568f3ff90155973247ae98ee1a260c94b288d6fd8d77e80f2fec19eadabd86db4623781a1823d103d70464d111076db2e283ca0c45b27420c15c2b505325bae6be2841039cabe31e2c07a3f"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x5}}]}}]}, 0x44}}, 0x0)
executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8}]}}]}, 0x3c}}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x6}]}}]}, 0x48}}, 0x0)
executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000840)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in=@empty, 0x0, 0x6c}, @in=@private, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'rmd160-generic\x00'}}}]}, 0x184}}, 0x0)
executing program 3:
r0 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000000000)='./file1\x00', 0x0, 0x1)
r2 = openat(r1, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r2, 0x0)
mlock2(&(0x7f000027d000/0x2000)=nil, 0x2000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe)
executing program 3:
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x0, 0x0, 0xfffffffffffffffe)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x40}}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_CHAIN_HANDLE={0xc}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x74}}, 0x0)
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={<r2=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)='8', 0x1}], 0x1, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {r2, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r1]}}], 0x38}}], 0x1, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000200)={[{@dots}, {@dots}, {@dots}, {}, {@fat=@nfs}, {@fat=@gid}, {@dots}, {@nodots}, {@fat=@umask={'umask', 0x3d, 0x8b3}}, {@fat=@check_strict}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x1}}, {@dots}, {@dots}, {@fat=@showexec}, {@nodots}, {@dots}, {@fat=@tz_utc}, {@nodots}, {@dots}, {@fat=@flush}, {@nodots}, {@nodots}]}, 0xfd, 0x1bf, &(0x7f0000000300)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4)
splice(r0, 0x0, r3, 0x0, 0x39000, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000300)={0x0, 0x110000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000340))
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000004400)={0x2020}, 0xe9c9e6f)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r4)
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file0\x00', 0x28800, &(0x7f0000000380)=ANY=[], 0x1, 0x68b, &(0x7f0000001200)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFr1EreHYkoowT2EQi+LLcfCayfISlFCadX3aw/5A9KDDoVeWujdkEJPbW+hN9FDCRR6yUk3l5md1a6tF+/KkjdqPx8zu8/s8zq/mXlGs4uZAP+3rp5P836KXD3/+lq5vrmx0NncWDhRZ3eSlOlG0uy+pbibFB8lV9Jd8vnyw7p8sVc/HywvXvv4081PumvNeqnKN/arV2o9divW6yWzSSbq950mH9vQbu1d37O9/bW3U8X2FpYBO9cLHIzbgx3WR6m+73kLHA9F97q5w0xyMsl0/XdA6tmh8XRHd/hGmuUAAADgmHpmK1tZy6lxjwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOk/r5/0W9NHrp2RS95/9P1Z+lTl9rjHnMT+L+uAcAAAAAAAAAAIfgi1vZylpO9dYfdH/Zf7l6PV29fi7v5l6WspILWUs7q1nNSuaTzAw0NLXWXl1dmX+05kQvv1/z0q41Lx1s/H84WDUAAAAAAAAA+F/zs1zt//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfBUUy0X2rltO99EwazSTTSabKcuvJ33vpY6LY7cP7T38cAAAA8ESmD1Dnma1sZS2neusPiuqe/2x1vzydd3M3q1nOajpZyo36Hrq8629sbix0NjcW7mxuLFQd/+BBV7edb/5npGFULab73cPuPb9YlWjlZparTy7kejWYG2lUNUsv1uPZXh7u5KflmFqv1YYc2Y36vezsN3t9i3AYGqNWmKkqTW5HZK4eW9nQs/tH4rF7p7lvT/NpbH/zc3qfnnqbVIwY85O9ekl+9UjMX/vX774/ZDNHYDsSjVSRuDRw9J3dP+bJl/70+zdvde7evnXz3vkjO4yelkePiYWBSLxwrCPRHLH8XBWJM9vrV/PtfC/nM5s3spLl/DDtrGYp9cyYdn08l68zA1FKdkTqykNrbzxuJFP1funOosOMaTYnqlQ7L1d1T2U5Rd7OjSzl1erfpczna7mcy1kc2MNn9tzD1bZVM21jtLP+3JfTP9V/Xc7Uw9VL/jJswdF1L6llXJ8diOvgnDtT5Q1+0o/Sc0Ncj0acG5tfqBNlHz8/yGXjyDwaifmBSDy/fyR+W50b9zp3b6/car+zR/vrj6y/MtlP//Ior8wjK4+X5zJdzyQPHx1l3vPbs8zD8Zqqf3Hp5jV25J2p8oqid6Z+d5cztYz4YlX67K4tXaryXtiZN1GP/B//HMh76O+tvP3X8cQTgBGd/MrJqda/W39rfdj6RetW6/Xpb534+omXpjL558lvNOcmXmm8VPwxH+bH/ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg4O699/7tdqeztLJ7orF31uEmivpBPnuVaaaVMnHi8WM+LokiWT/0ljP+7Roi0XuI4JO28+aVz8TmHOvERJL2d6rT6idJ//ipd9FBHi4KHAsXV++8c/Hee+9/dflO+62lt5buTl6+vDi3ePnVhYs3lztLc93XcY8SOAr9vwfGPRIAAAAAAAAAAABgWE/jfxoMdDc7xk0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjqmr59OcTJH5uQtz5frmxkKnXHrpfslmkkYjKX6UFB8lV9JdMjPQXLFXPx8sL177+NPNT/ptNXvlG/vVG856vWQ2yUT9vsPUwdq7vld7Qyu2t7AM2Lle4GDc/hsAAP//84ECTg==")
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_access\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$PPPIOCATTACH(0xffffffffffffffff, 0x4004743d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mlockall(0x7)
munlockall()
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000780)=[@text16={0x10, &(0x7f00000007c0)="660f388232660f2e3bb8ec008ee80f7577ad0f01cf66670f21da9a00007d00baf80c66b80814298d66efbafc0c66b8173da2d566ef0f01df0f08", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={0x0, @in={0x2, 0x0, @local}, @tipc, @nl=@unspec})
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x5}}]}}]}, 0x44}}, 0x0)
executing program 1:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)
executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 0:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 4:
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10040, &(0x7f0000000200)={[{@journal_dev}, {@nouid32}]}, 0xfe, 0x254, &(0x7f0000000840)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzLTn1EkpvTXssvYReWgo9pW0O6aXQhh4aemgPW2Znt2yTDW2zyU7JfD4wO/P2vZnfDMz37V5mN4DCGo2IyYgoR8RYRFQjIuke8H62jLabK7X12Yhm85t7SWtc1s509huJiEZEfBZR6fQtrf2w9WDjq4/+Wax+eGrt+9qgrq/b9tbm1zsnp/8+O/Xp0pVrd6aTmIx6u6/7Og5T0uO9ShLxxlEUe0kklbzPgOcx8+eZ62nu34yID1r5r0apHdl/F165WI1PTuy37393r749yHMFDl+zWU0/AxtNoHBKEVGPpDQeEdl2qTQ+nn2Hv1EeLv02v/DH2K/zi3O/5D1TAYelHrH55fmhcyO78n+7nOUfOL7S/H87s3oz3d4p5302wEC8k63S/I/9tPxxyD8UjvxDcck/FJf8wzFwwOzKPxSX/ENxyT8cY9XORqNnt/xDcck/FJf8Q3F15x8AKJbmUN5PIAN5yXv+AQAAAAAAAAAAAAAAAAAA9lqprc92lkHVvPR/xPYXEVHpVb/c+j/iiFdbr8P3k3TYE0m2W19+fK/PA/TpdM5PX792K9/6l989muP+9XSztt+45bmIRjp4olLZe/8l7fvv4F5/Rn/15z4LvKBkV/vz7wZbf7dHq/nWn9qIuJDOPxO95p9SvNVa955/6t0/sXxAvz/s8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzOMAAAD//7MNbSk=")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

program crashed: INFO: task hung in addrconf_dad_work
bisect: bisecting 30 programs
bisect: split chunks (needed=false): <30>
bisect: split chunk #0 of len 30 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=6m5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 30, 4, 7, 6, 8, 2, 8, 3, 6, 2, 16, 19, 2, 4, 30, 6, 30, 30, 6]
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0xab, {0xab, 0x0, "9a76e69c85a99bf24a663725295429ac4c4d6d3750eb0ef4f28740810360214fa87b57baa140c50ef04893897a41b30728908cf649c4877970a610684780f4e25f1bf483cf47f52dae24eebb71c6ffdac79964ca41c6e0c6e9de6e957f8568f3ff90155973247ae98ee1a260c94b288d6fd8d77e80f2fec19eadabd86db4623781a1823d103d70464d111076db2e283ca0c45b27420c15c2b505325bae6be2841039cabe31e2c07a3f"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x5}}]}}]}, 0x44}}, 0x0)
executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8}]}}]}, 0x3c}}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x6}]}}]}, 0x48}}, 0x0)
executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000840)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in=@empty, 0x0, 0x6c}, @in=@private, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'rmd160-generic\x00'}}}]}, 0x184}}, 0x0)
executing program 3:
r0 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000000000)='./file1\x00', 0x0, 0x1)
r2 = openat(r1, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r2, 0x0)
mlock2(&(0x7f000027d000/0x2000)=nil, 0x2000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe)
executing program 3:
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x0, 0x0, 0xfffffffffffffffe)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x40}}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_CHAIN_HANDLE={0xc}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x74}}, 0x0)
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={<r2=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)='8', 0x1}], 0x1, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {r2, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r1]}}], 0x38}}], 0x1, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000200)={[{@dots}, {@dots}, {@dots}, {}, {@fat=@nfs}, {@fat=@gid}, {@dots}, {@nodots}, {@fat=@umask={'umask', 0x3d, 0x8b3}}, {@fat=@check_strict}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x1}}, {@dots}, {@dots}, {@fat=@showexec}, {@nodots}, {@dots}, {@fat=@tz_utc}, {@nodots}, {@dots}, {@fat=@flush}, {@nodots}, {@nodots}]}, 0xfd, 0x1bf, &(0x7f0000000300)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4)
splice(r0, 0x0, r3, 0x0, 0x39000, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000300)={0x0, 0x110000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000340))
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000004400)={0x2020}, 0xe9c9e6f)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r4)
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file0\x00', 0x28800, &(0x7f0000000380)=ANY=[], 0x1, 0x68b, &(0x7f0000001200)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFr1EreHYkoowT2EQi+LLcfCayfISlFCadX3aw/5A9KDDoVeWujdkEJPbW+hN9FDCRR6yUk3l5md1a6tF+/KkjdqPx8zu8/s8zq/mXlGs4uZAP+3rp5P836KXD3/+lq5vrmx0NncWDhRZ3eSlOlG0uy+pbibFB8lV9Jd8vnyw7p8sVc/HywvXvv4081PumvNeqnKN/arV2o9divW6yWzSSbq950mH9vQbu1d37O9/bW3U8X2FpYBO9cLHIzbgx3WR6m+73kLHA9F97q5w0xyMsl0/XdA6tmh8XRHd/hGmuUAAADgmHpmK1tZy6lxjwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOk/r5/0W9NHrp2RS95/9P1Z+lTl9rjHnMT+L+uAcAAAAAAAAAAIfgi1vZylpO9dYfdH/Zf7l6PV29fi7v5l6WspILWUs7q1nNSuaTzAw0NLXWXl1dmX+05kQvv1/z0q41Lx1s/H84WDUAAAAAAAAA+F/zs1zt//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfBUUy0X2rltO99EwazSTTSabKcuvJ33vpY6LY7cP7T38cAAAA8ESmD1Dnma1sZS2neusPiuqe/2x1vzydd3M3q1nOajpZyo36Hrq8629sbix0NjcW7mxuLFQd/+BBV7edb/5npGFULab73cPuPb9YlWjlZparTy7kejWYG2lUNUsv1uPZXh7u5KflmFqv1YYc2Y36vezsN3t9i3AYGqNWmKkqTW5HZK4eW9nQs/tH4rF7p7lvT/NpbH/zc3qfnnqbVIwY85O9ekl+9UjMX/vX774/ZDNHYDsSjVSRuDRw9J3dP+bJl/70+zdvde7evnXz3vkjO4yelkePiYWBSLxwrCPRHLH8XBWJM9vrV/PtfC/nM5s3spLl/DDtrGYp9cyYdn08l68zA1FKdkTqykNrbzxuJFP1funOosOMaTYnqlQ7L1d1T2U5Rd7OjSzl1erfpczna7mcy1kc2MNn9tzD1bZVM21jtLP+3JfTP9V/Xc7Uw9VL/jJswdF1L6llXJ8diOvgnDtT5Q1+0o/Sc0Ncj0acG5tfqBNlHz8/yGXjyDwaifmBSDy/fyR+W50b9zp3b6/car+zR/vrj6y/MtlP//Ior8wjK4+X5zJdzyQPHx1l3vPbs8zD8Zqqf3Hp5jV25J2p8oqid6Z+d5cztYz4YlX67K4tXaryXtiZN1GP/B//HMh76O+tvP3X8cQTgBGd/MrJqda/W39rfdj6RetW6/Xpb534+omXpjL558lvNOcmXmm8VPwxH+bH/ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg4O699/7tdqeztLJ7orF31uEmivpBPnuVaaaVMnHi8WM+LokiWT/0ljP+7Roi0XuI4JO28+aVz8TmHOvERJL2d6rT6idJ//ipd9FBHi4KHAsXV++8c/Hee+9/dflO+62lt5buTl6+vDi3ePnVhYs3lztLc93XcY8SOAr9vwfGPRIAAAAAAAAAAABgWE/jfxoMdDc7xk0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjqmr59OcTJH5uQtz5frmxkKnXHrpfslmkkYjKX6UFB8lV9JdMjPQXLFXPx8sL177+NPNT/ptNXvlG/vVG856vWQ2yUT9vsPUwdq7vld7Qyu2t7AM2Lle4GDc/hsAAP//84ECTg==")
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_access\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$PPPIOCATTACH(0xffffffffffffffff, 0x4004743d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mlockall(0x7)
munlockall()
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000780)=[@text16={0x10, &(0x7f00000007c0)="660f388232660f2e3bb8ec008ee80f7577ad0f01cf66670f21da9a00007d00baf80c66b80814298d66efbafc0c66b8173da2d566ef0f01df0f08", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={0x0, @in={0x2, 0x0, @local}, @tipc, @nl=@unspec})
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x5}}]}}]}, 0x44}}, 0x0)
executing program 1:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)
executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 0:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 4:
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10040, &(0x7f0000000200)={[{@journal_dev}, {@nouid32}]}, 0xfe, 0x254, &(0x7f0000000840)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzLTn1EkpvTXssvYReWgo9pW0O6aXQhh4aemgPW2Znt2yTDW2zyU7JfD4wO/P2vZnfDMz37V5mN4DCGo2IyYgoR8RYRFQjIuke8H62jLabK7X12Yhm85t7SWtc1s509huJiEZEfBZR6fQtrf2w9WDjq4/+Wax+eGrt+9qgrq/b9tbm1zsnp/8+O/Xp0pVrd6aTmIx6u6/7Og5T0uO9ShLxxlEUe0kklbzPgOcx8+eZ62nu34yID1r5r0apHdl/F165WI1PTuy37393r749yHMFDl+zWU0/AxtNoHBKEVGPpDQeEdl2qTQ+nn2Hv1EeLv02v/DH2K/zi3O/5D1TAYelHrH55fmhcyO78n+7nOUfOL7S/H87s3oz3d4p5302wEC8k63S/I/9tPxxyD8UjvxDcck/FJf8wzFwwOzKPxSX/ENxyT8cY9XORqNnt/xDcck/FJf8Q3F15x8AKJbmUN5PIAN5yXv+AQAAAAAAAAAAAAAAAAAA9lqprc92lkHVvPR/xPYXEVHpVb/c+j/iiFdbr8P3k3TYE0m2W19+fK/PA/TpdM5PX792K9/6l989muP+9XSztt+45bmIRjp4olLZe/8l7fvv4F5/Rn/15z4LvKBkV/vz7wZbf7dHq/nWn9qIuJDOPxO95p9SvNVa955/6t0/sXxAvz/s8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzOMAAAD//7MNbSk=")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

program crashed: INFO: task hung in ip_fib_net_exit
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 16, 19, 2, 4, 30, 6, 30, 30, 6]
detailed listing:
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_CHAIN_HANDLE={0xc}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x74}}, 0x0)
executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={<r2=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)='8', 0x1}], 0x1, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {r2, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r1]}}], 0x38}}], 0x1, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000200)={[{@dots}, {@dots}, {@dots}, {}, {@fat=@nfs}, {@fat=@gid}, {@dots}, {@nodots}, {@fat=@umask={'umask', 0x3d, 0x8b3}}, {@fat=@check_strict}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x1}}, {@dots}, {@dots}, {@fat=@showexec}, {@nodots}, {@dots}, {@fat=@tz_utc}, {@nodots}, {@dots}, {@fat=@flush}, {@nodots}, {@nodots}]}, 0xfd, 0x1bf, &(0x7f0000000300)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa")
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4)
splice(r0, 0x0, r3, 0x0, 0x39000, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000300)={0x0, 0x110000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000340))
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000004400)={0x2020}, 0xe9c9e6f)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r4)
executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file0\x00', 0x28800, &(0x7f0000000380)=ANY=[], 0x1, 0x68b, &(0x7f0000001200)="$eJzs3c1rHOcdB/DvrFay1gVHSWwnLYGKGNJSU1uycFr1EreHYkoowT2EQi+LLcfCayfISlFCadX3aw/5A9KDDoVeWujdkEJPbW+hN9FDCRR6yUk3l5md1a6tF+/KkjdqPx8zu8/s8zq/mXlGs4uZAP+3rp5P836KXD3/+lq5vrmx0NncWDhRZ3eSlOlG0uy+pbibFB8lV9Jd8vnyw7p8sVc/HywvXvv4081PumvNeqnKN/arV2o9divW6yWzSSbq950mH9vQbu1d37O9/bW3U8X2FpYBO9cLHIzbgx3WR6m+73kLHA9F97q5w0xyMsl0/XdA6tmh8XRHd/hGmuUAAADgmHpmK1tZy6lxjwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOk/r5/0W9NHrp2RS95/9P1Z+lTl9rjHnMT+L+uAcAAAAAAAAAAIfgi1vZylpO9dYfdH/Zf7l6PV29fi7v5l6WspILWUs7q1nNSuaTzAw0NLXWXl1dmX+05kQvv1/z0q41Lx1s/H84WDUAAAAAAAAA+F/zs1zt//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfBUUy0X2rltO99EwazSTTSabKcuvJ33vpY6LY7cP7T38cAAAA8ESmD1Dnma1sZS2neusPiuqe/2x1vzydd3M3q1nOajpZyo36Hrq8629sbix0NjcW7mxuLFQd/+BBV7edb/5npGFULab73cPuPb9YlWjlZparTy7kejWYG2lUNUsv1uPZXh7u5KflmFqv1YYc2Y36vezsN3t9i3AYGqNWmKkqTW5HZK4eW9nQs/tH4rF7p7lvT/NpbH/zc3qfnnqbVIwY85O9ekl+9UjMX/vX774/ZDNHYDsSjVSRuDRw9J3dP+bJl/70+zdvde7evnXz3vkjO4yelkePiYWBSLxwrCPRHLH8XBWJM9vrV/PtfC/nM5s3spLl/DDtrGYp9cyYdn08l68zA1FKdkTqykNrbzxuJFP1funOosOMaTYnqlQ7L1d1T2U5Rd7OjSzl1erfpczna7mcy1kc2MNn9tzD1bZVM21jtLP+3JfTP9V/Xc7Uw9VL/jJswdF1L6llXJ8diOvgnDtT5Q1+0o/Sc0Ncj0acG5tfqBNlHz8/yGXjyDwaifmBSDy/fyR+W50b9zp3b6/car+zR/vrj6y/MtlP//Ior8wjK4+X5zJdzyQPHx1l3vPbs8zD8Zqqf3Hp5jV25J2p8oqid6Z+d5cztYz4YlX67K4tXaryXtiZN1GP/B//HMh76O+tvP3X8cQTgBGd/MrJqda/W39rfdj6RetW6/Xpb534+omXpjL558lvNOcmXmm8VPwxH+bH/ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg4O699/7tdqeztLJ7orF31uEmivpBPnuVaaaVMnHi8WM+LokiWT/0ljP+7Roi0XuI4JO28+aVz8TmHOvERJL2d6rT6idJ//ipd9FBHi4KHAsXV++8c/Hee+9/dflO+62lt5buTl6+vDi3ePnVhYs3lztLc93XcY8SOAr9vwfGPRIAAAAAAAAAAABgWE/jfxoMdDc7xk0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjqmr59OcTJH5uQtz5frmxkKnXHrpfslmkkYjKX6UFB8lV9JdMjPQXLFXPx8sL177+NPNT/ptNXvlG/vVG856vWQ2yUT9vsPUwdq7vld7Qyu2t7AM2Lle4GDc/hsAAP//84ECTg==")
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_access\x00', 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$PPPIOCATTACH(0xffffffffffffffff, 0x4004743d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
mlockall(0x7)
munlockall()
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000780)=[@text16={0x10, &(0x7f00000007c0)="660f388232660f2e3bb8ec008ee80f7577ad0f01cf66670f21da9a00007d00baf80c66b80814298d66efbafc0c66b8173da2d566ef0f01df0f08", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={0x0, @in={0x2, 0x0, @local}, @tipc, @nl=@unspec})
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x5}}]}}]}, 0x44}}, 0x0)
executing program 1:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)
executing program 3:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 0:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 4:
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10040, &(0x7f0000000200)={[{@journal_dev}, {@nouid32}]}, 0xfe, 0x254, &(0x7f0000000840)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzLTn1EkpvTXssvYReWgo9pW0O6aXQhh4aemgPW2Znt2yTDW2zyU7JfD4wO/P2vZnfDMz37V5mN4DCGo2IyYgoR8RYRFQjIuke8H62jLabK7X12Yhm85t7SWtc1s509huJiEZEfBZR6fQtrf2w9WDjq4/+Wax+eGrt+9qgrq/b9tbm1zsnp/8+O/Xp0pVrd6aTmIx6u6/7Og5T0uO9ShLxxlEUe0kklbzPgOcx8+eZ62nu34yID1r5r0apHdl/F165WI1PTuy37393r749yHMFDl+zWU0/AxtNoHBKEVGPpDQeEdl2qTQ+nn2Hv1EeLv02v/DH2K/zi3O/5D1TAYelHrH55fmhcyO78n+7nOUfOL7S/H87s3oz3d4p5302wEC8k63S/I/9tPxxyD8UjvxDcck/FJf8wzFwwOzKPxSX/ENxyT8cY9XORqNnt/xDcck/FJf8Q3F15x8AKJbmUN5PIAN5yXv+AQAAAAAAAAAAAAAAAAAA9lqprc92lkHVvPR/xPYXEVHpVb/c+j/iiFdbr8P3k3TYE0m2W19+fK/PA/TpdM5PX792K9/6l989muP+9XSztt+45bmIRjp4olLZe/8l7fvv4F5/Rn/15z4LvKBkV/vz7wZbf7dHq/nWn9qIuJDOPxO95p9SvNVa955/6t0/sXxAvz/s8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzOMAAAD//7MNbSk=")
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=6m2s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 30, 4, 7, 6, 8, 2, 8, 3, 6]
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0xab, {0xab, 0x0, "9a76e69c85a99bf24a663725295429ac4c4d6d3750eb0ef4f28740810360214fa87b57baa140c50ef04893897a41b30728908cf649c4877970a610684780f4e25f1bf483cf47f52dae24eebb71c6ffdac79964ca41c6e0c6e9de6e957f8568f3ff90155973247ae98ee1a260c94b288d6fd8d77e80f2fec19eadabd86db4623781a1823d103d70464d111076db2e283ca0c45b27420c15c2b505325bae6be2841039cabe31e2c07a3f"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x5}}]}}]}, 0x44}}, 0x0)
executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8}]}}]}, 0x3c}}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x6}]}}]}, 0x48}}, 0x0)
executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000840)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in=@empty, 0x0, 0x6c}, @in=@private, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'rmd160-generic\x00'}}}]}, 0x184}}, 0x0)
executing program 3:
r0 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000000000)='./file1\x00', 0x0, 0x1)
r2 = openat(r1, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r2, 0x0)
mlock2(&(0x7f000027d000/0x2000)=nil, 0x2000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe)
executing program 3:
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x0, 0x0, 0xfffffffffffffffe)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x40}}, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <10>
bisect: split chunk #0 of len 10 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [8, 2, 8, 3, 6]
detailed listing:
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8}]}}]}, 0x3c}}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x2}, @TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x6}]}}]}, 0x48}}, 0x0)
executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000840)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in=@empty, 0x0, 0x6c}, @in=@private, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'rmd160-generic\x00'}}}]}, 0x184}}, 0x0)
executing program 3:
r0 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000000000)='./file1\x00', 0x0, 0x1)
r2 = openat(r1, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x380000d, 0x12, r2, 0x0)
mlock2(&(0x7f000027d000/0x2000)=nil, 0x2000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe)
executing program 3:
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r0, 0x104, 0x0, 0x0, 0xfffffffffffffffe)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x40}}, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m1s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 30, 4, 7, 6]
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0xab, {0xab, 0x0, "9a76e69c85a99bf24a663725295429ac4c4d6d3750eb0ef4f28740810360214fa87b57baa140c50ef04893897a41b30728908cf649c4877970a610684780f4e25f1bf483cf47f52dae24eebb71c6ffdac79964ca41c6e0c6e9de6e957f8568f3ff90155973247ae98ee1a260c94b288d6fd8d77e80f2fec19eadabd86db4623781a1823d103d70464d111076db2e283ca0c45b27420c15c2b505325bae6be2841039cabe31e2c07a3f"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 2:
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000540), 0x8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=@base={0x1e, 0x9, 0x2, 0xffff, 0x245, r0, 0x3, '\x00', 0x0, r0, 0x800003, 0xffffffff}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000500)=<r3=>0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r3, 0x1, &(0x7f0000000380)={{}, {0x0, 0x989680}}, &(0x7f0000000180))
unshare(0x22020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x23)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
unshare(0x40020000)
rmdir(&(0x7f0000000740)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x144)
removexattr(&(0x7f0000000600)='./file0\x00', &(0x7f0000000780)=ANY=[@ANYBLOB="747275737465642e636727973c22eebbcd998b4dba007793e5ec1cf79906e4cf00cbcfaafa7744e354d3d1c2e45d962f4687132f2decd027af608e7bc0b9f4f6ee54013fecadebc4d90f44a1399c5d106fd55243dc68c26dcc3992a84794a0d0d78b43fa2ec6089325a24d62e2542354890ef39410dbfd08066d8cfafff4c152ebd01c13710e9421c7d4a53948eaeab8513b9144c356890d49a7526b85b2388f1382cb01000100794abf50235580c49e99e36bcb4d77f96b9e4d6eac06d3c6bef5f10d84b5dd6301daf519cb36bfe42540274ad019b5543da76bdc4e98457e4cb471012d056435c7bcc960b0c8c0d320f28e77e0b5399e19d2d5db95785da7f4e2c5482b4dd9787c692f1c6aa4aecdb1e6671559a9e24ceab9307e36a7fb61ece4b5afa5ac69f03da2fccf71032cb35693bc19a24e2a4df071d3ee105c01d92b4afaf0ecaa87c5e027046d2107c6bb50e1d2eca007e70b7b58722d76b620e826f108055cef47571af7ab5ff2feb995d309fe32ae053d14f69600bcefcb0b0e378844c47ccafd4be029dce557be34cbc0c6c841bada60dfe19cb087495f2bbc4c41e0dc8a24a60cd00da55298fa8698fb47759916af4e984c97f07b1eaa4c0b30ab191ac10fe5a496226b5c0ca7dbad7c2feafb4001346c11fb7a74"])
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000680)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x6589})
timer_settime(r3, 0x1, &(0x7f0000000640)={{}, {0x0, 0x989680}}, &(0x7f00000006c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000011000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
timer_settime(r3, 0x0, &(0x7f0000000400), &(0x7f00000004c0))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000300)=0xc)
unshare(0x14000000)
unshare(0x2a020400)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x108)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000003c0)=[@textreal={0x8, &(0x7f0000000440)="ba4200b056ee27673667f30fa7e0c6f80a0f32660f6b143e66660fc5e8bbbaf80c66b87cc71e8066efbafc0cedbaf80c66b8fa62768766efbafc0ced0f01c866b9800000c00f326635002000000f30", 0x4f}], 0x1, 0x59, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x5}}]}}]}, 0x44}}, 0x0)
executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)

program crashed: INFO: task hung in caif_exit_net
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <5>
bisect: split chunk #0 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 6]
detailed listing:
executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)

program crashed: INFO: task hung in linkwatch_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$nl_generic-socket$nl_generic-bind$l2tp6-socket$nl_generic-syz_genetlink_get_family_id$l2tp-sendmsg$L2TP_CMD_TUNNEL_CREATE
detailed listing:
executing program 2:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb, 0x1}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x64, r1, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @private0}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}}, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route_sched-socketpair$unix-connect$unix-sendmsg$nl_route_sched
detailed listing:
executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)

program crashed: INFO: task hung in netdev_run_todo
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route_sched-socketpair$unix-connect$unix-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000000)

program crashed: INFO: task hung in cangw_pernet_exit
bisect: concatenation succeeded
found reproducer with 7 syscalls
minimizing guilty program
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route_sched-socketpair$unix-connect$unix
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)

program crashed: INFO: task hung in cangw_pernet_exit
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route_sched-socketpair$unix
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)

program crashed: INFO: task hung in addrconf_dad_work
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)

program crashed: INFO: task hung in linkwatch_event
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$nl_route
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)

program crashed: INFO: task hung in netdev_run_todo
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001c40)=@newtaction={0xf0, 0x30, 0x1, 0x0, 0x0, {}, [{0xdc, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_police={0x6c, 0x2, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1}}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xf0}}, 0x0)

program crashed: INFO: task hung in linkwatch_event
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

program did not crash
testing program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=9m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: INFO: task hung in addrconf_dad_work
simplifying C reproducer
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: INFO: task hung in linkwatch_event
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: INFO: task hung in addrconf_dad_work
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: INFO: task hung in netlink_dump
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: INFO: task hung in addrconf_verify_work
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: INFO: task hung in addrconf_verify_work
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: INFO: task hung in addrconf_verify_work
testing compiled C program (duration=9m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_route-sendmsg$nl_route_sched
program crashed: INFO: task hung in addrconf_verify_work
reproducing took 2h39m50.461141406s
repro crashed as (corrupted=false):
INFO: task kworker/0:0:7 blocked for more than 143 seconds.
      Not tainted 5.15.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0     state:D stack:23968 pid:    7 ppid:     2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5030 [inline]
 __schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
 schedule+0x11b/0x1f0 kernel/sched/core.c:6459
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
 __mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4656
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:0/7:
 #0: ffff888023bc8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
 #1: ffffc90000cc7d20 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
 #2: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4656
1 lock held by khungtaskd/27:
 #0: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by getty/3257:
 #0: ffff88807f449098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc9000229b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 drivers/tty/n_tty.c:2158
2 locks held by syz-executor334/3523:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x46a/0x4a0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x181/0x2a0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xe72/0xeb0 kernel/hung_task.c:295
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3523 Comm: syz-executor334 Not tainted 5.15.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x81/0x290 mm/kasan/generic.c:189
Code: df 4f 8d 34 1a 4c 89 f5 4c 29 cd 48 83 fd 10 7f 26 48 85 ed 0f 84 3a 01 00 00 49 f7 d2 49 01 da 41 80 39 00 0f 85 c4 01 00 00 <49> ff c1 49 ff c2 75 ee e9 1d 01 00 00 45 89 cf 41 83 e7 07 0f 84
RSP: 0018:ffffc90002e46458 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 1ffffffff1f7f019 RCX: ffffffff8162b973
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8fbf80c8
RBP: 0000000000000001 R08: dffffc0000000000 R09: fffffbfff1f7f019
R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000
R13: ffff888012ffe450 R14: fffffbfff1f7f01a R15: ffff888012ffe404
FS:  00005555561d5380(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e8c10e1658 CR3: 000000007dc3e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 hlock_class kernel/locking/lockdep.c:197 [inline]
 check_wait_context kernel/locking/lockdep.c:4711 [inline]
 __lock_acquire+0x7a3/0x1ff0 kernel/locking/lockdep.c:4962
 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
 __mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 tcf_idr_check_alloc+0xa1/0x380 net/sched/act_api.c:568
 tcf_police_init+0x294/0x17c0 net/sched/act_police.c:84
 tcf_action_init_1+0x50f/0x7f0 net/sched/act_api.c:1051
 tcf_action_init+0x2f3/0x750 net/sched/act_api.c:1110
 tcf_action_add net/sched/act_api.c:1522 [inline]
 tc_ctl_action+0x49b/0xd00 net/sched/act_api.c:1581
 rtnetlink_rcv_msg+0x993/0xee0 net/core/rtnetlink.c:5629
 netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2508
 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
 netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
 netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 ____sys_sendmsg+0x59e/0x8f0 net/socket.c:2431
 ___sys_sendmsg+0x252/0x2e0 net/socket.c:2485
 __sys_sendmsg net/socket.c:2514 [inline]
 __do_sys_sendmsg net/socket.c:2523 [inline]
 __se_sys_sendmsg+0x19a/0x260 net/socket.c:2521
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fdb27652df9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff54420298 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdb27652df9
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.110 msecs

final repro crashed as (corrupted=false):
INFO: task kworker/0:0:7 blocked for more than 143 seconds.
      Not tainted 5.15.160-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0     state:D stack:23968 pid:    7 ppid:     2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_verify_work
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5030 [inline]
 __schedule+0x12c4/0x45b0 kernel/sched/core.c:6376
 schedule+0x11b/0x1f0 kernel/sched/core.c:6459
 schedule_preempt_disabled+0xf/0x20 kernel/sched/core.c:6518
 __mutex_lock_common+0xe34/0x25a0 kernel/locking/mutex.c:669
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4656
 process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310
 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
 </TASK>

Showing all locks held in the system:
3 locks held by kworker/0:0/7:
 #0: ffff888023bc8938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 kernel/workqueue.c:2283
 #1: ffffc90000cc7d20 ((addr_chk_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 kernel/workqueue.c:2285
 #2: ffffffff8d9e7e48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0xa/0x20 net/ipv6/addrconf.c:4656
1 lock held by khungtaskd/27:
 #0: ffffffff8c91fae0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
2 locks held by getty/3257:
 #0: ffff88807f449098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:252
 #1: ffffc9000229b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 drivers/tty/n_tty.c:2158
2 locks held by syz-executor334/3523:

=============================================

NMI backtrace for cpu 1
CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 nmi_cpu_backtrace+0x46a/0x4a0 lib/nmi_backtrace.c:111
 nmi_trigger_cpumask_backtrace+0x181/0x2a0 lib/nmi_backtrace.c:62
 trigger_all_cpu_backtrace include/linux/nmi.h:148 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
 watchdog+0xe72/0xeb0 kernel/hung_task.c:295
 kthread+0x3f6/0x4f0 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:300
 </TASK>
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 3523 Comm: syz-executor334 Not tainted 5.15.160-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:87 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x81/0x290 mm/kasan/generic.c:189
Code: df 4f 8d 34 1a 4c 89 f5 4c 29 cd 48 83 fd 10 7f 26 48 85 ed 0f 84 3a 01 00 00 49 f7 d2 49 01 da 41 80 39 00 0f 85 c4 01 00 00 <49> ff c1 49 ff c2 75 ee e9 1d 01 00 00 45 89 cf 41 83 e7 07 0f 84
RSP: 0018:ffffc90002e46458 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 1ffffffff1f7f019 RCX: ffffffff8162b973
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8fbf80c8
RBP: 0000000000000001 R08: dffffc0000000000 R09: fffffbfff1f7f019
R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000
R13: ffff888012ffe450 R14: fffffbfff1f7f01a R15: ffff888012ffe404
FS:  00005555561d5380(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e8c10e1658 CR3: 000000007dc3e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <NMI>
 </NMI>
 <TASK>
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 hlock_class kernel/locking/lockdep.c:197 [inline]
 check_wait_context kernel/locking/lockdep.c:4711 [inline]
 __lock_acquire+0x7a3/0x1ff0 kernel/locking/lockdep.c:4962
 lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5623
 __mutex_lock_common+0x1da/0x25a0 kernel/locking/mutex.c:596
 __mutex_lock kernel/locking/mutex.c:729 [inline]
 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:743
 tcf_idr_check_alloc+0xa1/0x380 net/sched/act_api.c:568
 tcf_police_init+0x294/0x17c0 net/sched/act_police.c:84
 tcf_action_init_1+0x50f/0x7f0 net/sched/act_api.c:1051
 tcf_action_init+0x2f3/0x750 net/sched/act_api.c:1110
 tcf_action_add net/sched/act_api.c:1522 [inline]
 tc_ctl_action+0x49b/0xd00 net/sched/act_api.c:1581
 rtnetlink_rcv_msg+0x993/0xee0 net/core/rtnetlink.c:5629
 netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2508
 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
 netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
 netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1924
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 ____sys_sendmsg+0x59e/0x8f0 net/socket.c:2431
 ___sys_sendmsg+0x252/0x2e0 net/socket.c:2485
 __sys_sendmsg net/socket.c:2514 [inline]
 __do_sys_sendmsg net/socket.c:2523 [inline]
 __se_sys_sendmsg+0x19a/0x260 net/socket.c:2521
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fdb27652df9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff54420298 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdb27652df9
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
 </TASK>
INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.110 msecs