Extracting prog: 6m33.518674905s
Minimizing prog: 29m49.44243651s
Simplifying prog options: 0s
Extracting C: 42.579145674s
Simplifying C: 10m5.203678412s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds-madvise-mremap-mremap-syz_clone-process_vm_writev
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000001c80)=[{&(0x7f0000000000)=""/155, 0x9b}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x74}], 0x1, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [7, 4, 7, 5, 30, 5, 6, 30, 11, 30, 14, 22, 7, 4, 10, 10, 24, 5, 30, 24, 10, 9, 10, 15]
detailed listing:
executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e23, @remote}}, 0x80, 0x9, 0x8002, 0x4, 0x3}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="020100090a0000000600000000000000030006000000000002000000ffffffff0000000000000000030005000000000002000000ac1e00010000000000000000020013"], 0x50}}, 0x200c405a)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x24000800}, 0x4890)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x38, r2, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x80}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x38}}, 0x0)
executing program 2:
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
syz_usb_connect$printer(0x1, 0x2d, &(0x7f0000000080)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x7, 0xf0, 0x1, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x7, 0x1, 0x2, 0x7, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x38, 0x0, 0x6}}}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x300, 0x3f, 0x3, 0x9, 0x8, 0x2}, 0x18, &(0x7f0000000100)={0x5, 0xf, 0x18, 0x2, [@ptm_cap={0x3}, @ssp_cap={0x10, 0x10, 0xa, 0x80, 0x1, 0x6, 0xff0f, 0x3f, [0xab2a44564349f590]}]}, 0xa, [{0x84, &(0x7f00000001c0)=@string={0x84, 0x3, "bb529c88aa8754439ac432c5e36cc429926ed5b7461f34b9d3ea69972382590927d7108ee25ee21ba9367431fb328fca7e345113f9b5bf479a4ad154dc30fe91733c720d3d3ae76f2a1f5eff7033c071c70672b563f13330b5535a165f4a74a1943dcf27703ed9a8a14ab5a0426f175d85380d6bacea8428b03f6d3d20e4e8a624c6"}}, {0x15, &(0x7f0000000140)=@string={0x15, 0x3, "fe7ae951a161411d9b90a406733b167f5f1ef7"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x280a}}, {0x31, &(0x7f00000002c0)=@string={0x31, 0x3, "de1974e7c70a3e4c3f7770cb39b8b473240585de2f41e3bf4cb3cc8ae963bd3df4a6bec625cd4e56d8899da2c33a2d"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x3009}}, {0x9f, &(0x7f0000000440)=@string={0x9f, 0x3, "582ec4b2ae2393729be7c4227ecb567a692d710ea0ee31440f1b5dc3047fd2c8ab4763c437348bf4f874c1741a09719cc68f7064ae55f3967ddce3b77758b6c56788c1ac1828a680973df5e38e5841a26d3a8d8ed9a0f0ade4d2ec4d143a5336b19bacb0afd3d148e882453d29de5469c30086c8fac81cd67c1ffed16f4c4554e6de41b9b08ec673686e4f76a9433e776976ce9b61ca4a67d31f27c98a"}}, {0xc8, &(0x7f0000000500)=@string={0xc8, 0x3, "eb1db0bc8bf72f38d5397d09c677c5351e0751eb33747e48bc9666b779dd40eb59ac50fdcadb0a8547478ad67b80cf1f323384d1aaccb983b41bb9e39737b7c61871be795f3dd1613048ccb3003a86af5460033414fce902e88435833ac17c1da574a6317e62cf0c91f5d61317a5e979a05f3b164878619ed8808636ca865a9709e728de37c3d1fc35ad44c023883b3a5d4ed13e429f6734410acd137fa9051495a4973801867ebe616a97b0625fa6d47fce7afabd8d597b0911bbb807fdb0a4b56911bd3593"}}, {0x52, &(0x7f0000000600)=@string={0x52, 0x3, "e0cb0ef58c4c8e31a576769ee139329d9d8c4d24169d0e72811d5f714151c4b5dc106ee754b3f900cfc3804652d8e79a2c9c489e41865c7ebfad6511099459c4bc64ae62ea46ff16667cd291790a2a16"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x1c0a}}, {0x51, &(0x7f0000000680)=@string={0x51, 0x3, "9e9da6bb069977eaa4475d0f0f4231fa905edf5da6d44a1c140def5aa3c2aa536d0339545e29faf4bcefd3841da9fd88ee11cf6d69b09ba65e4d07c22638c61376d2548ae576a0d651202318b0bdb1"}}]})
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xb8, &(0x7f0000000380)={[{0xb1, 0x4e00, "063771994d29d420f6ba039523abccbf45b9448f31fcbc7858ee90b927d25bd816bab99549eab08fe881162c4b77a8e9f449b7fdae94c7607253067efbb172987e620b4c0c662b2f0955d6666e6edcaed6287baafbfc9ada33d3d01cd250eeb4d39896940da35c6a021bebd5897fb7384037fb1bc61dc2194e4e6429cc2d077f7d6d27c5c8a0c59043afbc63ca72bae431c3b69159b8a186814453e4cf1c6a9eb7b8b9a4ca4c7dd138322948ff0b2ee9da"}]})
executing program 0:
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x1, 0x202800)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x30, 0x1e, 0x21, 0x70bd2b, 0x0, {0xa}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@remote}]}, 0x30}}, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0001, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc040564a, &(0x7f0000000000)={0x0, 0x1, 0x1011, 0xffffffffffffffff, 0x0, 0x0})
executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004000)={0x24, 0x49, 0x1, 0x0, 0x0, {0xa, 0x0, 0x6e80}, [@nested={0x10, 0xd7, 0x0, 0x1, [@nested={0xc, 0xbe, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}]}]}, 0x24}}, 0x4008000)
r1 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x73, 0x86, 0x40, 0x20, 0xc72, 0x14, 0x39ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0xa, [{{0x9, 0x4, 0x1d, 0xf3, 0x0, 0x71, 0x6c, 0x75}}]}}]}}, 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000100)={0x20, 0x6, 0xa, "fda63f9742622457cfbc"}, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$inet_sctp(0x2, 0x5, 0x84)
executing program 2:
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0xf)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x10000, 0x4, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x4000)
write$P9_RLERROR(r1, &(0x7f0000000080)={0xa, 0x7, 0x2, {0x1, '$'}}, 0xa)
r2 = accept(0xffffffffffffffff, &(0x7f00000000c0)=@caif, &(0x7f0000000140)=0x80)
sendmsg$IPSET_CMD_DEL(r2, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0xe0, 0xa, 0x6, 0x801, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x5}, @IPSET_ATTR_ADT={0x54, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x7}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @remote}}, {0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_IFACE={0x14, 0x17, 'macsec0\x00'}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}}}]}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x5}, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x5}, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x4}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x6}, @IPSET_ATTR_ADT={0x34, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x6}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e23}}, {0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_IFACE={0x14, 0x17, 'dvmrp0\x00'}}]}]}, 0xe0}, 0x1, 0x0, 0x0, 0x4040000}, 0x44c04)
getsockopt$EBT_SO_GET_ENTRIES(r2, 0x0, 0x81, &(0x7f0000000440)={'nat\x00', 0x0, 0x3, 0x67, [0x9, 0x7, 0x7, 0x9, 0xa, 0x8], 0x7, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f00000003c0)=""/103}, &(0x7f00000004c0)=0x78)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000500)={<r3=>0x0, 0x88, "42c6c3ea7d2c38f6b1014abe4e8f5c8aeacf8b98c2d4b9619d381e41ae3ac4c9c692765c879be1a9af7c6ebaa7910b62e5d085843436c63dee703ff4b695de9d84b338b491d4928aac2da648838cc69ce5df045090fc57b819635632b7e9180dc542542da40f6d700c93199fe01a16fd387caaa9fb4008b80fa3eacb4b841131c7cd7b369f9725b7"}, &(0x7f00000005c0)=0x90)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000600)={<r4=>r3, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x3, 0x2, 0xfffffc00, 0x0, 0x33}, &(0x7f00000006c0)=0x98)
pipe2$9p(&(0x7f0000000700)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x800)
write$P9_RSTAT(r6, &(0x7f0000000740)={0x4c, 0x7d, 0x1, {0x0, 0x45, 0x4, 0x6, {0x2, 0x4, 0x6}, 0x8280000, 0x27b, 0x6, 0x9d, 0x8, 'macsec0\x00', 0x1, '$', 0x8, 'macsec0\x00', 0x1, '$'}}, 0x4c)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, &(0x7f00000007c0))
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
sendto$inet(r5, &(0x7f0000000800)="30ffcc02dab557b231cf4974c78d9c94b46e775f2bdef6a99bf6b64e57e39f19f2cb156bf1fea37ce0695cdb57e0a3f0276d0dc881cbe37e6ab023cb33cf95d0ad95cffd69295a287d14db242cf0249ea8da20b5636a2ff518ecfe5016e186c1fd9e4388b5e03d302d44cf4219bc3b5ddd505493f28f6c73171e6dae0db719d4967a5b22dd19122bbd4abeb7b0f0bb2b8f271f4d3dae4646a3f0086cd3a1c2a807dca7f87f5718ac6a010c3d51b5175aaa70f2c1abfad7723334ef0e489962ffb84aa5595d30b9f8ad4398e807714f92635d6082823c4dc69f4addf7cac1fc519294c1a98019874ecbc1d9a4ef4dee115f205f0d9e79023a47e699220ac6", 0xfe, 0x4000001, &(0x7f0000000900)={0x2, 0x4e20, @empty}, 0x10)
r7 = syz_open_dev$sndctrl(&(0x7f0000000940), 0x4, 0x202100)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r7, 0x80dc5521, &(0x7f0000000980)=""/77)
ioctl$int_in(r6, 0x73, &(0x7f0000000a00))
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000a40)={'wg1\x00'})
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r7, 0xc0045540, &(0x7f0000000a80)=0xfffffffb)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000ac0)={r4, 0xf2, "c2a5cf0885bcd3f96e013a8ac892eaad2bca9e64d5b5e86d65d58a6728064c513112ef741a9e9b6f3ddfa773ccaf458817dc98859c23360ce6d5bd43be2fcabcf10a3f4dbcb18d060c577b7fb202b05dfc5b0bd03dc0efa4cf5a7b773cf2802b5e70b30cae144fceb6ddbf8a5c492e2aaf53e1b643ea6d5958412dcea8aad55365c06cb7c9a75c2813e04b7ea55a3ffaa5e181386a91331bf43e4bbd04f21df31a36b803c47d22fc3018e5a25791ce9ddbc333834ea89af494f5b8d55fcbb3f677c0016c12f6deb74ac8194d61c8935b5e73dc6a22a081f9920bf8360b66ffcbd7982d996d7424a574179a3c3dc4e9fc7665"}, &(0x7f0000000bc0)=0xfa)
r9 = pidfd_getfd(0xffffffffffffffff, r5, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000c00)={'ipvlan0\x00', 0x4000})
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r7, 0xc0045540, &(0x7f0000000c40)=0xc)
r10 = socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r10, 0x8982, &(0x7f0000000c80)={0x2, 'veth1_vlan\x00', {0x4}, 0x1})
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r9, 0xc008551a, &(0x7f0000000cc0)={0x77b, 0xc, [0x7, 0x2, 0x7]})
write$sequencer(r0, &(0x7f0000000d00)=[@t={0x4, 0xb, 0x6, 0x3}, @raw={0xc, 0xd, "a5dbd61437a8"}, @raw={0xc, 0xe, "ce857a748fc5"}, @t={0x81, 0x4, 0x2, 0x0, @generic=0x8f6}, @echo=0x7, @s={0x5, @SEQ_MIDIPUTC=0xc4, 0xb, 0x6}], 0x28)
getpid()
setsockopt$inet6_tcp_TLS_TX(r9, 0x6, 0x1, &(0x7f0000000d40)=@gcm_128={{0x304}, "f781d95b06d2a51a", "f26b27b177adf1815fed7a3149755db1", "5dcfda34", "98b6f74fe78c4aa2"}, 0x28)
executing program 2:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007882b740422c0917b7ca010203010902120001000000000904"], 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000180)={0x7, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020100090a000000007fffffff0000000200100000e9000020e9000000000000030005000000000002000000ac1414000000000000000000030006000000000002"], 0x50}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000280)=ANY=[@ANYBLOB="202001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
executing program 0:
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="1400000016000b63d25a8064000000000124fc60", 0x14}], 0x1}, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x400})
ioctl$UFFDIO_CONTINUE(r1, 0xc028aa05, &(0x7f0000000140)={{&(0x7f0000032000/0x4000)=nil, 0x4000}, 0x1000000}) (async)
recvmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001300)=""/4068, 0xfe4}, {&(0x7f0000000300)=""/202, 0xca}, {&(0x7f0000000140)=""/20, 0x14}], 0x3}, 0x12120)
executing program 0:
r0 = socket$isdn(0x22, 0x3, 0x22)
ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f0000000000))
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x40000) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
accept4$alg(r1, 0x0, 0x0, 0x80000) (async)
r2 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0xa880, 0x0)
setsockopt$inet_opts(r2, 0x0, 0x0, &(0x7f0000000100)="a2e763307f955b69e34fd86106e0c9164b832bc8efc4e2a2a85b334d152a9a5ded476128081a335b62449078b6eb430bb7bd211fe643726a3b20d132613fa849e5ac015bd802b056339d2b01c4fadafd847f5e032b74f14e60eca42d5989b6401f457664ac9fbe58574d27105b149225d403b83a427af1dbdf3edfcb9d831b2cd4f504f724d43186fb10d57a04600c", 0x8f) (async)
pselect6(0x40, &(0x7f00000001c0)={0x8, 0x0, 0x4, 0xffffffffffffff01, 0x1, 0x8, 0xfe, 0x58000}, &(0x7f0000000200)={0x9, 0x7, 0x7, 0x7, 0xe5a, 0x4, 0x2, 0x6}, &(0x7f0000000240)={0x2899, 0x4, 0xb, 0xffffffffffffffff, 0xd5d3, 0x7, 0x7, 0x5}, &(0x7f0000000280)={0x0, 0x3938700}, &(0x7f0000000300)={&(0x7f00000002c0)={[0x63]}, 0x8}) (async)
getsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000340), &(0x7f0000000380)=0x4) (async)
ioctl$BTRFS_IOC_DEFRAG_RANGE(r2, 0x40309410, 0x0)
clock_gettime(0x0, &(0x7f0000000600)={<r3=>0x0, <r4=>0x0})
recvmmsg$unix(r2, &(0x7f00000005c0)=[{{&(0x7f00000003c0), 0x6e, &(0x7f00000004c0)=[{&(0x7f0000000440)=""/3, 0x3}, {&(0x7f0000000480)=""/58, 0x3a}], 0x2, &(0x7f0000000500)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, <r5=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [<r8=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r9=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [<r10=>0xffffffffffffffff, 0xffffffffffffffff, <r11=>0xffffffffffffffff]}}], 0x98}}], 0x1, 0x40010101, &(0x7f0000000640)={r3, r4+10000000})
ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r6, 0x8983, &(0x7f0000000680)) (async)
clock_gettime(0x0, &(0x7f00000006c0)={<r12=>0x0, <r13=>0x0})
clock_settime(0x0, &(0x7f0000000700)={r12, r13+10000000}) (async)
write$P9_RSYMLINK(r8, &(0x7f0000000740)={0x14, 0x11, 0x2, {0x10, 0x0, 0x5}}, 0x14) (async)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r7, 0x84, 0x7, &(0x7f0000000780)={0x7}, 0x4)
rt_sigaction(0x26, &(0x7f0000000840)={&(0x7f00000007c0)="c441a1c4d5466626660ff7d066460f3a44576b8b66400ff4e4c4c201bf5b00c4837916ab6ce0893b0cc441a5d2a90000000064f3460f1ecb4332e626f0ff0b", 0x80000000, &(0x7f0000000800)="c422019658dcc401f9655c2e1ac4e119142244dce73699c42111578efd75e80064400fe9d026f30f886800000066410f3806af70000000f00fc0ab00800000", {[0x8000000000000000]}}, &(0x7f0000000900)={&(0x7f0000000880)="46c01c01553647de14c0c4a2dd98a95e8d00000f38f0960000ffffc482c1450fc4a3c97908dd460f9c4afff083190066400f383554ecfec4e1ffe652c0", 0x0, &(0x7f00000008c0)="65660f3829aa83da00008326003edcf9410f01efc4410812093e66450f1ec3c4c395794cc34f3e36413822c4e14568ae1b000000c481fe2c3b"}, 0x8, &(0x7f0000000940))
ioctl$sock_inet_SIOCDARP(r10, 0x8953, &(0x7f0000000980)={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1, @broadcast}, 0x10, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'veth1_virt_wifi\x00'})
r14 = openat$tun(0xffffffffffffff9c, &(0x7f0000000a00), 0x4000, 0x0)
ioctl$SIOCSIFHWADDR(r14, 0x8924, &(0x7f0000000a40)={'wg1\x00', @broadcast})
sendmsg$inet(r11, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000a80)='?', 0x1}, {&(0x7f0000000ac0)="0a14b001b288e1ad82552fedba0385e931ffee81f92cf8c0fba994e846aa5b79700b4ee6f059340c95703055554468f6e61dfc4bbd9e0cfa07a6c17f9a7135f1", 0x40}, {&(0x7f0000000b00)="f3e46834de8437d02857dac0b056c045d43764dccc36b4b3496ca68bcc95cbe3808f030af62a47a690bd5237967959ec6bfd7538d0dfa345eeffb4394b1e125f6b80b73ebbb09fe5da24d4d9b08ef5032478035e7d93ab580732525dbfc4", 0x5e}, {&(0x7f0000000b80)="e20db9e4d6958894d866d31bf47cff9c482c4564edbe03cf4a71af667c554c97460038cd587f571841659c59ef98c92486b97cbf8c6de94b6166707f181d244a2d5d16a0cbc3608df3615040f40806491526900e8416ae50095e628c768a0c43bf15b73d66fed05ac2baf8946013e414b16a754cfda32384956f6eec3cfc2e7b4b178ad8b8f90cf6427879e9cbf94a1771019340389022c9c97fdb4ebb0d714cfbf3f8a8442836f653d69f4e33d393203e7250b8c89eb76fa8fa3461f318fb4b4a79c8fcd8a74de5b65cbc201a106d981010e67cf62d4132a5df4cb1a53a80579536", 0xe2}, {&(0x7f0000000c80)="5252dba88d375e00d87ff34b9688a3b6d5664ef89869dea688dce689cab2a48d2709a19153c16729db1f4a91eb4b327f275cda319bf3f54e8dae43ef11df16b4ea2263f89037cbc107a1cc91127562d29df65a346e03657f15ef363f5a66593e49d08edcac8a", 0x66}, {&(0x7f0000000d00)="e498cced63fca30fc2a50d129931e53d9aaeb63b97dea7", 0x17}], 0x6, &(0x7f0000000dc0)=[@ip_tos_int={{0x14, 0x0, 0x1, 0xa03f}}], 0x18}, 0x800) (async)
pselect6(0x40, &(0x7f0000000e40)={0x79cf, 0x4, 0x3, 0x1, 0x7, 0x5, 0x2, 0xe61}, &(0x7f0000000e80)={0x5, 0x81, 0x1, 0x1ff, 0x200, 0x2, 0x1b45, 0x4}, &(0x7f0000000ec0)={0x3, 0x2, 0x9, 0x27200c10, 0xfffffffffffffffd, 0x2, 0x8, 0x7}, &(0x7f0000000f00)={0x0, 0x3938700}, &(0x7f0000000f80)={&(0x7f0000000f40)={[0x9]}, 0x8}) (async)
r15 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000fc0), 0x400080, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r15, 0x6, 0x14, &(0x7f0000001000), 0x4)
r16 = accept4$ax25(r5, 0x0, &(0x7f0000001040), 0x80000)
bind$ax25(r16, &(0x7f0000001080)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @bcast]}, 0x48) (async)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r9, 0x84, 0x7c, &(0x7f0000001180)={0x0, 0x2, 0x8}, &(0x7f00000011c0)=0x8)
executing program 0:
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
clock_adjtime(0x0, &(0x7f00000001c0)={0x80, 0x8, 0x9, 0xffffffffffffff1d, 0x4, 0x7, 0xd, 0x7fffffffffffffff, 0x3ff, 0x0, 0x7fffffffffffffff, 0x773, 0x1, 0x1, 0x3, 0x40, 0x53ebbaaf, 0x1, 0x4, 0x8, 0x9, 0x3, 0x2, 0xff, 0x2, 0x3})
setrlimit(0xb, &(0x7f0000000040)={0x4848, 0xfffffffffffff007})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sync()
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080))
mlock2(&(0x7f0000007000/0x2000)=nil, 0x2000, 0x0)
r0 = memfd_secret(0x80000)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000140)=@multiplanar_fd={0x7, 0x3, 0x4, 0x100, 0x1000, {}, {0x1, 0x1, 0x8, 0x6, 0x0, 0x8, "f71ada23"}, 0x7, 0x4, {&(0x7f00000000c0)=[{0xc29, 0x9b6, {r0}, 0x8}, {0x5, 0x5, {r0}, 0xffffffff}]}, 0xffff, 0x0, r0})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0)
executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'mangle\x00', 0x0, [0x8000, 0x8, 0x7ff, 0x7]}, &(0x7f0000000080)=0x54)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000000c0)={0x0, @adiantum, 0x0, @desc4})
sync()
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000100)={{r0}, 0x12, 0x7, 0x62})
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000001c0)={0xa00000, 0x0, 0x7f, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x9a091a, 0x3, '\x00', @p_u16=&(0x7f0000000140)=0x1}})
r1 = syz_open_dev$vcsu(&(0x7f0000000200), 0x4ad4, 0x80a01)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000240)='lazytime\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_GETISPACE(r1, 0x8010500d, &(0x7f0000000280))
ioctl$SNDRV_PCM_IOCTL_STATUS64(0xffffffffffffffff, 0x80984120, &(0x7f00000002c0))
ptrace$setregs(0xd, 0xffffffffffffffff, 0x1, &(0x7f0000000380)="a60925ca8afaef0a397f80054abe0d55ac6cd413825f23830d")
setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000001400)={@ethernet={0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, {&(0x7f00000003c0)=""/4096, 0x1000}, &(0x7f00000013c0)}, 0xa0)
renameat(r1, &(0x7f00000014c0)='./file0\x00', r1, &(0x7f0000001500)='./file0\x00')
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000001540)={<r2=>0x0, "aad7e9735eda2ad6a4b153dc80f8a948"})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000002540)={r2, "7a54794a37c0f31ff7beafe961c4728c"})
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000003540)={0x0, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x84)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000003600))
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r3, &(0x7f0000003680)="408c79ab5e7824239e472735b3214659f00df6fc599b550038f414e2205f7ecd3eaabe90a44024bc471816cbd52f31e63fe4d94dde973b7a4662afea5747cd45a88514c2653e85a6790a1fe180c7dadae7c96c693a75e28adc065cab4f98a9104b57976ed616f04f8dbcec40b6edcfc1a75e07216d95b57497f2d07a8067a4ba8700ffc64f1a78fc0b9804d9da8d11cda89ab6fc694feabd6399c66d2eba3f38dcf42e9528d8c659251236f4adc04f7e91e91c0d3e1f0a08c83f77ab34fc0cb5c0b3c6c658fff56d40f46b75d47e378ad810deb3cffa08e5da49f5a24647adcf48c01a12befd6f033d0e0ede", 0xec, 0x4000000, &(0x7f0000003780)={0xa, 0x2, 0x7, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x7}, 0x1c)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000003800), r1)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000038c0)={'syztnl1\x00', &(0x7f0000003840)={'syztnl0\x00', <r5=>0x0, 0x2f, 0x1a, 0xf7, 0x3, 0x10, @mcast2, @private2, 0x40, 0x20, 0x2, 0x84}})
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000003900)={'wg0\x00', <r6=>0x0})
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r1, &(0x7f0000003a80)={&(0x7f00000037c0)={0x10, 0x0, 0x0, 0xc0010}, 0xc, &(0x7f0000003a40)={&(0x7f0000003940)={0xc4, r4, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x6}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xd}, @MPTCP_PM_ADDR_ATTR_ID={0x5}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}]}, @MPTCP_PM_ATTR_ADDR={0x3c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xfe}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000034}, 0x4000)
read$FUSE(r1, &(0x7f0000003ac0)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
quotactl_fd$Q_GETQUOTA(r3, 0xffffffff80000702, r7, &(0x7f0000005b00))
r8 = openat$null(0xffffffffffffff9c, &(0x7f0000005b80), 0x42200, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000005c00)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000005d00)={&(0x7f0000005bc0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000005cc0)={&(0x7f0000005c40)={0x64, 0x0, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x32b}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0x18, 0xcd, [0x8, 0x7, 0x8000, 0x7, 0x2, 0x3ff, 0x1, 0x6, 0x9, 0x4]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x8040}, 0x4001005)
setreuid(0x0, r7)
sendmsg$NL80211_CMD_SET_CHANNEL(r1, &(0x7f0000005e40)={&(0x7f0000005d40)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000005e00)={&(0x7f0000005dc0)={0x40, 0x0, 0x10, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x5, 0x73}}}}, [@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x100}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x295}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xe}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x1)
executing program 0:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$FS_IOC_GETFSSYSFSPATH(r0, 0x80811501, &(0x7f0000000080)={0x80})
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="08000300"/18, @ANYRES32=0x0, @ANYBLOB="080005000a"], 0x24}, 0x1, 0x0, 0x0, 0x404c004}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000140)={0x16f, @tick=0x8000006})
ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000040)={0x8, 0x25d, 0x81, 0x747, 0x0, "9ca787dd3e7950e5f67ebd62b52c18b1725e8e"})
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCRSCLRRT(r3, 0x891a)
r4 = socket(0x40000000015, 0x5, 0x0)
getsockopt(r4, 0x200000000114, 0x271c, 0x0, &(0x7f0000000040))
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYRES8=r0, @ANYRES64=r0, @ANYRESHEX=r0, @ANYRESDEC, @ANYRES32=r3], 0x0)
executing program 3:
write$eventfd(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="042c1107c800ff0107ff0000020006"], 0x14)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x18, 0x33, 0x1, 0x70bd2a, 0x25dbdbfe, {0x4}, [@typed={0x4, 0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x50}, 0x4000000)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x14}, 0x800)
r1 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r2=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r1, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000002c0)={0x24, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r2}, @nested={0xb, 0x2, 0x0, 0x1, [@generic="976b6408686030"]}]}, 0x24}], 0x1}, 0xcc000)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12018801000000200304c1970000000000010902240001000040b109040001020300020009210200040122050009058103"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0xb, "27298b47"}]}}, 0x0}, 0x0)
r4 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r4, &(0x7f0000000040), 0x10)
r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00')
ioctl$BTRFS_IOC_BALANCE(r5, 0x8004b706, 0x1000000)
listen(r4, 0x0)
r6 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r1, 0x4018f50b, &(0x7f0000000000)={0x1, 0xd, 0xfffffffffffff8cc})
close(r6)
socket$inet_tcp(0x2, 0x1, 0x0)
executing program 1:
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={'nr', 0x0}, 0x80, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x4, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40702, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000002980)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xb16, 0x66, 0x0, 0xb, 0x89, 0x0, @rand_addr=0x64010102, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f2e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b5152c97f618a9f50b30ae34ebee846e560315d10718525f2a90b4d9a38b4c6969680accc740b154ecb014fb5d543a59"}}, 0xb24)
executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$netlink(0x10, 0x3, 0x4)
write(r1, &(0x7f00000000c0)="29000000140005b7ff00005156d795eb01010003a606a40e07fff024bb000000000000000040000000", 0x29)
listen(r0, 0x4)
executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_TYPE={0x8}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x8})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000000))
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001", @ANYRES8=r2], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x20008000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000040c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000040)
r3 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}, 0x0, 0x1, 0x4, 0xfffc}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0x2}], 0x1, 0x0, 0x0, 0x900}, 0x60)
executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc81100fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x94, r3, 0x8, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x10}, @NL80211_ATTR_FRAME_MATCH={0x6e, 0x5b, "cb75009f3e03435f0131073bf1049d24af01587f55b240dcf7581eff07d510f696966b565a4db92c2a04c8a855b75edd551a74d82973497a2442719bc364295118b905d9b17fc04225350be1853a17369582214a44a4321079bb3cb07bb79b2f9179f28857689357a2e6"}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000002}, 0x48040)
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f00000000c0)=@x86={0x8, 0x9, 0x0, 0x0, 0x7, 0xe, 0x8, 0xb, 0x0, 0x0, 0x9, 0x9, 0x0, 0x8e70, 0x4, 0x0, 0xa, 0x9, 0x26, '\x00', 0xd, 0x2})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28)
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r5)
setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f0000000140)=0x4, 0x4)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r7, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x2, 0x1, 0x2000, &(0x7f0000010000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x960, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xfffffffc}}, 0x0, 0x0, 0x42, 0x0, "0aaa0ff5a212a1bd3bbda613efd9c8b4ca66db4286e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0952e83d41b67cb9ff147c669351b3ed30000000000000700"}, 0xd8)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r1, @ANYBLOB="05", @ANYRES16=r1, @ANYRES16, @ANYRES16], 0x0)
executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000040)={r3})
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan1\x00'})
r5 = dup(r1)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f0000000000)={@remote, 0x0, 0x2}, 0x20)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), r1)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="080027bd7000fbdbdf250d000000060028ecffffffff04002e0001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000011)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f00000000c0)={@empty, 0x0, 0x1, 0x1, 0x2, 0xfffe}, 0x20)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x6, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="08000300"/18, @ANYRES32=0x0, @ANYBLOB="080005000a"], 0x24}, 0x1, 0x0, 0x0, 0x404c004}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r9, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r9, 0x4040534e, &(0x7f0000000140)={0x16f, @tick=0x8000006})
capset(&(0x7f0000000140)={0x400e204c, r8}, &(0x7f0000000180)={0x1, 0xfffffff3, 0x81b7, 0x4, 0x7, 0x4})
r10 = fcntl$getown(r5, 0x9)
capset(&(0x7f0000000040)={0x19980330, r10}, &(0x7f0000000100)={0x2c79a15d, 0x7, 0x10, 0xe4, 0x0, 0x8})
r11 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r11, &(0x7f0000000280)=[{&(0x7f0000000800)=""/187, 0xbb}], 0x1, 0x6, 0x3)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
read$FUSE(r5, &(0x7f0000000700)={0x2020}, 0xeffd)
setsockopt(r5, 0x4, 0xff, &(0x7f00000001c0), 0x0)
executing program 3:
creat(&(0x7f0000000080)='./file0\x00', 0xac)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18)
r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r3, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r4 = syz_open_dev$dri(&(0x7f0000003380), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, &(0x7f0000000140))
r5 = openat$kvm(0x0, &(0x7f00000002c0), 0x102, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x31b})
ioctl$KVM_SET_GSI_ROUTING(r6, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000400000004"])
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = eventfd2(0x8, 0x1)
ioctl$KVM_CAP_HYPERV_SYNIC(r7, 0x4068aea3, &(0x7f0000000400))
ioctl$KVM_IRQFD(r6, 0x4020ae76, &(0x7f0000000080)={r8, 0x4})
write$eventfd(r8, &(0x7f0000000040)=0x6, 0x8)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x4}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@nodevmap}], [], 0x6b}})
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000740)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20,serpent)\x00'}, 0x4e)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x2, &(0x7f0000000200)=[{0x1}, {0x6, 0x0, 0x0, 0x7ffffdbe}]})
bind$alg(r9, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish-asm)\x00'}, 0x58)
executing program 2:
syz_usb_connect$cdc_ecm(0x3, 0x77, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011001020000082505a1a44000010203010902650001010200050904008103020600f1042406"], 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000016c0)="ad237f1863d2d2d1a397e2a489c406000000000000009061470cc823e53d854435579529b39d744f960b8ed0bba79f9df628ed262afb11e4c0dc1668e18aa4168755523a88d020c8955b46806d3f69f8112e948be32c67cb034ac2a8fae35dd71d00f06ab2cea8236060d1dcf3d1edf529357f70b8e066aaf93e5b32683568c00392a73fec51caacb1cc69306d814957a18b04bec4fae32726ae9013fe17948367ec6494080c4859841ebdb4d9237640caef0b7010d479010000000000d8b24084bcca8ffe85ee2a2c15fd1f6368cd007b93b8f0aa3924ecde8f307460169ed45b2775114d4601d41cff5bec323336e49f8281cc7254a67eeef87c077c9f5449a561387f397c2dbe59891588b272ec6a03fa862086e74d79dff92ed07dc2c0000000000000000000000000000000ec61b6bbaefe2b9dfe1e03dac45d00bc3fbd78911dea88f77581f639cfb1a918c8f09304da4f86b5b81bf7b5e3350693d6ecfc5889aa722d5ba42ffa5396e3e8fc371b10e2270f70ffb40f9770f38be76fa3b813706690e2a65928e9d851a06870acebac4d7ebe482f16ca939f0db1343b9979af5b774b7a4539fee3d77be3f7d3246c6beab301e449ebdadfbafc45820e92c4fd0b345c154350a609ab1f84f8fb6868e786091f3fe92848f71a251efaf0d34305c4a6809e8cca60c2d0b5477a", 0x1ee}, {&(0x7f0000000d80)="0f198d5aa5caa1c55b84b414797cbdd4e8c576a921a070fc828060506683fd1106a961ac55b5b8ea3342ca7de5559ca2c14e05e42aed8ba14b2c78cb540f71a817d80fbf1945a046ebda494a8048a106a4d49d7f214735ada53397db3b203885ce39ee48d69465935eade21ce36e61826c52c82f038341d9bab5687c740ed3c18897094e7e1391eb84a4052e03c0c7c39ae86d454938f65e284620b99481c33d9f5e5b7a6c0d7548723f55b213c76be37f40c850c38e265758ebd8238257a146d6eced16fd658a784c928fea7a841db1a7fd6520442dae5fc0d3a3d3a5f16fcf6fe4f062ecdad7d0f3c6cd339339533c0ef28ad1e2729907094c3de93c1b1b00ad6df895d9907e4afb7565d3a8e9eaea020ed173c2179fb03e0944460989240a689c7fe795d310be4e7a6b778a903280dbf426b39c3603c49049980767e31edb997f59785184cbd7b907e0974f1073c745f71db0906cb51780f908fa61634af8ac85d9f04f3dff0a948e81cd3229a59aaeb00995358155343e3239588a0383e4df109d5ca24276d0d83a27d0e9bf681c1bbea12a6f3c20ad50f63430333bb327eb6ae32fe8809065bce26d2dc2fbb2b48d404637d61fd86852e0e1b6ccc6f75b1107aaa5f60ef45f94e953b3f213c3cb4ca4c716565078c666f84e1a99bb4cb5c7190648132f752753c938da6241607a742361d995188b23cb4b8269e98e822585695962620673433748e476f7cc3e37db88639c525ff3a502c82c283b00aecfe7734ab369e1ed7c75e27a5a333641817baa3ea37844e20e6266c5095abf9d47ca5f8ad93f1a4d8795daec222ada00d65cf91425fae7939ceaa8d94ec1ab5082e1d251c27b3132119b350e81771f3733be232ffb90c03a818bf4dee8512f3bac440f5d5e4bed6b897608b01eae26a54433e5f5", 0x293}], 0x2, 0x0, 0x0, 0x4000800}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4)
syz_usb_connect(0x0, 0x4b9, &(0x7f0000000100)={{0x12, 0x1, 0x310, 0x50, 0x6a, 0x63, 0x10, 0x32a7, 0x0, 0x74ef, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4a7, 0x1, 0x3, 0x5, 0x80, 0x2, [{{0x9, 0x4, 0x7, 0x2, 0xb, 0x64, 0x73, 0xf7, 0x98, [], [{{0x9, 0x5, 0xb, 0x0, 0x8, 0x21, 0x8, 0x37}}, {{0x9, 0x5, 0x4, 0x10, 0x400, 0x96, 0xfd, 0x20, [@generic={0xf3, 0x21, "e6646afffeed46e6ec610f80ac6724c55c26c4cc71e8a5a3b31d07d97306928a16d75e0691780c35d27e2ccdcccf62d7a3bf1fa31c65dc7ec40eb31b1f22e33e4e4b13e89d144c1a89e54384212805ce1409e051191ce161e3374e54eb8800dd31b38db275b7081e874a73ab82e6c9b569be37c46051bc5005fa9490b0129524f096b5a1c94bca5386820a4de5d596953f512fbf20cc0bfa3af35cc362f846aa6f7438aec152205966c73305c0261db1d643ed4ad51e252ad16eab71b3771bd3b42df41f8d2f2b4003a5928b57101717c8798716383c55c266e81cd8abb2530e8b0695706a9fd91b1585376ba2b5defccf"}]}}, {{0x9, 0x5, 0x6, 0x0, 0x40, 0x7, 0x0, 0x0, [@generic={0xf2, 0x1, "c8c69b313d78d185bf6350301f85236ba876cf418ccda715129bf1a4cf5bbc0f1afcfa9e25aff10a57cf209898d9800fb7f22eab6994f92720c160b56201254ea295dab182b2d469cea895e20b63ba8dc9b2894c770453331e497a7c89fc2fba2069a29058f2b5c3b053d1bb89caa8d10cc5f6d72aa24f619609a3303d2ee7f13c940914dc938d658e66b40705959d36e5dd375e0711b8d457c1ccf88e95f415b167caf045f1c9e2dd9490d758e4843b1fb20eddefad79154374face20777133a1ee6cc7649ba0b814c980692187a5bd1352d52acb5babaa4abdd3913b7789a7800637a9834abe02ff01961780609d91"}]}}, {{0x9, 0x5, 0x6, 0x1, 0x3ff, 0xa5, 0x3, 0x7, [@generic={0x90, 0x2, "3cfa76cdeb9f9fee394738df6821519bb0c04411857499d0578ab78fda6e16af943ac26ef8ad9e42219f1e56a8a45fcfd8adc525a5af49668f4ea08321976f13e3e97b0fbaa7688a7f5a3b9a2fef2b225b0d92500d06a0d38ec1b1e2afc62a71e2917d2234922c89c875292bd256efb0027db52c876e8c79fbd9d9a8552e6578d1eaaf8eb9d61a9f7e88fef919c0"}]}}, {{0x9, 0x5, 0xf, 0x1, 0x20, 0x3, 0x0, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3e, 0x7}]}}, {{0x9, 0x5, 0x6, 0x3, 0x10, 0x5, 0x2, 0x1, [@generic={0x40, 0x5, "595702ea12f208bf27b3c957a38bdbe2a284241dca2e2542fc63a9d9cd817983c60124cbd0a6ddc490f51d6b4768bfce7425a209b5c714a52920fa2ba584"}]}}, {{0x9, 0x5, 0x7, 0xc, 0x40, 0x4, 0xff, 0x3}}, {{0x9, 0x5, 0x4, 0x8, 0x0, 0x1, 0xa, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x2d, 0x1}, @generic={0x2, 0x24}]}}, {{0x9, 0x5, 0xf, 0x2, 0x10, 0x6, 0xf, 0x8, [@generic={0x48, 0x23, "7980919a1d91a76930124b711e131d6750a4bfd3ca057a69eb6ab876c6c590ec90601b03243493b080f6572e6c7d573f184a24c4bdd90249bbdd7f16caa850ab11ba02a4ad9c"}, @generic={0x57, 0xc, "dba7c93aa644af30c19e2920339e49ccccef86989680984d92c23de9bf92319d330ea31f101cda1a0c6e70e64a2a9cc584e5705d2eb27cc2285bba94f940814db40085e837659883d2268be05b5b03423ad6d4b27b"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x10, 0x9d, 0x9, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x6, 0x3}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0xf, 0x3ff}]}}, {{0x9, 0x5, 0x5, 0x4, 0x10, 0x7, 0xff, 0x5, [@generic={0xb9, 0x23, "739d933b1bcd1a7ea137a72269b294ad30adfc08d9abc9ad1e1d7fd4f544d1935037d5db226433ae7b427a3b5ba074d8bf4c1a20bcacce53103ae405ea13087c03f8b289c648f4426b85095b4e00f222433c08914241b3ed87daacd9022aaf022de741e1d9aa1c6515b9708ae00f752d145597a58fd9751e46d15522ae3b02731184462868e4385e4515344295fc6644d1f4abb071b67c0f9f3cf40e09a9517b1aafc6df2aa403ecbac90bebb42dfe3246da439592dc4b"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x7, 0x5}]}}]}}]}}]}}, &(0x7f0000000080)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0xb, 0x6, 0x22, 0x20, 0xe0}, 0x19, &(0x7f0000000040)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x8c, "d6db052c22f23dd2dc75652a31c01a89"}]}})
executing program 1:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)=<r0=>0x0)
syz_open_procfs(r0, &(0x7f0000000040)='smaps\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000000)={r1})
pread64(r2, &(0x7f0000000000)=""/39, 0x27, 0x9)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000002, 0x28011, r1, 0xf5ce9000)
executing program 3:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000001c80)=[{&(0x7f0000000000)=""/155, 0x9b}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x74}], 0x1, 0x0)
executing program 1:
r0 = syz_usbip_server_init(0x1)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000040), 0x4) (async)
r2 = semget$private(0x0, 0x7, 0x3c0)
semop(r2, &(0x7f0000000080)=[{0x1, 0x4, 0x1000}, {0x0, 0xffff, 0x1000}], 0x2) (async)
semop(r2, &(0x7f0000000080)=[{0x0, 0x2, 0x800}], 0x1) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_fuse_handle_req(r3, &(0x7f00000021c0)="000000000000000000000000000000000000000000000000000000d455b4da00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bd1d8811cd8a942e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x2000, &(0x7f00000041c0)={&(0x7f00000001c0)={0x50, 0x0, 0x2, {0x7, 0x29, 0x7, 0x2110029, 0x100, 0x0, 0x1, 0x57, 0x0, 0x0, 0x80, 0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
lstat(&(0x7f0000000340)='./file0\x00', &(0x7f0000001400))
syz_fuse_handle_req(r3, &(0x7f0000004300)="d5c2280baf4e05cfa1d1112770cf43a123827586f0f2675b130041ff58ba6533ea7947f2f65b1d458fe88a96133ea3927f41fa6976fad8c967c88679769ee674b80debcd1ec6ce1eb490888bd66a52141fa82f51882b22a8e36ff462b51560307cd0048156800ad137f359719a9c5d6ad6a8c999984f22461c4ca6614ca4cbbd5e9103a3459228e3bd35e3c1cd5f2a83fbefafe7c5a39617ba1d856f37977da077ffcf4d52f5bb3feffa9e100b0279cb635a61ae9f5f4491bb1c9f04c041818a1ae9a25cbca38c4b4754a8be4f52db20ca464b3b4faf0ea8ff193b414e7b7a4ec8aec2e77adc43d09c62d37fc0aa6296a56a9445f264a245d41e77de43c2694cc5885ebd454a3b78b60172e3e6a2fd79efa8b5fbbe827512aa0656920858da51616244ad32e53ed039a270c042662bc966a8fa05e23a51c76585a6f753e57c63b5a1dd11c4ce8773702c5c759471b79ee9bed600d99853afda9b675f071bdf6ff4eb99cb1ae0128ac1f8132f9b7bef82221276395e59f1323c9f9f6bb937a9db0bc2088670ffc3e6233ba73d4e324df7bc866e84e82ab707ab8aadd593913dd3533cddb396e804a63155ad6911962bc49bad21faba90b5570b62d98eb5328214a7198b36ea6df9a72dc248311040e01539112e1d6bcb4ed9d7fb70d22768ec6603e4727b6ed2616eb9108524985ccd70f1361f68b1fb7088829acdd59ec5af9e84409737f0d852a3c55993cb7398b5640c458bc036115b86de7b8e68f1cff882ee5707040571c3e5c9602c773459cfecad4917d8ba2902bd64a676e2c6e507d06dbc806c13c0fd18175087440ce7d7300dfe745b8e98ac63b400e449a3f2518c6112c9864fde68f580ebc2d72e4bbd03f16a7289be813c258b02f76ce901afdafc69046c947c9e801ac635b2a95cca291c052c7f8149c92aaeaab41edb34a70604a7538c4bb6486b983416843fe6a65d7b828d66deb991e71526b7627e71c6a795a02e787bc561ec4b65d4742a129c59bc71b323850cb416f3d32494d6dbfe3ea73cb473b093ae0b0ebbbd3e3251ece756b3cc381f05ea1b8c3f7fbcbb16fc446fc084725e6c3a608221aad8d8179112f9e5ee3697346a0dc0645e530df523cf4daea14764c25da2da863adebaccefc2c83a9257b3131ac2fe04a27bf3aea8979b6f3091b4fef99e203725368d297bad3b020273d0b606d2368e2ecb0776349cb86bbcbaa5c910636527e3cbeca06b4135170d8808c5f113fcd77ecb2f099d1e663617a46ffc5275c8fcc339d315ca1583f66fe7a7e6430405c0be889826c07fcafa17f04e08bc39570a1f499092d390c5dba82d259f652307ff941e9f1f569a48144da846f14452df295553de6ef4e9ba0cd98dd16cf89d8bead08eacd4eea71cc5f8232349f2d8519b1172c724d3bbc415c19c9e679b5a96bc9051cf6f243f243366622023ab1b7039a89152e7db97f291bb3f0213c445c25caf5f0a5a2b382c841cd8a490dc97d008966e94ed0b5ce07bcc0c13b39c349e4b596147a633f3a73ab6012a1582d3d283293bd7c01f99cdbad8e18d24867c39ed0dc3fc3cc800edd23af24b225acb2cca5aa264bcda40e1432cf2cc0050efdff48fd49ae4225a983d1b12facbaaba73294eb225fff64a677d0ed2cd71bab61b3fde8a1fdae638d2036283a8a4ff5a548d05cb706f56ce7e3f55a688fa6c70393c53c33be11f34a38f61f80c8e94e50fc9d7c3695d234705bb9e0b2a8316cf54d7963f548d49f153bf796d0970ed1264c19d79eb77fd0aad4844796cec73a08206b9eca76f2ad76318a20d52e7d3338eac40d03775cca0c2b29a451cb10bc141289c2703198e7137200a360463000fab97d0da72a7b4e8aadfa8a2e559a7d06bf49d6d4a932cb29994ef7ca0c1beabf05b898bb2338e89a67373d50614300f13523fe451d4058e5a522d364ec884099ee3c6e6db8d4ec1e5dc08d127b6301a308a1d6798878c28ef828b91b529a22b7519d249a189a7eb942b94ce26148ea8bf16a44261cd9691ba980ec2d0c710dbee41756cb39b88213ad5763239ae7636e983580c41a40b0f3a3af9fa6f995ed1981d073f63a623554bb01869bdfda190bc8d9507cc067b897e1c5f0d087cf8dfcb171169541fa3cce7c3a620544c74f2d3234935a0acf6c804c43992812925cbaaa24f497e7a00efb20c45c7acb80adb3322cbe0f08d1015b40f5ae1366003ebea977b7b95f803487d10aedca3fd018cfa7b267dae604ed0ada202cbebd731f86b7c6764911d4ff0c75a318ee43b1b556781ac58fbd773b2bd0dd693f9b12fa149bbe392cb2d6bf72015912f4a120e47654d42d14107c67b4502b5ad62044d0022c7f8b255a3e46da4bb8f9e44515e4076ce7b1aefd57c4e264b2cbee4a9e8612ce8517b028067644c927a9ce7564449c8fb0471a87b9b76f374c7c2559379a3004326bdc91be5ec52672dc5fac0883ec527f2a1248601bb9267c3123568b815b90b40ba06c250e3068dee2d7fc232141eaaa130443a5775d049464ec454a7c980d9eebaa4f67a75075a6bc28ded9a5f07fe658a2b9eafa37f14055155409d1aa50be6343d13d515d0531b84644d2f58c280d6d008dee95607f67eb74c900f664d97f411f4ac6afc18f11b6fb75e78b3ff25680ed3bbf5b20969678475b86faa02a751e4cec87735645753f245047371c9e6e2e7ab5a9ea3182b4c96934a21b9df3628b478f5ef705aeda49a0609d4b8f5bf34424581557d029438306002fd4e9cff5a2d4e7d5e23c2992032d314b8fbb46ccda250070fc1b679c9c8646c5fe22d8fe2e0fff73d8153fc46ef7885aeaa2d1eabbe455544d46fdef8e3ef9debfe589870942bcc7196e62736e927c311782b5e4da2889d530a7c1550bff4909d2055941655cbcc5c924a477c80fc3b8a904cd9e62f5fb005b5b00154db5becbe327c0f3ec8314ef3fb53977ec24ff7d15aa83a13b23ab99c5332306023005d2dfb70d3ea2aefababd019ae16d304c083e38997cc94bdeb746fc151849c98dc2a23554e6fe789d3aba8bf4e31133c7f93a3cdcd884271dfdd2c45be398a5349ef5d08456178dfafa31cb4c607f09394d71b3405b3d615c7c59c125db88f72380140345d24c56094711dd833221d6b7c5864d049585605c1301c31982d19e403b601b797fe99d0bbfe30d647a913da72b4c5306f6123e7c572828308a9a8f4c686d07125d0006229c2e890ff7d3c354dde61ccd3b26069a81a98e112e61a930f253d607cda5023f002a09df6b1371638d9661c5a06bed166434f07120ad21476de8ad47296af4b449d581cddc74f9be42a84596fb0634f330a856216a9b32b080c8b66e9f51a758b9ca2e1215ddfe633714ca512032f6547217b1a60fcdb27ac8a04bc7851718b38607bc92c13118a323c3221bad99a8639762abcc4a08654da9938aeb301c55546f5ae7f61439dd883a1b2dede156a57c805ab12337d5381a2fb25b32916a8827fc4de8e2ecc70eeebeb01659d6bf88055477b863fb897d5db275a0c222d261e7df79474858b721e57747fe8997faaf36f5f175b23dd3c5efb2b93fb5824da18d635cd7027a3b0b1c87e7c90a5681682b8a7c47dc82fdd3f329c7b60270100dec8ccdd310245b92f4b0bd9a92e1f2a5733b1b91966be15a4761b06f6fe3b05b60ee7964b4d028257c2210ca88031db0590190d3714c1b6ec86e2821dca03db2fc0c9f0ad9800d1773c8037e9b38c7eb7c99618b731e0526f8453c7e1bb67cffcc2d96cc297e1f917b13dd7dda2a8b12191ed107c1e076ffd4965b9415f830be97935cac23a87f07e26354273c2663c7ef19a27dfe08543fa057e1285c909051602981f5929078214058684bc80bed493f6ef853012cb654d180e414fd484f5cb2cfd06c9b753f417697ff42794649e05fcaa3d53ad0fdfbb0db57dc549115e59978b14dd621370d136176098af2f39a2de72482a29b616e8b308b3d9b46ac9abf3d57ff89fe59b5a97966cc4b97d06c20ee4fd765e1c2abce54dc271a7c7efe656648800c27a9988583b4b76572222cb28916b9ff5f6f649de93923179809405c879a90cb450f604cbe8af55cf2a6d844a59ab0393b394e09c79e1b3c403af6eba69330f6969f78a49eb7022e77a39363f11e07fcc69f670f63c11497352f3f5bfea0aee446da35428cebe28f1c2d23ef3ff97e16ceeb2f88ab19b2b69dcdcc81b947b483cc06c776c52232489f86f4c377eb38056042e2e9e0943fc0ef1490df472b9b244235598894a2ffc296f0a2e4257baca6a3ea8cfb1a22ea8295ab9e5faaa2a9e964ae7625dbf945cdbb369265f429d475ab69413cc5bcb89af57b1b966bd0076f799a401d4b46e5045aceb1ef36e5bbfb037bb7681f2a38ef1df9b84baa3598201d13a813165355bf052bb5e456dc0abdefed995b4eb37a39b313af800f6029243a6a7bec75a23389a90034cac8df6713b919028a14649d756d0093550278aad494de2dfeb76220fd3ee5be31f73839ace7f0d6da650e26f5ded30471ed55d2e814fc1b89102e5917b4e58840ecc211eaffa5a2937abeb882ccdf29308e3ac30e23d66ee79c29b4fb7e793a55e344cac298e30f1ca3333df8b58f43126a3404a61501ce06b75e6e6a4bf13dbfb05efd7b9b4219efd428c8f7f345884640d19f5515abcce05f315f00e65d9aa8022890a23da45ede06f455d66e0c96bbf7e9cc74eddca999a51174b4784eba8a9ebed13415de6bd0f160443d43b78181cfa381313a54e25f6751a38f290e5972ff7f70692e18c4737af2a7f6d4eac52ea594a22be4fd00fac1484e6d2d4d3196b49212b49598f5bc77b34d8a3633cf7212c869557d6eb27bf0d0a02555d9318194e9de9c9730ac72daee7cad6c2d4b248a8744515670766a8f1c739917fb859d98974532477989f4c24345f120f5320fdb8d8d56fa6ff2511e701bab399513cecb3e740e3761d02685a765f5267554d0f9243b51620197adc3b561b59c58f334307220db357c1121d7dbf593898b5d2c505f333445c084a6cbc6a7e5252724c83fcee85e304534780a01e7ecceb2ef53ffb6bc6cb9051b1400493ce55d62c01e972fff3cc7d0b68a2dd4d263c9191df1b629e323797f570083f122db3df6abb6fd6c4a351bb7500c7241e4392ac76e04259968e517a43e907cb0b0533d6750b9587a1a5d852639c6b789d333e848e3ad66cbf19c5ee5a641036cb7a858f822f657dec36cc134d6c1a629cfce1f1e24dbb73d09fba04f53b2c6309d71d92211a1f08535244eefcbb52e095626bcc78b950db1cb8facc3660fa705dceef155b00aef3291367ffcea06b5abe588bbdcea2637761308dc65509798b6a494dae4a75c1922c1234248dbfcabfaab3088a0dad09a135a45d75105314020f3ba8901dc39ee624a32e9f863ff55844974b44e57b30302cd0c349f3cc091befd5665f918c298ba89454fb811ce573e41f27490853a52abd6144e85d77de88c3f2e5506c8de40a3957e65936f3b294ce92610b63cec888cb16fe0e8a7af3dd142da96b57f602cc64ba69966724584c2872e5fc42348a324ff082a3ecfded82c3e5b7292d3726c4800176acab6a7a1479a0b5fea79f299e90ffdb1b3843e2349b8f8dc7881145b3796380474c2ceb57e27726c9e50b746a2b12a214fea9cfd6c668363fe6e402710665118928fedb2f4900322b0c7d2c348881ea52278dae765c14b51fd5e8f000602aa3978d83b76056410c2260931e35d841793c8a36b191f93c33c0e4e6367ef45a1cf5145d774861224afbb11a7b77bb94492ec49827f713f8309d80d22e17701046e04c5b277f7b423cbbada01e6d40beb56e755e583b8f3de4b67c4b5ac83771b805fa7af49de2fc8b9a223293d83e7eb4eea3a3af1d1221e5d458e7cab60eaf1b51550a1b125ce018d76096f16d922f4aba48a728ec1b7d4812fe2ca789261b6d8e0c8edb3ba9007649084899c4f6b7986c1cb4a98d412c801fb91675ee42e2bb511bff6700772d3c03a7cb6adb41cbddc33053f8f65c164e9bd47b931510046506b169216d0a04edc479bc51c28acc536ced3834a7a9ce8fb55b72fa186a559437bf41f04b733e05986c915bc19f1b2f99d3bae6c13873d32e3c809b71881c3075f8dd1746f36409ac7934c25236ee2752560fcdd5175037a6fc5f0da58a229418ce30f3e64f9eb6ff3fe4498f47fdd69ceac5e792c8c9f087316f334b7f75e3432d3f1d03ee97c8f16485ec906c94e6c9580f7d03d98a8da85ec118b77c6c1d3b2e99fbf4b45e66cb4f8817f786d1f90e1e5e250be8c240a9648a219a02e62acbd72d1b0c0b42c75065a35664ea6a03cb05ea179f2e8e50e3d7ed53d31cdc10cf5fce48781fa338e3ee819f410540f045cb0edd7b2d219993faaa97cf95aa6144e889a02069421291d05eade30693a751039fece452c22d1afba081d1c40178fed7684cae475fcc365484118a184670cd7aa2758bdb01058ea9b244d5241f627bc5be11c9395e3cb839b0eac7842a312e1fc8b4ddae2aa4ef907ca5c9b847785051323e16d5497c4424289496277475bba67da750fa05bd8be730e4aabaeb94641fa2263dd3d4eb511b4fa40b8cf8b16d7aded1163f2258add79b04e1eb888afa27d057de2523863fc2da38d44cc69ae2d455900eede5fce69d7e9f8707cdb2456a45dda14d257eee4982f86259b855a0293068aa4aeff9439bc06c8ed5a370fe46fa88fa9bb92872166ac69152d1cbb4720eec5b9a057890cbb838aef12091454fe721395b46f9fa29ec1829fedf65aaec1176bb9eb15511bd77e7d4fe7321b3e0dfda95e5c90c3663956477885d6d94b280f58edbc77e864dca73536cd4988bcde2a3edb91704ad59148d85a001e393cebdb56ee088fa1033cdc6fbcbea30e2974035bfe29cee1eace13e30950bb4658886dae7e565ffd7b71e41feecbcac35fd97c81a8fff9d2a1d43f183c6e984671e06645eb0a60228d1b6c12c28bc6eaa4b9125c57b48ced2e199ed3acf12dbe10af4a56f2f5dca829fd07fc3f7e0de6913c73be0ada3e43bcbe70de784de699d0b51d7a56a3eacaf5d7dcd77d73cfb82e04633574213e05dc98850d822bc6dc90dc3fd6184296287342e2243fe6f0cf94e6d02a1b900d0c718e2afbe7fea2fafa375f209fb9cef5d844b861a1029aa3dd7081e81fe6501bbb413dcd23e013f279ef87e082335ade324b7688054992ccc63fbf9153213ab6d07ed0b79945d19639aaa5dd10e53aafe57f1e323300246cb1d6ede1eb1f319ca6fe1b0cc8e733b34818425888110b6eabe2db302310d0a8bcdd5342146b29c535cc9a95a455c8926d77323a31b948d47dc611815a329654a252fd09dbcec5f3cd8bc7e465759eb8e72ff6fd4ef1f375e4e8762a58148622d14480b7bb9aca2eeab3367a7376c9c85e6ba1735e56a2fcc6baf92c8d21942883f318eab7a568fc7ff01885a7089aa7661b15d73799bc0b8f8ce6a3b61adb6949965a223850b6825616c036e099952e04fde7cf086b5e76d45b86ab78b322f9af580173f2e798a39df7cade0d365c9d46d3fb36970f8a99d7b20a1b275afff852126f21ac24ca8c34deb49ba511f4d9edb4f56941aaaa477253f9bfc9a25a2694bbbe3b917074dd4eb6f1be20395ac33dd932a7ccf0604d64257b5af3faf271c145c190a528e471a7f23a53b5f9ea1bd0cc36410e9c538e91dd01d162edde856087b60dcba2042e65b6ae7b81787bd3308db9eb025b6fd930a9eb74a30883b83cfa8be5270dd3ee3408db7f7b136adebb3ee30f0e0b8835a0ded325363e4a2991cafd4a73483954c0f5d3358b25780608fa48f3f527c7e617ec12eb017df33f5088676d8bc476da251e608394e3d8fc0883fd4d1804f8e07f5e12ffa4ee80365a88abf29936bf1b255539fef95f5cf3bebcd26817edb28e7b6adf4851dcfe8aa1aa097f67c51557326ccf9c46ee2780d491e87774324d4dcf26f2e472a5e199b0cdef01094ea72bd5ad5fe1be6c9d545df3dc5de550665d220718a2c0baed2833cfb1428e2d1c2b9ea1e29f4b07fd6c51492643d4000716cd1e8a4f9d58b6b04b805d8962495323fd62949b17348418201664c6f2f651f99d73f8d17bb5e52dba2e6f94fa33f816d74bb6a45bd6cbdbd07f530406227c8fd11f390e805bbc17bc0e81076a27c0be023b64777afec0a7a0c3f53f03bc2ca72ae2873d68217a1a6905f414c2cb1b9561dfd07850a026da5f5775a66f8f3a6bc29b48c8a81b06ba30994ba8e7e233e3a3a5d886767ea6de91fbfc0a594c2375d62e71c7209d87d0f6c7a79a0d80da328e93f08650ec745495c771410913d094e4190075b7225761172eb420c82ab493548f6de38e17d3e687a89ce77c67c58b875c48c8a4d1664cbc6f67df357e040444fcd515d92d5823fc3ef6485208b6f3eda8cd09ea3b004f7eb06ac268ae8c3bf571aa3f619222a47540f9af340c80c587f7226e3d715b18c3ee41f64777d3a0a09f32190ad67922f6ecc63c956a715c3c42a6aaaf5e588d119210083ceaa414820b62fef87a678cd3f24f8fa3cdb6629b041cd7555974313f56d1b0e117ea925dc95e18b5d3f4ba9812f1067022945c3f5d547370d45853c4db3c9ca4436d7e649e1ac3ec02f9c1e9139849b46027d4b276cb0eb4b09848999f466f528290e47ba9540ceca89390db3fcbacb1d566e22e917f01f4442bd4dd0d350d057ffdf5b3549ca559901e6ff5147bdc25c11b23f1678f02c20e4e2e6f339b262e2b82eae0b15b4227f1d514f99ec78fbcf80c8f6f243536f2d7a809de05ae5e1d676fe950ad3513f801bbe4d16737def4b5ec4b62f8562cd5432bd372645202edeb286662d7e8d0dadac5b91c903c2756bdc4f5a7c931f2c3f7feace2b83f5459a196000e2ed1e1b2accaa9d637d5e408340161331c4b0047bf2ab31d317bb1c8f6e1b3d52f9f240bd971a447942dd4b73301781656aad9ce9b01aed907b7eb3a78397b97e601b04a4cb028d327ef32cf20c34e8dad9c9b1f981ab5c06a2b0271852e2a1016ee460d8568391c9ece5a2b8f29cbc6f2d6cc2e66c30c96df548e67dd6ad8c1ff09dfa22b2e8b2c52a3948c4febb0910c2d34c0604a5ef930cd53be69a4bed9c9ee057178ece02a6b4df4624191590952888bdfafd2dbeca128d500872a8b236fba9623672c4dc15f56a761ee0c54026112fc464f72d3039587f009b94930dac0dbe444a939b38c0f5bce7aa366bfc2bb909db231178228846f71a56ab219e28cef1b102c1bfadbe8f0916d10a573b8cb38cc2cc2ec496a410a4e82847006d2ed4bac927a63a00416d0bfce59cc69aaf78ddc9566f23582999a655c8ad3b217486fb5a037ce089baf344d55bbd475be4e90b10e92c9c1bae3202c2d63355549f0ac95058724fea81ff9cec027e7b93e2cee43af81c6978fee5faf6216118785251b8ca023115b2f87d5d4b10c29aa3616628ab40a8ef36668ef57d7f9be505eabc01947ca222362818a71b3d63e5725a4d8a2c619b1867f70daa07703360d026d6f65247330be1ba84ddaaa7779591ca261beda4f4c094af65c5c276fe3bfb89f067c8c54af67e78f61bdc114ed4aa869c3adf282d7a8e7272579e9fd9e47611e0dc89f97561110e0141c69b1fa114e27b3d1e2c825ea008a370e08cd0a0610edef20cdd8a7cda0922fff046edfd2ff391a10ffce5dd6045619ce9af6b03f4193d858a76b201ed5beb0f11321707b7b593b23adaee4a0c0caf39dfeebcbd2948030435dc94ca00990c728502ec4686194f0f454304a422023c1b2c5b1ebbcd8cd50fa2d11361e3bbdc306e2739e27de300eda27b1c1ea62d773104cea77c18037c6bcc76423621b45abbe789b384bfdfb46efa1627ff29d9d840bf6e1f05e7e13fae6383e42ce153dcb062fa0cefd0fe9298ddbe77fd78d7036b5a815504b48267203da08ca685bfe8ae89c031074bbe5d3d6dcc6a3a8a8a4d3102765c3b714867f4516df62f214351b97bb8b5697a9f9a9dd78627342b239c524a3943d1d70f8cdd7391f05e7395731a8fc05210c6733ea256040bbbb53389229b84dafaaa3db1d5eca2971d9e550149461f1a672eae2319a99beed48934520666bc54b63085a744b5fc9a9b089b16c50ae945f74adcd4c5d064a12a6e103ef59bcc035a755ad31836eb7d04e5900d3800c822b96b466a9f6611f46b8a7d6131f91c625a5604de5bf01e5ca5d99a714c8dc1160260010f8d55f9125ee453b61c911bdf0824caa804c76d6512802875c5433de9b2e8b6c579a67fec5d2bc64ed3d1c313854221b75c9a0ed42af6f5354e7b1d1bf8661baa1261e68fc20d14b5652d25a536f208bff2b90fefa163a232696e655bcf95bed39355ec865e272fed582aae18858f5096ece40b9108efb00147f9c2ced59bfe2a79826851850ed95b35908dfb4d9ab7da0668a1fa8933ac4f6534e9598481477791fd1a1c269011ac9fe81f0491790e8aac121ffc00e38a7619a1855e6899abc2c670375a3ba4ac0cf652da89a70628cee1a35ae17b3490102e3c88ca324d06fce2151bc9de49472cf6e76ccb16d2a9cbf4161812e2c7758d73631024190fe9b71935de6968b289d3503b497f3f4b6306446ae9c312f8f1c63c1f7e62652173d9ed48cb128815bd44a12061f9b73fbdc6674ab9e0d01807f7bcfa0aa59168420e5ad8b72d7b576e273a1d229934fce2867689a41cb17767cf9defe1a96515a677ba08e10e187a3ce2f1d78e6b43b0d46c36163a1967b203df4f53379ee98422e973ab5c090adff21b5cc84fc78358021f681a0f0fd744f687e4f6c295470bf8f548d2d3dc841481dd51db9124cacde83bc9fef44a3e69e1cb28579d897f3013ac6133395328247fdcc152e5563678258936576196ced017c79bb6a4ea501a44cb25e5af1697afbdb3abb316837470ffdbe985ac3967334a90731602d3fac4f5c2758f04ec9c161a7cf330b7c7549fb62e6c15d07a7203c94edd3a8141c91b2029d6a90b14322337e6610822d9d7bff58c10d9c6cff71822f6456a421a65fdaa5d2c793f256a4e7a39f0d85d65fb95479eff79345c0615c9bbb4fb3324f9360b70dc709b0200042e8461b8cee9ce30beab3e276df48f41f001262fc14153f9764e13b50397442e00d7b11266bde10a3b7f83818086ff0015409679e4472d9e0215804fa9d21cebfa5cb5099cf88750cbeaaf58c2743f2746ea4cb73760ba88a07b91b68553716d563af5d7702219d0c600916dc54242d825c6d68320baf234a39f0b9ea9e6a4a72c4d5829b2f28508f54b33c7e0394a43fe23e7940d9b04bbe790d903a2d2c979e0ea79931b934d094fa2d5948c05cf278c341d788f2061ff617c9fa4700b1e1f0fbfa1b8c42848f2ea01cd318a8748c3336622ead25527ddbcd8a12ba3a5183f4419deb13558ed0ec99e73448c21ede0dbee9c01fc7675e54c60d4dee29c0f8fe81af6fe7b726f5d3c50dac634aefbf1ca6aa4df1b340a4109acf30939f6094c8591218729788111bfde98cd96d4b04b25bcd1bcb7f826241995573bae", 0x2000, &(0x7f0000008c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x78, 0x0, 0x100000000, {0xf, 0xcbff, 0x0, {0x5, 0x5, 0x3, 0x6c, 0x7, 0x6, 0x1, 0x6, 0x101, 0x4000, 0xfffffffe, 0xffffffffffffffff, 0x0, 0x3, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
close(0x3) (async)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed000000010902"], 0x0)
write$usbip_server(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000300000001"], 0x35)

program crashed: general protection fault in unpin_user_pages_dirty_lock
program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds-madvise-mremap-mremap-syz_clone-process_vm_writev
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000001c80)=[{&(0x7f0000000000)=""/155, 0x9b}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x74}], 0x1, 0x0)

program crashed: general protection fault in unpin_user_pages_dirty_lock
single: successfully extracted reproducer
found reproducer with 10 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds-madvise-mremap-mremap-syz_clone
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: general protection fault in unpin_user_pages_dirty_lock
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds-madvise-mremap-mremap
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)

program crashed: general protection fault in unpin_user_pages_dirty_lock
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds-madvise-mremap
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)

program crashed: general protection fault in unpin_user_pages_dirty_lock
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds-madvise
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: general protection fault in unpin_user_pages_dirty_lock
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program crashed: general protection fault in unpin_user_pages_dirty_lock
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}], 0x48}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x48}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{0x0}], 0x1}}], 0x48}, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
program crashed: general protection fault in unpin_user_pages_dirty_lock
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
program crashed: general protection fault in unpin_user_pages_dirty_lock
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
program crashed: general protection fault in unpin_user_pages_dirty_lock
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
program crashed: general protection fault in unpin_user_pages_dirty_lock
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
program crashed: general protection fault in unpin_user_pages_dirty_lock
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
program crashed: general protection fault in unpin_user_pages_dirty_lock
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
program crashed: general protection fault in unpin_user_pages_dirty_lock
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
program crashed: general protection fault in unpin_user_pages_dirty_lock
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program crashed: general protection fault in unpin_user_pages_dirty_lock
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program crashed: general protection fault in unpin_user_pages_dirty_lock
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-socket$rds-bind$rds-madvise-sendmsg$rds
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)

program crashed: general protection fault in unpin_user_pages_dirty_lock
validation run: crashed=true
reproducing took 51m51.963730573s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 UID: 0 PID: 6023 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:_compound_head include/linux/page-flags.h:284 [inline]
RIP: 0010:gup_folio_next mm/gup.c:255 [inline]
RIP: 0010:unpin_user_pages_dirty_lock+0x91/0x510 mm/gup.c:303
Code: 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 e7 47 1c 00 4d 8b 3f 4d 8d 67 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 c1 47 1c 00 4d 8b 24 24 4c 89 e6 48
RSP: 0018:ffffc90003dbf4d8 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000001 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffea0001678037 R09: 1ffffd40002cf006
R10: dffffc0000000000 R11: fffff940002cf007 R12: 0000000000000008
R13: ffff88805ec20210 R14: ffffc90003dbf5a0 R15: 0000000000000000
FS:  0000555576c81500(0000) GS:ffff8881257ba000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32263fff CR3: 0000000031e2c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 rds_rdma_free_op+0x1ec/0x390 net/rds/rdma.c:504
 rds_cmsg_rdma_args+0x32b/0x1240 net/rds/rdma.c:800
 rds_cmsg_send+0x33d/0x5c0 net/rds/send.c:1004
 rds_sendmsg+0x1129/0x1f00 net/rds/send.c:1314
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 ____sys_sendmsg+0x505/0x830 net/socket.c:2614
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f109cb8ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd22fc79c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f109cdc5fa0 RCX: 00007f109cb8ebe9
RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000003
RBP: 00007f109cc11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f109cdc5fa0 R14: 00007f109cdc5fa0 R15: 0000000000000003
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:_compound_head include/linux/page-flags.h:284 [inline]
RIP: 0010:gup_folio_next mm/gup.c:255 [inline]
RIP: 0010:unpin_user_pages_dirty_lock+0x91/0x510 mm/gup.c:303
Code: 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 e7 47 1c 00 4d 8b 3f 4d 8d 67 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 c1 47 1c 00 4d 8b 24 24 4c 89 e6 48
RSP: 0018:ffffc90003dbf4d8 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000001 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffea0001678037 R09: 1ffffd40002cf006
R10: dffffc0000000000 R11: fffff940002cf007 R12: 0000000000000008
R13: ffff88805ec20210 R14: ffffc90003dbf5a0 R15: 0000000000000000
FS:  0000555576c81500(0000) GS:ffff8881258ba000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f109cb2ab30 CR3: 0000000031e2c000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	df 80 3c 08 00 74    	filds  0x7400083c(%rax)
   6:	08 4c 89 ff          	or     %cl,-0x1(%rcx,%rcx,4)
   a:	e8 e7 47 1c 00       	call   0x1c47f6
   f:	4d 8b 3f             	mov    (%r15),%r15
  12:	4d 8d 67 08          	lea    0x8(%r15),%r12
  16:	4c 89 e0             	mov    %r12,%rax
  19:	48 c1 e8 03          	shr    $0x3,%rax
  1d:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  24:	fc ff df
* 27:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2b:	74 08                	je     0x35
  2d:	4c 89 e7             	mov    %r12,%rdi
  30:	e8 c1 47 1c 00       	call   0x1c47f6
  35:	4d 8b 24 24          	mov    (%r12),%r12
  39:	4c 89 e6             	mov    %r12,%rsi
  3c:	48                   	rex.W

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 UID: 0 PID: 6023 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:_compound_head include/linux/page-flags.h:284 [inline]
RIP: 0010:gup_folio_next mm/gup.c:255 [inline]
RIP: 0010:unpin_user_pages_dirty_lock+0x91/0x510 mm/gup.c:303
Code: 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 e7 47 1c 00 4d 8b 3f 4d 8d 67 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 c1 47 1c 00 4d 8b 24 24 4c 89 e6 48
RSP: 0018:ffffc90003dbf4d8 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000001 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffea0001678037 R09: 1ffffd40002cf006
R10: dffffc0000000000 R11: fffff940002cf007 R12: 0000000000000008
R13: ffff88805ec20210 R14: ffffc90003dbf5a0 R15: 0000000000000000
FS:  0000555576c81500(0000) GS:ffff8881257ba000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32263fff CR3: 0000000031e2c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 rds_rdma_free_op+0x1ec/0x390 net/rds/rdma.c:504
 rds_cmsg_rdma_args+0x32b/0x1240 net/rds/rdma.c:800
 rds_cmsg_send+0x33d/0x5c0 net/rds/send.c:1004
 rds_sendmsg+0x1129/0x1f00 net/rds/send.c:1314
 sock_sendmsg_nosec net/socket.c:714 [inline]
 __sock_sendmsg+0x219/0x270 net/socket.c:729
 ____sys_sendmsg+0x505/0x830 net/socket.c:2614
 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668
 __sys_sendmsg net/socket.c:2700 [inline]
 __do_sys_sendmsg net/socket.c:2705 [inline]
 __se_sys_sendmsg net/socket.c:2703 [inline]
 __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2703
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f109cb8ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd22fc79c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f109cdc5fa0 RCX: 00007f109cb8ebe9
RDX: 0000000000000000 RSI: 0000200000001600 RDI: 0000000000000003
RBP: 00007f109cc11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f109cdc5fa0 R14: 00007f109cdc5fa0 R15: 0000000000000003
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:_compound_head include/linux/page-flags.h:284 [inline]
RIP: 0010:gup_folio_next mm/gup.c:255 [inline]
RIP: 0010:unpin_user_pages_dirty_lock+0x91/0x510 mm/gup.c:303
Code: 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 e7 47 1c 00 4d 8b 3f 4d 8d 67 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 c1 47 1c 00 4d 8b 24 24 4c 89 e6 48
RSP: 0018:ffffc90003dbf4d8 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000001 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000001 R08: ffffea0001678037 R09: 1ffffd40002cf006
R10: dffffc0000000000 R11: fffff940002cf007 R12: 0000000000000008
R13: ffff88805ec20210 R14: ffffc90003dbf5a0 R15: 0000000000000000
FS:  0000555576c81500(0000) GS:ffff8881258ba000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f109cb2ab30 CR3: 0000000031e2c000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 3 bytes skipped:
   0:	df 80 3c 08 00 74    	filds  0x7400083c(%rax)
   6:	08 4c 89 ff          	or     %cl,-0x1(%rcx,%rcx,4)
   a:	e8 e7 47 1c 00       	call   0x1c47f6
   f:	4d 8b 3f             	mov    (%r15),%r15
  12:	4d 8d 67 08          	lea    0x8(%r15),%r12
  16:	4c 89 e0             	mov    %r12,%rax
  19:	48 c1 e8 03          	shr    $0x3,%rax
  1d:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  24:	fc ff df
* 27:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2b:	74 08                	je     0x35
  2d:	4c 89 e7             	mov    %r12,%rdi
  30:	e8 c1 47 1c 00       	call   0x1c47f6
  35:	4d 8b 24 24          	mov    (%r12),%r12
  39:	4c 89 e6             	mov    %r12,%rsi
  3c:	48                   	rex.W