Extracting prog: 42m42.726859637s
Minimizing prog: 47m32.201822498s
Simplifying prog options: 0s
Extracting C: 1m0.872748289s
Simplifying C: 9m26.239601709s


30 programs, timeouts [15s 1m40s 6m0s]
extracting reproducer from 30 programs
single: executing 5 programs separately with timeout 15s
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): add_key$keyring-add_key$user-add_key$user-keyctl$dh_compute-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_GET_PIT-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$hid-eventfd2-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-read$eventfd-close_range-mkdir-open$dir-utimensat-read$FUSE-syz_open_dev$evdev-syz_io_uring_setup-io_uring_setup-syz_open_dev$hidraw-write$hidraw-socket$nl_route-ioctl$sock_SIOCGIFINDEX-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-socket$nl_route-socket$inet6_udp-socket$inet_tcp-setsockopt$IPT_SO_SET_REPLACE-sched_setscheduler-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-preadv-socket-syz_open_procfs-socket$packet-socket$inet_smc-ioctl$int_in-connect$inet-openat$sw_sync-socket$nl_generic-syz_genetlink_get_family_id$l2tp-sendmsg$L2TP_CMD_TUNNEL_CREATE-close-syz_emit_ethernet-io_setup-io_submit-unshare-ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL-openat$kvm
detailed listing:
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ttys-ppoll-ioctl$TIOCCBRK-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-bpf$PROG_LOAD-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-syz_open_dev$tty1-sendmsg$IPSET_CMD_CREATE-prctl$PR_SCHED_CORE-openat$hwrng-sched_setaffinity-preadv-syz_io_uring_setup-memfd_secret-ftruncate-io_uring_enter-signalfd-syz_genetlink_get_family_id$nl80211-sendmsg$NL80211_CMD_UNEXPECTED_FRAME-socket$nl_netfilter-sendmsg$NFT_BATCH-getsockopt$inet_int-mmap$IORING_OFF_SQ_RING-syz_io_uring_submit
detailed listing:
executing program 0:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x24f9, &(0x7f0000002ec0), &(0x7f00000000c0), &(0x7f0000000140)=<r4=>0x0)
r5 = memfd_secret(0x0)
ftruncate(r5, 0x3)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, 0x0, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x302, 0x0, 0x0, {0x2, 0x0, 0x5}}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x4}]}]}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}}], {0x14}}, 0x110}}, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb5, &(0x7f00000002c0), &(0x7f0000000080)=0x4)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000002, 0x11, r5, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4a, 0x0, 0xffffffffffffff9c, 0x0, 0x0})

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$ETHTOOL_MSG_FEATURES_SET-mknodat$null-socket$nl_xfrm-sendmsg$nl_xfrm-unshare-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_PORT_GET-syz_open_dev$usbmon-mmap-syz_open_procfs$userns-syz_open_procfs$userns-munmap-syz_open_dev$evdev-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-preadv-execve-syz_emit_ethernet-socket$inet6_sctp-syz_usb_connect$hid-syz_emit_ethernet-openat$uhid-pwritev2-write$sequencer-write$UHID_CREATE-readv-openat$qat_adf_ctl-ioctl$IOCTL_STOP_ACCEL_DEV
detailed listing:
executing program 0:
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x0, 0x4}, {@in=@loopback, 0x0, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3}, {0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x8, {0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0xe}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x0)
unshare(0x2c020400)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1405, 0x131, 0x0, 0x0, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540))
syz_open_procfs$userns(0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "2b23ca5ed9707954c7310801"}}}}}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev, @multicast1, @random="e374636d35dc", @multicast1}}}}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev2(r3, &(0x7f0000000600), 0x0, 0x0, 0xffff, 0x0)
write$sequencer(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000001040))

program did not crash
testing program (duration=15s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setsockopt$inet6_tcp_TCP_MD5SIG-openat$vmci-ioctl$IOCTL_VMCI_VERSION2-ioctl$IOCTL_VMCI_INIT_CONTEXT-ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC-ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA-add_key$keyring-add_key$user-gettid-socket$nl_generic-syz_emit_ethernet-sendmsg-openat$sndseq-open-mmap-fallocate-write$cgroup_subtree-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-close_range-read-tkill-keyctl$clear-add_key$user-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_NEW-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_NEW
detailed listing:
executing program 0:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)={@in, 0x0, 0x0, 0x0, 0x0, "f55f817bc06c88f47480ab5a58b45baf660401c8bc69351dac1f1747678b1958be4f737c06ed8b91cfcb18062bc5832e880319bf07279cd8bb654dd3911a359dbee08f634402630b53fa8ce128836865"}, 0xd8)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000040)={{@my=0x1}, 0xfffffffffffffeec})
r1 = add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)
gettid()
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaa07000000cd60e400ff0038"], 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f86dd", 0x5ea}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
tkill(0x0, 0x0)
keyctl$clear(0x7, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000200)='C', 0x1, r1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800900"], 0x48}}, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 15s
testing program (duration=22s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 29, 29, 29, 26, 27, 27, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 26, 27, 29, 28, 29, 29, 29, 29, 29, 26, 27, 28]
detailed listing:
executing program 1:
socket$inet(0x2, 0x0, 0x4)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000a40)=@raw={'raw\x00', 0x4001, 0x3, 0x360, 0x0, 0x0, 0x148, 0x0, 0x148, 0x2c8, 0x240, 0x240, 0x2c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @dev={0xac, 0x14, 0x14, 0x38}, 0xff, 0xffffffff, 'veth1\x00', 'ip6gretap0\x00', {0xff}, {}, 0x5e, 0x1, 0x12}, 0x0, 0x198, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}, @common=@addrtype={{0x30}, {0x0, 0x800}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x6, 0x5, 0x2, 0x0, 0x4], 0x1, 0x6}, {0x0, [0x4, 0x1, 0x0, 0x7, 0x6, 0x2], 0x1, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c0)
quotactl$Q_QUOTAON(0xffffffff80000102, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
mkdir(0x0, 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x10)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
epoll_create(0x3)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f00000003c0)=[{&(0x7f0000019b40)=""/102397, 0x18ffd}, {&(0x7f0000000180)=""/61, 0x3d}], 0x2, 0x0, 0xa)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298)
memfd_create(0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
r6 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$apparmor_exec(r6, &(0x7f00000001c0)={'exec ', ':\x00~\x14-\x90\x14\x05\x00\x8fQhj\x1b\x04\xe5\x8d\xa1\xc2\xaa-\xc7gD#\x03\x1c\xee\xaa\xdd\x80\x9e/\x19{S\x15\xfe\xbaO\xae\xa1z,\xde-\x8fKN\x86g\x9b\xe4\xfe\xae/\x90\xd8^O\x86\x81\x84\xabq\xeb\x8b;F\xe9\xee\xc8\xd1\xb4Q\x05\x14\xe7\xa9c(0D7[\xccB\xe1Y\x99\x05\xae\xba\x00\xc4\b1\x84\xd6\b\xb0\xf0\x9a\x98\x85;\xffUq9:\xaf\xa2\x83\x88d\xc0\xe5\xcfF\x144}\x02\xb9\xb1\x85\x7fx\xe6\'\x8c\x898\'ej\xde;+\n1\xd4\x15\xf9Q\xacw\xcfS\xed\x80\fkt\xed\xdb|\x10\xbd\xbe\xf1\x94\x99\xe1?\x10\xda\xc7\xed['}, 0xb0)
r7 = creat(&(0x7f0000000040)='./file0\x00', 0xecf86c37d53048c3)
close(r7)
execve(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000060000002000018014000200766574683100000000000000000000000800030004000000c2cd8a381b8aaf64475e102dd6349d054352236bad4a87be9af8e5461107a7077977056dc58484214e20deb0b2d2f4fe639421804b84074e1bbc4548c669928e27a064001c11fc8af5c815463e4fddef90cba2ab66bbe01ce8d57b478fab720014518981c7adea69e8db95d41e97bd0e2b4c648554445b243bbb5c8e8abe0351faa72390e47a"], 0x34}, 0x1, 0x0, 0x0, 0x4040844}, 0x8000)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x6, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/address_bits', 0x0, 0x0)
lseek(r5, 0x7fb, 0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000200)=0xa1)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$BINDER_GET_EXTENDED_ERROR(0xffffffffffffffff, 0xc00c6211, &(0x7f0000000080))
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
io_setup(0xeb0, &(0x7f0000000140)=<r6=>0x0)
r7 = socket$xdp(0x2c, 0x3, 0x0)
io_submit(r6, 0x1, &(0x7f0000001780)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}])
io_cancel(r6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d00)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}]}, 0xac}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
executing program 4:
socket$nl_netfilter(0x10, 0x3, 0xc)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, @val=@iter={0x0}}, 0x40)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x22ac81)
r2 = dup3(r0, r1, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000100)={&(0x7f0000000040)=[0x0, 0x0], 0x2, 0x2})
ioctl$MON_IOCG_STATS(r2, 0xc0109207, &(0x7f00000001c0))
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
mlockall(0x0)
fstat(r3, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201010200000040da074d1048e5000203010902"], &(0x7f0000000440)={0x0, 0x0, 0x1d, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00'], 0x1555571d})
socket(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0x1}, &(0x7f0000000040), &(0x7f0000000100)='%-5lx  \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='udp_fail_queue_rcv_skb\x00', r3}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000480)={[0xfffffffffffffffd]}, 0x0, 0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
fadvise64(r4, 0x0, 0x0, 0x3)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000080)=0x477e, 0x25)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$sock_int(r5, 0x1, 0x2f, &(0x7f0000000300)=0x7c, 0x4)
recvmmsg(r5, &(0x7f00000091c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000007640)=""/23, 0x17}}], 0x1, 0x45833af92e4b39ff, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/sysvipc/sem\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x48)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc)
preadv(r0, &(0x7f00000012c0)=[{&(0x7f0000001800)=""/250, 0xfa}, {&(0x7f0000000000)=""/183, 0xb7}, {&(0x7f0000001500)=""/208, 0xd0}, {&(0x7f00000010c0)=""/42, 0x2a}, {0x0}, {0x0}], 0x6, 0x4, 0x0)
semget$private(0x0, 0x6, 0x14b)
read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="040e0501460c1f00c7f641737da8c5df97e629d54f8eef8f4b4c287248623393943b5ba71f4c252077dee7cda5f191af639f6bc9ccce6307303924e47e62deed5d1bb5921eea00000c30f73971da9388b9ec29139dedf9d61d113d31eeef342c9d"], 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700), 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001780)={0x8, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r3, @ANYBLOB="00000000e70b00000000000000000008"], &(0x7f00000005c0)='GPL\x00', 0x2, 0x1000, &(0x7f0000000780)=""/4096}, 0x90)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_LEDBIT(r4, 0x40045569, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(r4, 0x40045569, 0x4)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000100)={{0x0, 0x0, 0x4000}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_DESTROY(r4, 0x5502)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, 0x0, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, 0x0)
io_submit(0x0, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 4:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)
executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xe, 0xc, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xd}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000540)='GPL\x00', 0x6, 0xfb, &(0x7f0000000580)=""/251, 0x40f00, 0x4, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x0, 0x4}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0x10, 0x8, 0xfffffffc}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=[0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], 0x0, 0x10, 0x101}, 0x90)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000800)=r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x64, 0x65, 0x0, 0x10000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}}, [@TCA_RATE={0x6, 0x5, {0xf6, 0x5}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6, 0x25, 0xfffe}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}]}, 0x64}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x11, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0xc, 0xffff, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000240), 0x20000000}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r2, &(0x7f0000000140), &(0x7f0000000240)=""/101}, 0x20)
r3 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_COPY(r4, 0x3b83, &(0x7f0000000100)={0x28, 0x4, r5, r7, 0x5, 0xa05, 0x1ff})
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000380)={"740e00", 0x0, 0x6, 0x2, 0x0, 0x0, '\x00', "000000f5", '\x00\x00\x00N', "10004800", ["efc1c7c5ffff7fefff650306", "00431943860000ec0000bdff", "345e417e7fffff31fff200", "0000201b0000000000000f00"]})
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x54}}, 0x0)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r9, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
setsockopt$SO_TIMESTAMP(r9, 0x1, 0x3f, &(0x7f0000000040)=0xc, 0x4)
recvmmsg(r9, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000380)=""/252, 0xfc}], 0x1, &(0x7f0000001e40)=""/23, 0x17}}], 0x1, 0x0, 0x0)
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
sendfile(r10, r10, 0x0, 0x5)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r10, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r10, 0xc004500a, &(0x7f0000000300)=0x2)
sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0xfffffffffffffe3a, 0x0, 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
executing program 2:
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89001)
prlimit64(0x0, 0xe, &(0x7f0000000140), 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000))
r1 = io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x4, 0x1, 0x63})
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r2)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae})
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000000)={0x0, 0x0, 0xd4a4})
fcntl$lock(r2, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r4, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000002c0)=@assoc_value, &(0x7f00000000c0)=0x8)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000140)={'virt_wifi0\x00', 0x1})
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'virt_wifi0\x00'})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x5, &(0x7f0000000300)=[{0x45, 0x0, 0x2}, {}, {0x4}, {}, {0x6, 0x0, 0x0, 0x1}]})
syz_open_dev$vcsn(&(0x7f0000000000), 0x1ff, 0x800002)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
close_range(r1, 0xffffffffffffffff, 0x0)
executing program 1:
syz_usb_connect$uac1(0x0, 0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000086b1d00004000010203010902780003010000000904000000010100000a2401000000020000000080000001008e78"], 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$pfkey(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, 0x0, &(0x7f0000000200))
socket$inet6(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='net/ip6_tables_names\x00')
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x200000100000011, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
pipe(&(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2c, 0x803, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r3, @ANYRES64=r3])
executing program 3:
socket$alg(0x26, 0x5, 0x0)
fsopen(&(0x7f00000003c0)='ext3\x00', 0x0)
r0 = syz_usbip_server_init(0x3)
socket$l2tp6(0xa, 0x2, 0x73)
write(r0, &(0x7f0000000f40)="b410a1e8252ce0a1a3be3d593e8bf96f9615aea940ed08d314cbc50631fb02a0647a3c2ed4c85c8eef57d078ec90823a", 0x30)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
mbind(&(0x7f0000596000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3)
msgget$private(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, &(0x7f0000000100)={0x89, 0x58, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @ra, @generic={0x0, 0x2b5, "9863c97f84286bc183d18a82e6c7d8e260cde17794c34480237e706e6127fb1a7267eaff3648c07b2ac159db1a0c472bcb97c32eabaabcaac9f0c4bb88c94c3e97c1188ac8316abcc92798d57d8c43b31c2a4a98255358300b5fd305c44adf10d92d01a03d454ea85ab429f66b13bec1d6582863847f7ba32c3e072922afb8a8e4e834579d2e866a77d5717eb849ff50503018c1bdd17f4cce8609a430bcf0b58b01eb1db4992c1178f578b7c7964963db61354e6fb0c5cbf5b9b1b25994e9e31569de57dab3001b4c2b73deae5f4f6fe9e295c6b754fe0bd275ef9201a7b9adbc8f269c60f73964da18f4738bfd76bfb30075a6082f8645802a5ee99d99419e0670111cb1d5bba22122a808c54fe07bb4509edbf3415d58f482de57a338e33474ffb8cc645822106170323955e613759e953b0250b14591b423117f21b18d2dabca8a45353fc579267e3caa888d4bd3014ce856bd334e6c9563525847c950e91aee39b919760b7d2ec9477068539d31f288a70d70c57ea1c63b09b99ca8a55bdb85eff7a44e66050cf7528728a788121a8e52bde52b9635bd0bbbaf73c4477f92a87b01e975aadb83784adf26725e00d80d28b6913dc803b1d87ec5102197057babfa931cd0d3c9a9da6395e0a49b3a5d2e9d0955a952950b24bbfc26cc2d568766affb569ff0967d098dd37703138af90dac3aed4526a7e97adc0568653830e4fd34a6def7bfb7a3b1444f1c1e102cbbc631238ac16983682fddcd44cd1bc8a8c264ba5bf49bc49c8e99af0e353cba8698803fa7dbcaecc7bbab9f9712b0266da0302289eb7b03e5d40f5651bee25edd861a25182eac31ea7b64fb6a0b38e336cacc6d7f29f5d23e20e6381f1facb1b6fc65cd7c5df72efb9f37a997636e1098dc87dd553041a8621f1723c6e4d370f29eb39ba160f830f6d1b2da5074e51fd332181aef4fe75f5c55e0383cb67763a9dd40a054"}]}, 0x2c8)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_ts_info})
r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000000)='cpu.stat\x00', 0x300, 0x0)
read$FUSE(r6, &(0x7f000001aa80)={0x2020}, 0x2020)
syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="120100002ba7b040480b03200174000000010902120001000000000904"], 0x0)
executing program 2:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=@delchain={0xb4, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_bpf={{0x8}, {0x68, 0x2, [@TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_OPS={{0x6, 0x4, 0x7}, {0x3c, 0x5, [{}, {}, {}, {}, {}, {}, {}]}}, @TCA_BPF_FLAGS={0x8}]}}, @TCA_RATE={0x6}, @filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x0, 0x2}}]}}]}, 0xb4}}, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000140)="2a6964b6e862bbb7ace52f4024afa4a037aa7a2c42a917c9800a8355448b1022eb5829e387283555dbf20602b0befa124cf1", 0x32}], 0x1, 0x0, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
syz_emit_ethernet(0x11, &(0x7f00000002c0)={@remote, @random="6b8e22dbf1a0", @void, {@llc_tr={0x11, {@llc={0x0, 0x0, "bf"}}}}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r6, 0x0)
r7 = dup(r5)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r10, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
listen(r10, 0x0)
syz_emit_ethernet(0x86, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp={0x44, 0x10, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x15, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}, @md5sig={0x13, 0x12, "c851616c0500cb080000000000e79490"}, @sack={0x5, 0xa, [0x0, 0x0]}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}, @mptcp=@capable={0x1e, 0xc}]}}}}}}}, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
sendmsg$NL80211_CMD_SET_BSS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000606375a857db40d41204b810f7a567d541ff676d498a0f1112d88dc37b045efdee26dd1e7b988d0bf2b4843f45abec9eff072f4441e7f07a2b3c569e69f0fd03189c9dc4cb6bb4c01442f387f0372094ce9cf50c59bf1abab0fd0b0254898f4a470c329eafa76acffdaba9010cae839c06fe3e9fc05bf7149c3d01000080a21b4e023eeb657d9d1610f959960361119827b16e947a8879219eb2a5782503d3044211e43567d08f86106c83da3d53e2954037305cbffe242ab85a00"/204, @ANYRES16=r2, @ANYBLOB="010000000000000000001900000008000300", @ANYRES32=r3, @ANYBLOB="0500a20000000000050060003100000006006d0000000000"], 0x34}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x0, 0x9, 0x0, 0x1}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33)
r3 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1)
ioctl$USBDEVFS_CONTROL(r3, 0x8008551d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000800000000000000007008018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7060000190000008500000005000000bc0900000000000035090100000900009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff000000002f8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc70200000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000003f9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0xd000})
write(r2, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000500090002000000", 0x24)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f00000000c0)={0x1d, r8}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=@mpls_newroute={0x154, 0x18, 0x400, 0x70bd2c, 0x25dfdbfe, {0x1c, 0x14, 0x0, 0xfc, 0xff, 0x3, 0xc8, 0xa, 0x800}, [@RTA_DST={0x8, 0x1, {0x8}}, @RTA_DST={0x8, 0x1, {0xe79}}, @RTA_DST={0x8, 0x1, {0x2, 0x0, 0x1}}, @RTA_NEWDST={0x84, 0x13, [{0x9}, {0x8000, 0x0, 0x1}, {0x84a}, {0x0, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x1b1e, 0x0, 0x1}, {0x6}, {0x6}, {0x1}, {0x2, 0x0, 0x1}, {0x715}, {0x2, 0x0, 0x1}, {0x40, 0x0, 0x1}, {0x8}, {0x200, 0x0, 0x1}, {0x7}, {0xeb, 0x0, 0x1}, {0x200, 0x0, 0x1}, {0x80, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x3f, 0x0, 0x1}, {0x9}, {0xe7}, {0x8}, {0xff, 0x0, 0x1}, {0x9}, {0x9, 0x0, 0x1}, {0x4, 0x0, 0x1}, {}, {0xffcc0, 0x0, 0x1}, {}, {0x2}]}, @RTA_MULTIPATH={0xc, 0x9, {0x2, 0x10, 0xff, r8}}, @RTA_MULTIPATH={0xc, 0x9, {0x1, 0x2d, 0x7, r8}}, @RTA_NEWDST={0x84, 0x13, [{0x363}, {0x1f, 0x0, 0x1}, {0xffff}, {0x8}, {0x60, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0xffff, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x1f, 0x0, 0x1}, {0x2e79c}, {0x5}, {0x4, 0x0, 0x1}, {0x5}, {0x5, 0x0, 0x1}, {0x2}, {0x6, 0x0, 0x1}, {0x7f, 0x0, 0x1}, {0x8001, 0x0, 0x1}, {0x7, 0x0, 0x1}, {0x9}, {0x7}, {0x8}, {0x9, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x1000, 0x0, 0x1}, {0x1}, {0x7, 0x0, 0x1}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x1)
setsockopt$CAN_RAW_FILTER(r7, 0x65, 0x1, 0x0, 0x0)
close(r7)
fcntl$lock(r6, 0xb73a099a2ea7f93d, &(0x7f0000000380)={0x1})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x2d}]})
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r10, 0x0, &(0x7f0000000000))
executing program 2:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430)
syz_extract_tcp_res(&(0x7f00000002c0), 0xec, 0x9)
syz_emit_ethernet(0xa5, &(0x7f00000003c0)={@local, @local, @val={@void, {0x8100, 0x2, 0x0, 0x3}}, {@generic={0x806, "b4c2f82f6b4d412848b6e8a0b0a5a6c454f7c7a9d211a797a922609e1891aca4f450d136017a6ef7547ac617511a19ecd82106fb420bde6ed8b06b4d372013b33a1aa21e2d88add77895380c7024f173fcf9747744d023017a3bfb79e0dc41d00b6d0ef3306cf9bbef154ae9843e6399bcc12453d82e5c441f66e94d7ef05420fcb5c7cd816093adadd215aa4dcec313da001c"}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x1c}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/pm_trace', 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='-'], 0x28)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x2, 0x18}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x330)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0xffff, 0x2, @empty}, 0x1c)
sendmsg(r6, &(0x7f00000000c0)={0x0, 0x952c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
executing program 3:
ioprio_set$pid(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x0, 0x0, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='ext4_sync_fs\x00', r1}, 0x10)
listen(0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0x3, 0x2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001780)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x0}}, 0x10)
setsockopt$inet6_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x6, 0x4)
listen(r3, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
accept(r2, 0x0, 0x0)
openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$KDGKBMETA(r6, 0x4b62, &(0x7f0000000040))
executing program 1:
socket$inet_udp(0x2, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000000)={0xffffffff, 0x0, 0x0, 0x20002, 0x0, "af99799d517effffffb429cdb400007b2364ee"})
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x82, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
write$apparmor_exec(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="737461636b200d381cd2a12f2f"], 0xf)
read$FUSE(r0, &(0x7f0000003a80)={0x2020, 0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
quotactl_fd$Q_QUOTAOFF(0xffffffffffffffff, 0xffffffff80000302, r5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="bc00000010000104000000000000000000480000", @ANYRES32=r6, @ANYRES32=r6], 0xbc}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
syz_usb_connect(0x0, 0x34, &(0x7f0000000800)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb90500000001090222000100000000090400000101035100090502fffffffff000072501"], 0x0)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000180)={r6, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x1f94, 0x60000000, 0x3, 0x201, r0, 0x3, '\x00', 0x0, r0, 0x3, 0x4, 0x4, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000004000004f16cab22fafae71b8db4a6aa69904840fc4f542018b6fd589b6bf13c97cd7d025b9b9ed7ab14b29fd41804c8edbafc67cc430819e3919ed83c62b6b0dde9716a0e30117bca5d416762545a19e29edb06b51c6e05278b983fafbb183c038d3c9505ea18bd2842e5c0c1172c9c325bec3400e99e02953853bf93d952d94a1bcd59abf5eaf01634e719c32a33d5faab371fb6013b359e5015f57d304cf07364ee120fa6050e1b0703a65521599673d584f237a48bf6ef54e079f22562c444bf4b73686994463a0234010462f303ae9606f6eadb995d3c09c22d980b4e5eeac6d7e9667fd375a16ad335cf9f", @ANYRESHEX=r4], &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000f0d6166b00e7e4810cf02d8347ae8edafdf14d56273b7f49a2c10a88986d", @ANYRES32=r7, @ANYRES8=r4], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = syz_usb_connect$hid(0x0, 0x49, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040341d0a000000000000010902240041000000897dde4e32b118000904000001030000810300"/54], 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x0}, 0x90)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @mcast2}]}, 0x40}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_int(r7, 0x0, 0x5, &(0x7f0000000080), &(0x7f00000000c0)=0x1)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
epoll_create1(0x0)
syz_io_uring_setup(0x24b5, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f00000000c0))
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', <r10=>0x0})
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r11, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r11, 0x6, 0x1d, &(0x7f0000000200)={0x7}, 0x14)
setsockopt$inet_mreqn(r11, 0x0, 0x23, &(0x7f0000000280)={@local, @private=0xa010100, r10}, 0xc)
r12 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r12, &(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r12, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4)
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x154, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x124, 0x2, [@TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0xff}}, @TCA_CHOKE_STAB={0x104, 0x2, "1c95bd4b9c04426eb8a43474272d3434102d35adc1ec12d283c667bb67e7f293578badf2de49d727edd6c008c3c1237f3981d2ff03c3cf6610f4d8750c753db39d65c5a7536e80ed76ae9ed3b5d57ca70834f5e2a6a9370231ddcf322a5d7ed490aed58d32c97a3146cb72cf6c05ad7242994bc37d418cc32c2ac7327fd983f9272167a5f5f032026a80149f3e27ab01eee310bb51c6a2e90eb792fcbd7e96043029a3d7d5f413799dae909b153164b87759ceaa68cc73a4e8b26884eed5d25ae4eea9c631d303239aa4c05c516b260a023ebf5f9e1ddd1b1456d3252514347abf6967e933b2b6dfe9eeeaabc343f9d0c4e8c723a0b78390ce073e8cee3d7240"}]}}]}, 0x154}}, 0x0)
r13 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r13, 0x1, 0x25, &(0x7f0000000200)=0x7b35, 0x4)
sendto$inet6(r13, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c)
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, 0x0, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r4=>0x0)
io_submit(r4, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000180))
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f00000101c0)={@my=0x1})
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x6a0401)
unshare(0x20040400)
creat(&(0x7f0000000040)='./file0\x00', 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x10005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x3, 0x30}, 0xc)
sendto$inet(r3, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000280)='p', 0x1, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r4, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9901c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c4947987748ab21a48aef3", 0xfd1, 0xfff, 0x0)
mq_timedreceive(r4, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000001600)=@raw={'raw\x00', 0x4001, 0x3, 0x1e8, 0x0, 0xb, 0x148, 0xc0, 0x148, 0x150, 0x242, 0x240, 0x150, 0x215, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'geneve1\x00', 'ipvlan0\x00'}, 0x0, 0x98, 0xc0, 0x0, {0xff0f000000000000}, [@common=@icmp={{0x28}, {0x3, "4911"}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x16}, @broadcast, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'caif0\x00', {0xff}, {}, 0x2f, 0x1, 0x42}, 0xec010000, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000400)={0x0})
executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x18, 0x0, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x803, 0x0)
write$binfmt_script(r3, 0x0, 0xfffffe5d)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r4)
r5 = socket(0xa, 0x1, 0x0)
close(r5)
sendmmsg$inet_sctp(r5, &(0x7f00000019c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000802000000000000000000000000000000000000004b1fa6ac"], 0x30}], 0x1, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYRESDEC], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r6, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c884}, 0x0)
socket(0x10, 0x803, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r7, 0x29, 0x33, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r8, 0x407, 0x10005)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)
executing program 2:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)={@in, 0x0, 0x0, 0x0, 0x0, "f55f817bc06c88f47480ab5a58b45baf660401c8bc69351dac1f1747678b1958be4f737c06ed8b91cfcb18062bc5832e880319bf07279cd8bb654dd3911a359dbee08f634402630b53fa8ce128836865"}, 0xd8)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000040)={{@my=0x1}, 0xfffffffffffffeec})
r1 = add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)
gettid()
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaa07000000cd60e400ff0038"], 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f86dd", 0x5ea}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
tkill(0x0, 0x0)
keyctl$clear(0x7, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000200)='C', 0x1, r1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800900"], 0x48}}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
close(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ff41000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x14, r8, 0xc99752fbd6bf8f05, 0x0, 0x0, {0x4e}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x100, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000080)
unshare(0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x20, 0x3b, 0x9, 0x0, 0x0, {0x4}, [@typed={0x4}, @nested={0x8, 0xa, 0x0, 0x1, [@generic="4efeecac"]}]}, 0x20}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
executing program 3:
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x0, 0x4}, {@in=@loopback, 0x0, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3}, {0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x8, {0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0xe}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x0)
unshare(0x2c020400)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1405, 0x131, 0x0, 0x0, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540))
syz_open_procfs$userns(0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "2b23ca5ed9707954c7310801"}}}}}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev, @multicast1, @random="e374636d35dc", @multicast1}}}}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev2(r3, &(0x7f0000000600), 0x0, 0x0, 0xffff, 0x0)
write$sequencer(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000001040))
executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x500}, {}]}})
sendmsg$key(r0, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="02060000020000e50000000000000000"], 0x10}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="c9935f2bb8007f35e9836832e07e9b571d838b29621252ce5f8cf8388f1840b1442957c8f4e8d4492900dd9645d88454b74a36ebf3b8a4a634f733317480fabd1d833e4d47098b7a74f12149d1bb3ae19d91a12013a417567f187239c3940d5f89c391eb220a9b61d2bf04b5323b079caf3c19d098bf232a4796f0ec7bb8c10474f2eea0199e09363a0ed00dd3e9f759c20ea320feb7e6911d81", @ANYRES16=r3, @ANYBLOB="0500ffffffff000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000b00000060000000cf000e0080000000080211000001080211000001505050505050000000000000000000006400000000060101010101010301010602070005750000007adc21b58f24e0ee963a73f337a51c30819317c95b2bb6a0a870aae8a88f528ea67e7bc956aced2f3c31f8e7c0473cbe05a641f71c705c076ca4b8677b270519a4970295d3adbba2ed2c6f98ee5e162c7f0cb8b5c0c05ba5e5edfe8d13eddef3995dfe1eb15498eb2b1a88ed94412d4af59625030084042a0100720603030303030371070000000000005876060000000000000004000f00080026006c09000008000c006400000004000501"], 0x110}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r4)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000dc159217e6e2ec00", @ANYRES16=r5, @ANYBLOB="0106000000000000000045000000"], 0x14}, 0x1, 0x0, 0x0, 0x20044004}, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140))
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x7ff}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r7}, 0x38)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000100), &(0x7f00000001c0)=0xffffffffffffff66)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
r10 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r11=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x85, 0x0, &(0x7f0000000540))
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000005c0)=@assoc_id=r11, 0x4)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000600)={0x4})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
executing program 1:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x24f9, &(0x7f0000002ec0), &(0x7f00000000c0), &(0x7f0000000140)=<r4=>0x0)
r5 = memfd_secret(0x0)
ftruncate(r5, 0x3)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, 0x0, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x302, 0x0, 0x0, {0x2, 0x0, 0x5}}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x4}]}]}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}}], {0x14}}, 0x110}}, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb5, &(0x7f00000002c0), &(0x7f0000000080)=0x4)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000002, 0x11, r5, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4a, 0x0, 0xffffffffffffff9c, 0x0, 0x0})
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 0:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): add_key$keyring-add_key$user-add_key$user-keyctl$dh_compute-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_GET_PIT-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-syz_usb_control_io$hid-eventfd2-epoll_create1-epoll_ctl$EPOLL_CTL_ADD-read$eventfd-close_range-mkdir-open$dir-utimensat-read$FUSE-syz_open_dev$evdev-syz_io_uring_setup-io_uring_setup-syz_open_dev$hidraw-write$hidraw-socket$nl_route-ioctl$sock_SIOCGIFINDEX-syz_emit_ethernet
detailed listing:
executing program 0:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-socket$nl_route-socket$inet6_udp-socket$inet_tcp-setsockopt$IPT_SO_SET_REPLACE-sched_setscheduler-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-preadv-socket-syz_open_procfs-socket$packet-socket$inet_smc-ioctl$int_in-connect$inet-openat$sw_sync-socket$nl_generic-syz_genetlink_get_family_id$l2tp-sendmsg$L2TP_CMD_TUNNEL_CREATE-close-syz_emit_ethernet-io_setup-io_submit-unshare-ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL-openat$kvm
detailed listing:
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_open_dev$ttys-ppoll-ioctl$TIOCCBRK-ioctl$KVM_CREATE_VM-bpf$MAP_CREATE-bpf$PROG_LOAD-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-syz_open_dev$tty1-sendmsg$IPSET_CMD_CREATE-prctl$PR_SCHED_CORE-openat$hwrng-sched_setaffinity-preadv-syz_io_uring_setup-memfd_secret-ftruncate-io_uring_enter-signalfd-syz_genetlink_get_family_id$nl80211-sendmsg$NL80211_CMD_UNEXPECTED_FRAME-socket$nl_netfilter-sendmsg$NFT_BATCH-getsockopt$inet_int-mmap$IORING_OFF_SQ_RING-syz_io_uring_submit
detailed listing:
executing program 0:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x24f9, &(0x7f0000002ec0), &(0x7f00000000c0), &(0x7f0000000140)=<r4=>0x0)
r5 = memfd_secret(0x0)
ftruncate(r5, 0x3)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, 0x0, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x302, 0x0, 0x0, {0x2, 0x0, 0x5}}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x4}]}]}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}}], {0x14}}, 0x110}}, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb5, &(0x7f00000002c0), &(0x7f0000000080)=0x4)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000002, 0x11, r5, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4a, 0x0, 0xffffffffffffff9c, 0x0, 0x0})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendmsg$ETHTOOL_MSG_FEATURES_SET-mknodat$null-socket$nl_xfrm-sendmsg$nl_xfrm-unshare-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_PORT_GET-syz_open_dev$usbmon-mmap-syz_open_procfs$userns-syz_open_procfs$userns-munmap-syz_open_dev$evdev-prctl$PR_SCHED_CORE-sched_setaffinity-openat$hwrng-preadv-execve-syz_emit_ethernet-socket$inet6_sctp-syz_usb_connect$hid-syz_emit_ethernet-openat$uhid-pwritev2-write$sequencer-write$UHID_CREATE-readv-openat$qat_adf_ctl-ioctl$IOCTL_STOP_ACCEL_DEV
detailed listing:
executing program 0:
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x0, 0x4}, {@in=@loopback, 0x0, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3}, {0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x8, {0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0xe}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x0)
unshare(0x2c020400)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1405, 0x131, 0x0, 0x0, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540))
syz_open_procfs$userns(0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "2b23ca5ed9707954c7310801"}}}}}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev, @multicast1, @random="e374636d35dc", @multicast1}}}}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev2(r3, &(0x7f0000000600), 0x0, 0x0, 0xffff, 0x0)
write$sequencer(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000001040))

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setsockopt$inet6_tcp_TCP_MD5SIG-openat$vmci-ioctl$IOCTL_VMCI_VERSION2-ioctl$IOCTL_VMCI_INIT_CONTEXT-ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC-ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA-add_key$keyring-add_key$user-gettid-socket$nl_generic-syz_emit_ethernet-sendmsg-openat$sndseq-open-mmap-fallocate-write$cgroup_subtree-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io$hid-close_range-read-tkill-keyctl$clear-add_key$user-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_NEW-socket$nl_netfilter-sendmsg$IPCTNL_MSG_CT_NEW
detailed listing:
executing program 0:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)={@in, 0x0, 0x0, 0x0, 0x0, "f55f817bc06c88f47480ab5a58b45baf660401c8bc69351dac1f1747678b1958be4f737c06ed8b91cfcb18062bc5832e880319bf07279cd8bb654dd3911a359dbee08f634402630b53fa8ce128836865"}, 0xd8)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000040)={{@my=0x1}, 0xfffffffffffffeec})
r1 = add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)
gettid()
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaa07000000cd60e400ff0038"], 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f86dd", 0x5ea}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
tkill(0x0, 0x0)
keyctl$clear(0x7, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000200)='C', 0x1, r1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800900"], 0x48}}, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 1m40s
testing program (duration=1m47s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 29, 29, 29, 26, 27, 27, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 26, 27, 29, 28, 29, 29, 29, 29, 29, 26, 27, 28]
detailed listing:
executing program 1:
socket$inet(0x2, 0x0, 0x4)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000a40)=@raw={'raw\x00', 0x4001, 0x3, 0x360, 0x0, 0x0, 0x148, 0x0, 0x148, 0x2c8, 0x240, 0x240, 0x2c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @dev={0xac, 0x14, 0x14, 0x38}, 0xff, 0xffffffff, 'veth1\x00', 'ip6gretap0\x00', {0xff}, {}, 0x5e, 0x1, 0x12}, 0x0, 0x198, 0x1f8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}, @common=@addrtype={{0x30}, {0x0, 0x800}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{}, {0xffffffffffffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x6, 0x5, 0x2, 0x0, 0x4], 0x1, 0x6}, {0x0, [0x4, 0x1, 0x0, 0x7, 0x6, 0x2], 0x1, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c0)
quotactl$Q_QUOTAON(0xffffffff80000102, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
mkdir(0x0, 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f0000000080)='./file0\x00', 0x10)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749})
epoll_create(0x3)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f00000003c0)=[{&(0x7f0000019b40)=""/102397, 0x18ffd}, {&(0x7f0000000180)=""/61, 0x3d}], 0x2, 0x0, 0xa)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298)
memfd_create(0x0, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
r6 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$apparmor_exec(r6, &(0x7f00000001c0)={'exec ', ':\x00~\x14-\x90\x14\x05\x00\x8fQhj\x1b\x04\xe5\x8d\xa1\xc2\xaa-\xc7gD#\x03\x1c\xee\xaa\xdd\x80\x9e/\x19{S\x15\xfe\xbaO\xae\xa1z,\xde-\x8fKN\x86g\x9b\xe4\xfe\xae/\x90\xd8^O\x86\x81\x84\xabq\xeb\x8b;F\xe9\xee\xc8\xd1\xb4Q\x05\x14\xe7\xa9c(0D7[\xccB\xe1Y\x99\x05\xae\xba\x00\xc4\b1\x84\xd6\b\xb0\xf0\x9a\x98\x85;\xffUq9:\xaf\xa2\x83\x88d\xc0\xe5\xcfF\x144}\x02\xb9\xb1\x85\x7fx\xe6\'\x8c\x898\'ej\xde;+\n1\xd4\x15\xf9Q\xacw\xcfS\xed\x80\fkt\xed\xdb|\x10\xbd\xbe\xf1\x94\x99\xe1?\x10\xda\xc7\xed['}, 0xb0)
r7 = creat(&(0x7f0000000040)='./file0\x00', 0xecf86c37d53048c3)
close(r7)
execve(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000060000002000018014000200766574683100000000000000000000000800030004000000c2cd8a381b8aaf64475e102dd6349d054352236bad4a87be9af8e5461107a7077977056dc58484214e20deb0b2d2f4fe639421804b84074e1bbc4548c669928e27a064001c11fc8af5c815463e4fddef90cba2ab66bbe01ce8d57b478fab720014518981c7adea69e8db95d41e97bd0e2b4c648554445b243bbb5c8e8abe0351faa72390e47a"], 0x34}, 0x1, 0x0, 0x0, 0x4040844}, 0x8000)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x6, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
r4 = userfaultfd(0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/address_bits', 0x0, 0x0)
lseek(r5, 0x7fb, 0x1)
ioctl$UFFDIO_API(r4, 0xc018aa3f, 0x0)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000200)=0xa1)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$BINDER_GET_EXTENDED_ERROR(0xffffffffffffffff, 0xc00c6211, &(0x7f0000000080))
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
io_setup(0xeb0, &(0x7f0000000140)=<r6=>0x0)
r7 = socket$xdp(0x2c, 0x3, 0x0)
io_submit(r6, 0x1, &(0x7f0000001780)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}])
io_cancel(r6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d00)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}]}, 0xac}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
executing program 4:
socket$nl_netfilter(0x10, 0x3, 0xc)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, @val=@iter={0x0}}, 0x40)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x22ac81)
r2 = dup3(r0, r1, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000100)={&(0x7f0000000040)=[0x0, 0x0], 0x2, 0x2})
ioctl$MON_IOCG_STATS(r2, 0xc0109207, &(0x7f00000001c0))
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00')
mlockall(0x0)
fstat(r3, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201010200000040da074d1048e5000203010902"], &(0x7f0000000440)={0x0, 0x0, 0x1d, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00'], 0x1555571d})
socket(0x10, 0x3, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000140)={{0x1}, &(0x7f0000000040), &(0x7f0000000100)='%-5lx  \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='udp_fail_queue_rcv_skb\x00', r3}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000480)={[0xfffffffffffffffd]}, 0x0, 0x8)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
fadvise64(r4, 0x0, 0x0, 0x3)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000080)=0x477e, 0x25)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$sock_int(r5, 0x1, 0x2f, &(0x7f0000000300)=0x7c, 0x4)
recvmmsg(r5, &(0x7f00000091c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000007640)=""/23, 0x17}}], 0x1, 0x45833af92e4b39ff, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
executing program 1:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/sysvipc/sem\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, 0x48)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc)
preadv(r0, &(0x7f00000012c0)=[{&(0x7f0000001800)=""/250, 0xfa}, {&(0x7f0000000000)=""/183, 0xb7}, {&(0x7f0000001500)=""/208, 0xd0}, {&(0x7f00000010c0)=""/42, 0x2a}, {0x0}, {0x0}], 0x6, 0x4, 0x0)
semget$private(0x0, 0x6, 0x14b)
read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="040e0501460c1f00c7f641737da8c5df97e629d54f8eef8f4b4c287248623393943b5ba71f4c252077dee7cda5f191af639f6bc9ccce6307303924e47e62deed5d1bb5921eea00000c30f73971da9388b9ec29139dedf9d61d113d31eeef342c9d"], 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700), 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001780)={0x8, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018200000", @ANYRES32=r3, @ANYBLOB="00000000e70b00000000000000000008"], &(0x7f00000005c0)='GPL\x00', 0x2, 0x1000, &(0x7f0000000780)=""/4096}, 0x90)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_LEDBIT(r4, 0x40045569, 0x0)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x11)
ioctl$UI_SET_LEDBIT(r4, 0x40045569, 0x4)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000100)={{0x0, 0x0, 0x4000}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_DESTROY(r4, 0x5502)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, 0x0, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, 0x0)
io_submit(0x0, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 4:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)
executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xe, 0xc, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xd}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000540)='GPL\x00', 0x6, 0xfb, &(0x7f0000000580)=""/251, 0x40f00, 0x4, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x0, 0x4}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0x10, 0x8, 0xfffffffc}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=[0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1], 0x0, 0x10, 0x101}, 0x90)
ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f0000000800)=r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x64, 0x65, 0x0, 0x10000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}}, [@TCA_RATE={0x6, 0x5, {0xf6, 0x5}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6, 0x25, 0xfffe}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}]}, 0x64}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x11, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0xc, 0xffff, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000240), 0x20000000}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r2, &(0x7f0000000140), &(0x7f0000000240)=""/101}, 0x20)
r3 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_COPY(r4, 0x3b83, &(0x7f0000000100)={0x28, 0x4, r5, r7, 0x5, 0xa05, 0x1ff})
ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000380)={"740e00", 0x0, 0x6, 0x2, 0x0, 0x0, '\x00', "000000f5", '\x00\x00\x00N', "10004800", ["efc1c7c5ffff7fefff650306", "00431943860000ec0000bdff", "345e417e7fffff31fff200", "0000201b0000000000000f00"]})
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x54}}, 0x0)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r9, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
setsockopt$SO_TIMESTAMP(r9, 0x1, 0x3f, &(0x7f0000000040)=0xc, 0x4)
recvmmsg(r9, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f0000000380)=""/252, 0xfc}], 0x1, &(0x7f0000001e40)=""/23, 0x17}}], 0x1, 0x0, 0x0)
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
sendfile(r10, r10, 0x0, 0x5)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r10, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r10, 0xc004500a, &(0x7f0000000300)=0x2)
sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0xfffffffffffffe3a, 0x0, 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
executing program 2:
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89001)
prlimit64(0x0, 0xe, &(0x7f0000000140), 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000))
r1 = io_uring_setup(0x0, &(0x7f0000000400)={0x0, 0x0, 0x4, 0x1, 0x63})
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
close(r2)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae})
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000000)={0x0, 0x0, 0xd4a4})
fcntl$lock(r2, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r4, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000002c0)=@assoc_value, &(0x7f00000000c0)=0x8)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000140)={'virt_wifi0\x00', 0x1})
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000000)={'virt_wifi0\x00'})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x5, &(0x7f0000000300)=[{0x45, 0x0, 0x2}, {}, {0x4}, {}, {0x6, 0x0, 0x0, 0x1}]})
syz_open_dev$vcsn(&(0x7f0000000000), 0x1ff, 0x800002)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
close_range(r1, 0xffffffffffffffff, 0x0)
executing program 1:
syz_usb_connect$uac1(0x0, 0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000086b1d00004000010203010902780003010000000904000000010100000a2401000000020000000080000001008e78"], 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$pfkey(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, 0x0, &(0x7f0000000200))
socket$inet6(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='net/ip6_tables_names\x00')
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x200000100000011, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
pipe(&(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2c, 0x803, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r3, @ANYRES64=r3])
executing program 3:
socket$alg(0x26, 0x5, 0x0)
fsopen(&(0x7f00000003c0)='ext3\x00', 0x0)
r0 = syz_usbip_server_init(0x3)
socket$l2tp6(0xa, 0x2, 0x73)
write(r0, &(0x7f0000000f40)="b410a1e8252ce0a1a3be3d593e8bf96f9615aea940ed08d314cbc50631fb02a0647a3c2ed4c85c8eef57d078ec90823a", 0x30)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
mbind(&(0x7f0000596000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3)
msgget$private(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, &(0x7f0000000100)={0x89, 0x58, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @ra, @generic={0x0, 0x2b5, "9863c97f84286bc183d18a82e6c7d8e260cde17794c34480237e706e6127fb1a7267eaff3648c07b2ac159db1a0c472bcb97c32eabaabcaac9f0c4bb88c94c3e97c1188ac8316abcc92798d57d8c43b31c2a4a98255358300b5fd305c44adf10d92d01a03d454ea85ab429f66b13bec1d6582863847f7ba32c3e072922afb8a8e4e834579d2e866a77d5717eb849ff50503018c1bdd17f4cce8609a430bcf0b58b01eb1db4992c1178f578b7c7964963db61354e6fb0c5cbf5b9b1b25994e9e31569de57dab3001b4c2b73deae5f4f6fe9e295c6b754fe0bd275ef9201a7b9adbc8f269c60f73964da18f4738bfd76bfb30075a6082f8645802a5ee99d99419e0670111cb1d5bba22122a808c54fe07bb4509edbf3415d58f482de57a338e33474ffb8cc645822106170323955e613759e953b0250b14591b423117f21b18d2dabca8a45353fc579267e3caa888d4bd3014ce856bd334e6c9563525847c950e91aee39b919760b7d2ec9477068539d31f288a70d70c57ea1c63b09b99ca8a55bdb85eff7a44e66050cf7528728a788121a8e52bde52b9635bd0bbbaf73c4477f92a87b01e975aadb83784adf26725e00d80d28b6913dc803b1d87ec5102197057babfa931cd0d3c9a9da6395e0a49b3a5d2e9d0955a952950b24bbfc26cc2d568766affb569ff0967d098dd37703138af90dac3aed4526a7e97adc0568653830e4fd34a6def7bfb7a3b1444f1c1e102cbbc631238ac16983682fddcd44cd1bc8a8c264ba5bf49bc49c8e99af0e353cba8698803fa7dbcaecc7bbab9f9712b0266da0302289eb7b03e5d40f5651bee25edd861a25182eac31ea7b64fb6a0b38e336cacc6d7f29f5d23e20e6381f1facb1b6fc65cd7c5df72efb9f37a997636e1098dc87dd553041a8621f1723c6e4d370f29eb39ba160f830f6d1b2da5074e51fd332181aef4fe75f5c55e0383cb67763a9dd40a054"}]}, 0x2c8)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_ts_info})
r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000000)='cpu.stat\x00', 0x300, 0x0)
read$FUSE(r6, &(0x7f000001aa80)={0x2020}, 0x2020)
syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="120100002ba7b040480b03200174000000010902120001000000000904"], 0x0)
executing program 2:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=@delchain={0xb4, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_bpf={{0x8}, {0x68, 0x2, [@TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_OPS={{0x6, 0x4, 0x7}, {0x3c, 0x5, [{}, {}, {}, {}, {}, {}, {}]}}, @TCA_BPF_FLAGS={0x8}]}}, @TCA_RATE={0x6}, @filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x0, 0x2}}]}}]}, 0xb4}}, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000140)="2a6964b6e862bbb7ace52f4024afa4a037aa7a2c42a917c9800a8355448b1022eb5829e387283555dbf20602b0befa124cf1", 0x32}], 0x1, 0x0, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
syz_emit_ethernet(0x11, &(0x7f00000002c0)={@remote, @random="6b8e22dbf1a0", @void, {@llc_tr={0x11, {@llc={0x0, 0x0, "bf"}}}}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r6, 0x0)
r7 = dup(r5)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r10, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
listen(r10, 0x0)
syz_emit_ethernet(0x86, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp={0x44, 0x10, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x15, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}, @md5sig={0x13, 0x12, "c851616c0500cb080000000000e79490"}, @sack={0x5, 0xa, [0x0, 0x0]}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}, @mptcp=@capable={0x1e, 0xc}]}}}}}}}, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
sendmsg$NL80211_CMD_SET_BSS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000606375a857db40d41204b810f7a567d541ff676d498a0f1112d88dc37b045efdee26dd1e7b988d0bf2b4843f45abec9eff072f4441e7f07a2b3c569e69f0fd03189c9dc4cb6bb4c01442f387f0372094ce9cf50c59bf1abab0fd0b0254898f4a470c329eafa76acffdaba9010cae839c06fe3e9fc05bf7149c3d01000080a21b4e023eeb657d9d1610f959960361119827b16e947a8879219eb2a5782503d3044211e43567d08f86106c83da3d53e2954037305cbffe242ab85a00"/204, @ANYRES16=r2, @ANYBLOB="010000000000000000001900000008000300", @ANYRES32=r3, @ANYBLOB="0500a20000000000050060003100000006006d0000000000"], 0x34}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x0, 0x9, 0x0, 0x1}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33)
r3 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1)
ioctl$USBDEVFS_CONTROL(r3, 0x8008551d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000800000000000000007008018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7060000190000008500000005000000bc0900000000000035090100000900009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff000000002f8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc70200000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000003f9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0xd000})
write(r2, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000500090002000000", 0x24)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f00000000c0)={0x1d, r8}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=@mpls_newroute={0x154, 0x18, 0x400, 0x70bd2c, 0x25dfdbfe, {0x1c, 0x14, 0x0, 0xfc, 0xff, 0x3, 0xc8, 0xa, 0x800}, [@RTA_DST={0x8, 0x1, {0x8}}, @RTA_DST={0x8, 0x1, {0xe79}}, @RTA_DST={0x8, 0x1, {0x2, 0x0, 0x1}}, @RTA_NEWDST={0x84, 0x13, [{0x9}, {0x8000, 0x0, 0x1}, {0x84a}, {0x0, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x1b1e, 0x0, 0x1}, {0x6}, {0x6}, {0x1}, {0x2, 0x0, 0x1}, {0x715}, {0x2, 0x0, 0x1}, {0x40, 0x0, 0x1}, {0x8}, {0x200, 0x0, 0x1}, {0x7}, {0xeb, 0x0, 0x1}, {0x200, 0x0, 0x1}, {0x80, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x3f, 0x0, 0x1}, {0x9}, {0xe7}, {0x8}, {0xff, 0x0, 0x1}, {0x9}, {0x9, 0x0, 0x1}, {0x4, 0x0, 0x1}, {}, {0xffcc0, 0x0, 0x1}, {}, {0x2}]}, @RTA_MULTIPATH={0xc, 0x9, {0x2, 0x10, 0xff, r8}}, @RTA_MULTIPATH={0xc, 0x9, {0x1, 0x2d, 0x7, r8}}, @RTA_NEWDST={0x84, 0x13, [{0x363}, {0x1f, 0x0, 0x1}, {0xffff}, {0x8}, {0x60, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0xffff, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x1f, 0x0, 0x1}, {0x2e79c}, {0x5}, {0x4, 0x0, 0x1}, {0x5}, {0x5, 0x0, 0x1}, {0x2}, {0x6, 0x0, 0x1}, {0x7f, 0x0, 0x1}, {0x8001, 0x0, 0x1}, {0x7, 0x0, 0x1}, {0x9}, {0x7}, {0x8}, {0x9, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x1000, 0x0, 0x1}, {0x1}, {0x7, 0x0, 0x1}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x1)
setsockopt$CAN_RAW_FILTER(r7, 0x65, 0x1, 0x0, 0x0)
close(r7)
fcntl$lock(r6, 0xb73a099a2ea7f93d, &(0x7f0000000380)={0x1})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x2d}]})
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r10, 0x0, &(0x7f0000000000))
executing program 2:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430)
syz_extract_tcp_res(&(0x7f00000002c0), 0xec, 0x9)
syz_emit_ethernet(0xa5, &(0x7f00000003c0)={@local, @local, @val={@void, {0x8100, 0x2, 0x0, 0x3}}, {@generic={0x806, "b4c2f82f6b4d412848b6e8a0b0a5a6c454f7c7a9d211a797a922609e1891aca4f450d136017a6ef7547ac617511a19ecd82106fb420bde6ed8b06b4d372013b33a1aa21e2d88add77895380c7024f173fcf9747744d023017a3bfb79e0dc41d00b6d0ef3306cf9bbef154ae9843e6399bcc12453d82e5c441f66e94d7ef05420fcb5c7cd816093adadd215aa4dcec313da001c"}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x1c}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/pm_trace', 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='-'], 0x28)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x2, 0x18}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x330)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0xffff, 0x2, @empty}, 0x1c)
sendmsg(r6, &(0x7f00000000c0)={0x0, 0x952c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
executing program 3:
ioprio_set$pid(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x0, 0x0, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='ext4_sync_fs\x00', r1}, 0x10)
listen(0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0x3, 0x2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001780)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x0}}, 0x10)
setsockopt$inet6_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x6, 0x4)
listen(r3, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
accept(r2, 0x0, 0x0)
openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$KDGKBMETA(r6, 0x4b62, &(0x7f0000000040))
executing program 1:
socket$inet_udp(0x2, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000000)={0xffffffff, 0x0, 0x0, 0x20002, 0x0, "af99799d517effffffb429cdb400007b2364ee"})
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x82, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
write$apparmor_exec(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="737461636b200d381cd2a12f2f"], 0xf)
read$FUSE(r0, &(0x7f0000003a80)={0x2020, 0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
quotactl_fd$Q_QUOTAOFF(0xffffffffffffffff, 0xffffffff80000302, r5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="bc00000010000104000000000000000000480000", @ANYRES32=r6, @ANYRES32=r6], 0xbc}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
syz_usb_connect(0x0, 0x34, &(0x7f0000000800)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb90500000001090222000100000000090400000101035100090502fffffffff000072501"], 0x0)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000180)={r6, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x1f94, 0x60000000, 0x3, 0x201, r0, 0x3, '\x00', 0x0, r0, 0x3, 0x4, 0x4, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000004000004f16cab22fafae71b8db4a6aa69904840fc4f542018b6fd589b6bf13c97cd7d025b9b9ed7ab14b29fd41804c8edbafc67cc430819e3919ed83c62b6b0dde9716a0e30117bca5d416762545a19e29edb06b51c6e05278b983fafbb183c038d3c9505ea18bd2842e5c0c1172c9c325bec3400e99e02953853bf93d952d94a1bcd59abf5eaf01634e719c32a33d5faab371fb6013b359e5015f57d304cf07364ee120fa6050e1b0703a65521599673d584f237a48bf6ef54e079f22562c444bf4b73686994463a0234010462f303ae9606f6eadb995d3c09c22d980b4e5eeac6d7e9667fd375a16ad335cf9f", @ANYRESHEX=r4], &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000f0d6166b00e7e4810cf02d8347ae8edafdf14d56273b7f49a2c10a88986d", @ANYRES32=r7, @ANYRES8=r4], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = syz_usb_connect$hid(0x0, 0x49, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040341d0a000000000000010902240041000000897dde4e32b118000904000001030000810300"/54], 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x0}, 0x90)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @mcast2}]}, 0x40}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_int(r7, 0x0, 0x5, &(0x7f0000000080), &(0x7f00000000c0)=0x1)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
epoll_create1(0x0)
syz_io_uring_setup(0x24b5, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f00000000c0))
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', <r10=>0x0})
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r11, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r11, 0x6, 0x1d, &(0x7f0000000200)={0x7}, 0x14)
setsockopt$inet_mreqn(r11, 0x0, 0x23, &(0x7f0000000280)={@local, @private=0xa010100, r10}, 0xc)
r12 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r12, &(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r12, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4)
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x154, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x124, 0x2, [@TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0xff}}, @TCA_CHOKE_STAB={0x104, 0x2, "1c95bd4b9c04426eb8a43474272d3434102d35adc1ec12d283c667bb67e7f293578badf2de49d727edd6c008c3c1237f3981d2ff03c3cf6610f4d8750c753db39d65c5a7536e80ed76ae9ed3b5d57ca70834f5e2a6a9370231ddcf322a5d7ed490aed58d32c97a3146cb72cf6c05ad7242994bc37d418cc32c2ac7327fd983f9272167a5f5f032026a80149f3e27ab01eee310bb51c6a2e90eb792fcbd7e96043029a3d7d5f413799dae909b153164b87759ceaa68cc73a4e8b26884eed5d25ae4eea9c631d303239aa4c05c516b260a023ebf5f9e1ddd1b1456d3252514347abf6967e933b2b6dfe9eeeaabc343f9d0c4e8c723a0b78390ce073e8cee3d7240"}]}}]}, 0x154}}, 0x0)
r13 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r13, 0x1, 0x25, &(0x7f0000000200)=0x7b35, 0x4)
sendto$inet6(r13, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c)
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, 0x0, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r4=>0x0)
io_submit(r4, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000180))
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f00000101c0)={@my=0x1})
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x6a0401)
unshare(0x20040400)
creat(&(0x7f0000000040)='./file0\x00', 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x10005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x3, 0x30}, 0xc)
sendto$inet(r3, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000280)='p', 0x1, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r4, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9901c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c4947987748ab21a48aef3", 0xfd1, 0xfff, 0x0)
mq_timedreceive(r4, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000001600)=@raw={'raw\x00', 0x4001, 0x3, 0x1e8, 0x0, 0xb, 0x148, 0xc0, 0x148, 0x150, 0x242, 0x240, 0x150, 0x215, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'geneve1\x00', 'ipvlan0\x00'}, 0x0, 0x98, 0xc0, 0x0, {0xff0f000000000000}, [@common=@icmp={{0x28}, {0x3, "4911"}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x16}, @broadcast, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'caif0\x00', {0xff}, {}, 0x2f, 0x1, 0x42}, 0xec010000, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000400)={0x0})
executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x18, 0x0, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x803, 0x0)
write$binfmt_script(r3, 0x0, 0xfffffe5d)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r4)
r5 = socket(0xa, 0x1, 0x0)
close(r5)
sendmmsg$inet_sctp(r5, &(0x7f00000019c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000802000000000000000000000000000000000000004b1fa6ac"], 0x30}], 0x1, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYRESDEC], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r6, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c884}, 0x0)
socket(0x10, 0x803, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r7, 0x29, 0x33, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r8, 0x407, 0x10005)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)
executing program 2:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)={@in, 0x0, 0x0, 0x0, 0x0, "f55f817bc06c88f47480ab5a58b45baf660401c8bc69351dac1f1747678b1958be4f737c06ed8b91cfcb18062bc5832e880319bf07279cd8bb654dd3911a359dbee08f634402630b53fa8ce128836865"}, 0xd8)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000040)={{@my=0x1}, 0xfffffffffffffeec})
r1 = add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)
gettid()
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaa07000000cd60e400ff0038"], 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f86dd", 0x5ea}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
tkill(0x0, 0x0)
keyctl$clear(0x7, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000200)='C', 0x1, r1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800900"], 0x48}}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
close(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ff41000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x14, r8, 0xc99752fbd6bf8f05, 0x0, 0x0, {0x4e}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x100, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000080)
unshare(0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x20, 0x3b, 0x9, 0x0, 0x0, {0x4}, [@typed={0x4}, @nested={0x8, 0xa, 0x0, 0x1, [@generic="4efeecac"]}]}, 0x20}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
executing program 3:
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x0, 0x4}, {@in=@loopback, 0x0, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3}, {0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x8, {0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0xe}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x0)
unshare(0x2c020400)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1405, 0x131, 0x0, 0x0, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540))
syz_open_procfs$userns(0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "2b23ca5ed9707954c7310801"}}}}}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev, @multicast1, @random="e374636d35dc", @multicast1}}}}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev2(r3, &(0x7f0000000600), 0x0, 0x0, 0xffff, 0x0)
write$sequencer(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000001040))
executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x500}, {}]}})
sendmsg$key(r0, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="02060000020000e50000000000000000"], 0x10}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="c9935f2bb8007f35e9836832e07e9b571d838b29621252ce5f8cf8388f1840b1442957c8f4e8d4492900dd9645d88454b74a36ebf3b8a4a634f733317480fabd1d833e4d47098b7a74f12149d1bb3ae19d91a12013a417567f187239c3940d5f89c391eb220a9b61d2bf04b5323b079caf3c19d098bf232a4796f0ec7bb8c10474f2eea0199e09363a0ed00dd3e9f759c20ea320feb7e6911d81", @ANYRES16=r3, @ANYBLOB="0500ffffffff000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000b00000060000000cf000e0080000000080211000001080211000001505050505050000000000000000000006400000000060101010101010301010602070005750000007adc21b58f24e0ee963a73f337a51c30819317c95b2bb6a0a870aae8a88f528ea67e7bc956aced2f3c31f8e7c0473cbe05a641f71c705c076ca4b8677b270519a4970295d3adbba2ed2c6f98ee5e162c7f0cb8b5c0c05ba5e5edfe8d13eddef3995dfe1eb15498eb2b1a88ed94412d4af59625030084042a0100720603030303030371070000000000005876060000000000000004000f00080026006c09000008000c006400000004000501"], 0x110}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r4)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000dc159217e6e2ec00", @ANYRES16=r5, @ANYBLOB="0106000000000000000045000000"], 0x14}, 0x1, 0x0, 0x0, 0x20044004}, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140))
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x7ff}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r7}, 0x38)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000100), &(0x7f00000001c0)=0xffffffffffffff66)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
r10 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r11=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x85, 0x0, &(0x7f0000000540))
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000005c0)=@assoc_id=r11, 0x4)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000600)={0x4})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
executing program 1:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x24f9, &(0x7f0000002ec0), &(0x7f00000000c0), &(0x7f0000000140)=<r4=>0x0)
r5 = memfd_secret(0x0)
ftruncate(r5, 0x3)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, 0x0, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x302, 0x0, 0x0, {0x2, 0x0, 0x5}}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x4}]}]}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}}], {0x14}}, 0x110}}, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb5, &(0x7f00000002c0), &(0x7f0000000080)=0x4)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000002, 0x11, r5, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4a, 0x0, 0xffffffffffffff9c, 0x0, 0x0})
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 0:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
bisect: bisecting 30 programs
bisect: split chunks (needed=false): <30>
bisect: split chunk #0 of len 30 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=1m45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 29, 29, 29, 29, 29, 29, 29, 26, 27, 29, 28, 29, 29, 29, 29, 29, 26, 27, 28]
detailed listing:
executing program 1:
syz_usb_connect$uac1(0x0, 0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000086b1d00004000010203010902780003010000000904000000010100000a2401000000020000000080000001008e78"], 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$pfkey(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, 0x0, &(0x7f0000000200))
socket$inet6(0xa, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='net/ip6_tables_names\x00')
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x200000100000011, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
pipe(&(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2c, 0x803, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000040)=ANY=[@ANYRES64=r3, @ANYRES64=r3])
executing program 3:
socket$alg(0x26, 0x5, 0x0)
fsopen(&(0x7f00000003c0)='ext3\x00', 0x0)
r0 = syz_usbip_server_init(0x3)
socket$l2tp6(0xa, 0x2, 0x73)
write(r0, &(0x7f0000000f40)="b410a1e8252ce0a1a3be3d593e8bf96f9615aea940ed08d314cbc50631fb02a0647a3c2ed4c85c8eef57d078ec90823a", 0x30)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
mbind(&(0x7f0000596000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x3)
msgget$private(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, &(0x7f0000000100)={0x89, 0x58, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @ra, @generic={0x0, 0x2b5, "9863c97f84286bc183d18a82e6c7d8e260cde17794c34480237e706e6127fb1a7267eaff3648c07b2ac159db1a0c472bcb97c32eabaabcaac9f0c4bb88c94c3e97c1188ac8316abcc92798d57d8c43b31c2a4a98255358300b5fd305c44adf10d92d01a03d454ea85ab429f66b13bec1d6582863847f7ba32c3e072922afb8a8e4e834579d2e866a77d5717eb849ff50503018c1bdd17f4cce8609a430bcf0b58b01eb1db4992c1178f578b7c7964963db61354e6fb0c5cbf5b9b1b25994e9e31569de57dab3001b4c2b73deae5f4f6fe9e295c6b754fe0bd275ef9201a7b9adbc8f269c60f73964da18f4738bfd76bfb30075a6082f8645802a5ee99d99419e0670111cb1d5bba22122a808c54fe07bb4509edbf3415d58f482de57a338e33474ffb8cc645822106170323955e613759e953b0250b14591b423117f21b18d2dabca8a45353fc579267e3caa888d4bd3014ce856bd334e6c9563525847c950e91aee39b919760b7d2ec9477068539d31f288a70d70c57ea1c63b09b99ca8a55bdb85eff7a44e66050cf7528728a788121a8e52bde52b9635bd0bbbaf73c4477f92a87b01e975aadb83784adf26725e00d80d28b6913dc803b1d87ec5102197057babfa931cd0d3c9a9da6395e0a49b3a5d2e9d0955a952950b24bbfc26cc2d568766affb569ff0967d098dd37703138af90dac3aed4526a7e97adc0568653830e4fd34a6def7bfb7a3b1444f1c1e102cbbc631238ac16983682fddcd44cd1bc8a8c264ba5bf49bc49c8e99af0e353cba8698803fa7dbcaecc7bbab9f9712b0266da0302289eb7b03e5d40f5651bee25edd861a25182eac31ea7b64fb6a0b38e336cacc6d7f29f5d23e20e6381f1facb1b6fc65cd7c5df72efb9f37a997636e1098dc87dd553041a8621f1723c6e4d370f29eb39ba160f830f6d1b2da5074e51fd332181aef4fe75f5c55e0383cb67763a9dd40a054"}]}, 0x2c8)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_ts_info})
r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000000)='cpu.stat\x00', 0x300, 0x0)
read$FUSE(r6, &(0x7f000001aa80)={0x2020}, 0x2020)
syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="120100002ba7b040480b03200174000000010902120001000000000904"], 0x0)
executing program 2:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=@delchain={0xb4, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_bpf={{0x8}, {0x68, 0x2, [@TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_OPS={{0x6, 0x4, 0x7}, {0x3c, 0x5, [{}, {}, {}, {}, {}, {}, {}]}}, @TCA_BPF_FLAGS={0x8}]}}, @TCA_RATE={0x6}, @filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x0, 0x2}}]}}]}, 0xb4}}, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000140)="2a6964b6e862bbb7ace52f4024afa4a037aa7a2c42a917c9800a8355448b1022eb5829e387283555dbf20602b0befa124cf1", 0x32}], 0x1, 0x0, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
syz_emit_ethernet(0x11, &(0x7f00000002c0)={@remote, @random="6b8e22dbf1a0", @void, {@llc_tr={0x11, {@llc={0x0, 0x0, "bf"}}}}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r6, 0x0)
r7 = dup(r5)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r10, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
listen(r10, 0x0)
syz_emit_ethernet(0x86, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@timestamp={0x44, 0x10, 0xa, 0x0, 0x0, [0x0, 0x0, 0x0]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x15, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3}, @md5sig={0x13, 0x12, "c851616c0500cb080000000000e79490"}, @sack={0x5, 0xa, [0x0, 0x0]}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}, @mptcp=@capable={0x1e, 0xc}]}}}}}}}, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
sendmsg$NL80211_CMD_SET_BSS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)=ANY=[@ANYBLOB="00000000606375a857db40d41204b810f7a567d541ff676d498a0f1112d88dc37b045efdee26dd1e7b988d0bf2b4843f45abec9eff072f4441e7f07a2b3c569e69f0fd03189c9dc4cb6bb4c01442f387f0372094ce9cf50c59bf1abab0fd0b0254898f4a470c329eafa76acffdaba9010cae839c06fe3e9fc05bf7149c3d01000080a21b4e023eeb657d9d1610f959960361119827b16e947a8879219eb2a5782503d3044211e43567d08f86106c83da3d53e2954037305cbffe242ab85a00"/204, @ANYRES16=r2, @ANYBLOB="010000000000000000001900000008000300", @ANYRES32=r3, @ANYBLOB="0500a20000000000050060003100000006006d0000000000"], 0x34}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x0, 0x9, 0x0, 0x1}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='netlink_extack\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33)
r3 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1)
ioctl$USBDEVFS_CONTROL(r3, 0x8008551d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000800000000000000007008018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7060000190000008500000005000000bc0900000000000035090100000900009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff000000002f8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffc70200000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff760000003f9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0xd000})
write(r2, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000500090002000000", 0x24)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r8=>0x0})
bind$can_raw(r7, &(0x7f00000000c0)={0x1d, r8}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=@mpls_newroute={0x154, 0x18, 0x400, 0x70bd2c, 0x25dfdbfe, {0x1c, 0x14, 0x0, 0xfc, 0xff, 0x3, 0xc8, 0xa, 0x800}, [@RTA_DST={0x8, 0x1, {0x8}}, @RTA_DST={0x8, 0x1, {0xe79}}, @RTA_DST={0x8, 0x1, {0x2, 0x0, 0x1}}, @RTA_NEWDST={0x84, 0x13, [{0x9}, {0x8000, 0x0, 0x1}, {0x84a}, {0x0, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x1b1e, 0x0, 0x1}, {0x6}, {0x6}, {0x1}, {0x2, 0x0, 0x1}, {0x715}, {0x2, 0x0, 0x1}, {0x40, 0x0, 0x1}, {0x8}, {0x200, 0x0, 0x1}, {0x7}, {0xeb, 0x0, 0x1}, {0x200, 0x0, 0x1}, {0x80, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x3f, 0x0, 0x1}, {0x9}, {0xe7}, {0x8}, {0xff, 0x0, 0x1}, {0x9}, {0x9, 0x0, 0x1}, {0x4, 0x0, 0x1}, {}, {0xffcc0, 0x0, 0x1}, {}, {0x2}]}, @RTA_MULTIPATH={0xc, 0x9, {0x2, 0x10, 0xff, r8}}, @RTA_MULTIPATH={0xc, 0x9, {0x1, 0x2d, 0x7, r8}}, @RTA_NEWDST={0x84, 0x13, [{0x363}, {0x1f, 0x0, 0x1}, {0xffff}, {0x8}, {0x60, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0xffff, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x1f, 0x0, 0x1}, {0x2e79c}, {0x5}, {0x4, 0x0, 0x1}, {0x5}, {0x5, 0x0, 0x1}, {0x2}, {0x6, 0x0, 0x1}, {0x7f, 0x0, 0x1}, {0x8001, 0x0, 0x1}, {0x7, 0x0, 0x1}, {0x9}, {0x7}, {0x8}, {0x9, 0x0, 0x1}, {0x8000, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x1000, 0x0, 0x1}, {0x1}, {0x7, 0x0, 0x1}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x1)
setsockopt$CAN_RAW_FILTER(r7, 0x65, 0x1, 0x0, 0x0)
close(r7)
fcntl$lock(r6, 0xb73a099a2ea7f93d, &(0x7f0000000380)={0x1})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x2d}]})
r10 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
fcntl$lock(r10, 0x0, &(0x7f0000000000))
executing program 2:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430)
syz_extract_tcp_res(&(0x7f00000002c0), 0xec, 0x9)
syz_emit_ethernet(0xa5, &(0x7f00000003c0)={@local, @local, @val={@void, {0x8100, 0x2, 0x0, 0x3}}, {@generic={0x806, "b4c2f82f6b4d412848b6e8a0b0a5a6c454f7c7a9d211a797a922609e1891aca4f450d136017a6ef7547ac617511a19ecd82106fb420bde6ed8b06b4d372013b33a1aa21e2d88add77895380c7024f173fcf9747744d023017a3bfb79e0dc41d00b6d0ef3306cf9bbef154ae9843e6399bcc12453d82e5c441f66e94d7ef05420fcb5c7cd816093adadd215aa4dcec313da001c"}}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRESDEC], 0x1c}}, 0x0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/pm_trace', 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000040)=ANY=[@ANYBLOB='-'], 0x28)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x2, 0x18}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x2d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x100, 0x130, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x330)
r6 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0xffff, 0x2, @empty}, 0x1c)
sendmsg(r6, &(0x7f00000000c0)={0x0, 0x952c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
executing program 3:
ioprio_set$pid(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x0, 0x0, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='ext4_sync_fs\x00', r1}, 0x10)
listen(0xffffffffffffffff, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0x3, 0x2)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001780)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8, 0x0, 0x0}}, 0x10)
setsockopt$inet6_tcp_int(r3, 0x6, 0x19, &(0x7f00000001c0)=0x6, 0x4)
listen(r3, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
accept(r2, 0x0, 0x0)
openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$KDGKBMETA(r6, 0x4b62, &(0x7f0000000040))
executing program 1:
socket$inet_udp(0x2, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000000)={0xffffffff, 0x0, 0x0, 0x20002, 0x0, "af99799d517effffffb429cdb400007b2364ee"})
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x82, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
write$apparmor_exec(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="737461636b200d381cd2a12f2f"], 0xf)
read$FUSE(r0, &(0x7f0000003a80)={0x2020, 0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
quotactl_fd$Q_QUOTAOFF(0xffffffffffffffff, 0xffffffff80000302, r5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r6=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="bc00000010000104000000000000000000480000", @ANYRES32=r6, @ANYRES32=r6], 0xbc}, 0x1, 0x0, 0x0, 0x20048090}, 0x0)
syz_usb_connect(0x0, 0x34, &(0x7f0000000800)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb90500000001090222000100000000090400000101035100090502fffffffff000072501"], 0x0)
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000180)={r6, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x1f94, 0x60000000, 0x3, 0x201, r0, 0x3, '\x00', 0x0, r0, 0x3, 0x4, 0x4, 0x4}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000004000004f16cab22fafae71b8db4a6aa69904840fc4f542018b6fd589b6bf13c97cd7d025b9b9ed7ab14b29fd41804c8edbafc67cc430819e3919ed83c62b6b0dde9716a0e30117bca5d416762545a19e29edb06b51c6e05278b983fafbb183c038d3c9505ea18bd2842e5c0c1172c9c325bec3400e99e02953853bf93d952d94a1bcd59abf5eaf01634e719c32a33d5faab371fb6013b359e5015f57d304cf07364ee120fa6050e1b0703a65521599673d584f237a48bf6ef54e079f22562c444bf4b73686994463a0234010462f303ae9606f6eadb995d3c09c22d980b4e5eeac6d7e9667fd375a16ad335cf9f", @ANYRESHEX=r4], &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000f0d6166b00e7e4810cf02d8347ae8edafdf14d56273b7f49a2c10a88986d", @ANYRES32=r7, @ANYRES8=r4], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = syz_usb_connect$hid(0x0, 0x49, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040341d0a000000000000010902240041000000897dde4e32b118000904000001030000810300"/54], 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x0}, 0x90)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_ADDRESS={0x14, 0x1, @mcast2}]}, 0x40}}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_int(r7, 0x0, 0x5, &(0x7f0000000080), &(0x7f00000000c0)=0x1)
bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
epoll_create1(0x0)
syz_io_uring_setup(0x24b5, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f00000000c0))
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', <r10=>0x0})
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r11, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r11, 0x6, 0x1d, &(0x7f0000000200)={0x7}, 0x14)
setsockopt$inet_mreqn(r11, 0x0, 0x23, &(0x7f0000000280)={@local, @private=0xa010100, r10}, 0xc)
r12 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r12, &(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r12, 0x10e, 0x1, &(0x7f0000000040)=0x12, 0x4)
sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x154, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x124, 0x2, [@TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0xff}}, @TCA_CHOKE_STAB={0x104, 0x2, "1c95bd4b9c04426eb8a43474272d3434102d35adc1ec12d283c667bb67e7f293578badf2de49d727edd6c008c3c1237f3981d2ff03c3cf6610f4d8750c753db39d65c5a7536e80ed76ae9ed3b5d57ca70834f5e2a6a9370231ddcf322a5d7ed490aed58d32c97a3146cb72cf6c05ad7242994bc37d418cc32c2ac7327fd983f9272167a5f5f032026a80149f3e27ab01eee310bb51c6a2e90eb792fcbd7e96043029a3d7d5f413799dae909b153164b87759ceaa68cc73a4e8b26884eed5d25ae4eea9c631d303239aa4c05c516b260a023ebf5f9e1ddd1b1456d3252514347abf6967e933b2b6dfe9eeeaabc343f9d0c4e8c723a0b78390ce073e8cee3d7240"}]}}]}, 0x154}}, 0x0)
r13 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r13, 0x1, 0x25, &(0x7f0000000200)=0x7b35, 0x4)
sendto$inet6(r13, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c)
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, 0x0, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r4=>0x0)
io_submit(r4, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}]}, 0x34}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000180))
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f00000101c0)={@my=0x1})
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x6a0401)
unshare(0x20040400)
creat(&(0x7f0000000040)='./file0\x00', 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x10005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x3, 0x30}, 0xc)
sendto$inet(r3, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000280)='p', 0x1, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r4, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9901c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c4947987748ab21a48aef3", 0xfd1, 0xfff, 0x0)
mq_timedreceive(r4, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000001600)=@raw={'raw\x00', 0x4001, 0x3, 0x1e8, 0x0, 0xb, 0x148, 0xc0, 0x148, 0x150, 0x242, 0x240, 0x150, 0x215, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'geneve1\x00', 'ipvlan0\x00'}, 0x0, 0x98, 0xc0, 0x0, {0xff0f000000000000}, [@common=@icmp={{0x28}, {0x3, "4911"}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x16}, @broadcast, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'caif0\x00', {0xff}, {}, 0x2f, 0x1, 0x42}, 0xec010000, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000400)={0x0})
executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x18, 0x0, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x803, 0x0)
write$binfmt_script(r3, 0x0, 0xfffffe5d)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r4)
r5 = socket(0xa, 0x1, 0x0)
close(r5)
sendmmsg$inet_sctp(r5, &(0x7f00000019c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000802000000000000000000000000000000000000004b1fa6ac"], 0x30}], 0x1, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYRESDEC], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r6, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c884}, 0x0)
socket(0x10, 0x803, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r7, 0x29, 0x33, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r8, 0x407, 0x10005)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)
executing program 2:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)={@in, 0x0, 0x0, 0x0, 0x0, "f55f817bc06c88f47480ab5a58b45baf660401c8bc69351dac1f1747678b1958be4f737c06ed8b91cfcb18062bc5832e880319bf07279cd8bb654dd3911a359dbee08f634402630b53fa8ce128836865"}, 0xd8)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000040)={{@my=0x1}, 0xfffffffffffffeec})
r1 = add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)
gettid()
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaa07000000cd60e400ff0038"], 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f86dd", 0x5ea}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
tkill(0x0, 0x0)
keyctl$clear(0x7, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000200)='C', 0x1, r1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800900"], 0x48}}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
close(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ff41000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x14, r8, 0xc99752fbd6bf8f05, 0x0, 0x0, {0x4e}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x100, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000080)
unshare(0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x20, 0x3b, 0x9, 0x0, 0x0, {0x4}, [@typed={0x4}, @nested={0x8, 0xa, 0x0, 0x1, [@generic="4efeecac"]}]}, 0x20}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
executing program 3:
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x0, 0x4}, {@in=@loopback, 0x0, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3}, {0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x8, {0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0xe}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x0)
unshare(0x2c020400)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1405, 0x131, 0x0, 0x0, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540))
syz_open_procfs$userns(0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "2b23ca5ed9707954c7310801"}}}}}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev, @multicast1, @random="e374636d35dc", @multicast1}}}}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev2(r3, &(0x7f0000000600), 0x0, 0x0, 0xffff, 0x0)
write$sequencer(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000001040))
executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x500}, {}]}})
sendmsg$key(r0, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="02060000020000e50000000000000000"], 0x10}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="c9935f2bb8007f35e9836832e07e9b571d838b29621252ce5f8cf8388f1840b1442957c8f4e8d4492900dd9645d88454b74a36ebf3b8a4a634f733317480fabd1d833e4d47098b7a74f12149d1bb3ae19d91a12013a417567f187239c3940d5f89c391eb220a9b61d2bf04b5323b079caf3c19d098bf232a4796f0ec7bb8c10474f2eea0199e09363a0ed00dd3e9f759c20ea320feb7e6911d81", @ANYRES16=r3, @ANYBLOB="0500ffffffff000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000b00000060000000cf000e0080000000080211000001080211000001505050505050000000000000000000006400000000060101010101010301010602070005750000007adc21b58f24e0ee963a73f337a51c30819317c95b2bb6a0a870aae8a88f528ea67e7bc956aced2f3c31f8e7c0473cbe05a641f71c705c076ca4b8677b270519a4970295d3adbba2ed2c6f98ee5e162c7f0cb8b5c0c05ba5e5edfe8d13eddef3995dfe1eb15498eb2b1a88ed94412d4af59625030084042a0100720603030303030371070000000000005876060000000000000004000f00080026006c09000008000c006400000004000501"], 0x110}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r4)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000dc159217e6e2ec00", @ANYRES16=r5, @ANYBLOB="0106000000000000000045000000"], 0x14}, 0x1, 0x0, 0x0, 0x20044004}, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140))
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x7ff}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r7}, 0x38)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000100), &(0x7f00000001c0)=0xffffffffffffff66)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
r10 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r11=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x85, 0x0, &(0x7f0000000540))
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000005c0)=@assoc_id=r11, 0x4)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000600)={0x4})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
executing program 1:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x24f9, &(0x7f0000002ec0), &(0x7f00000000c0), &(0x7f0000000140)=<r4=>0x0)
r5 = memfd_secret(0x0)
ftruncate(r5, 0x3)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, 0x0, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x302, 0x0, 0x0, {0x2, 0x0, 0x5}}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x4}]}]}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}}], {0x14}}, 0x110}}, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb5, &(0x7f00000002c0), &(0x7f0000000080)=0x4)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000002, 0x11, r5, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4a, 0x0, 0xffffffffffffff9c, 0x0, 0x0})
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 0:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=1m42s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 28, 29, 29, 29, 29, 29, 26, 27, 28]
detailed listing:
executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000180))
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f00000101c0)={@my=0x1})
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x6a0401)
unshare(0x20040400)
creat(&(0x7f0000000040)='./file0\x00', 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x10005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x3, 0x30}, 0xc)
sendto$inet(r3, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000280)='p', 0x1, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r4, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9901c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c4947987748ab21a48aef3", 0xfd1, 0xfff, 0x0)
mq_timedreceive(r4, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000001600)=@raw={'raw\x00', 0x4001, 0x3, 0x1e8, 0x0, 0xb, 0x148, 0xc0, 0x148, 0x150, 0x242, 0x240, 0x150, 0x215, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'geneve1\x00', 'ipvlan0\x00'}, 0x0, 0x98, 0xc0, 0x0, {0xff0f000000000000}, [@common=@icmp={{0x28}, {0x3, "4911"}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x16}, @broadcast, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'caif0\x00', {0xff}, {}, 0x2f, 0x1, 0x42}, 0xec010000, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000400)={0x0})
executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x18, 0x0, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x803, 0x0)
write$binfmt_script(r3, 0x0, 0xfffffe5d)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r4)
r5 = socket(0xa, 0x1, 0x0)
close(r5)
sendmmsg$inet_sctp(r5, &(0x7f00000019c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000802000000000000000000000000000000000000004b1fa6ac"], 0x30}], 0x1, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYRESDEC], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r6, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c884}, 0x0)
socket(0x10, 0x803, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r7, 0x29, 0x33, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r8, 0x407, 0x10005)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)
executing program 2:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)={@in, 0x0, 0x0, 0x0, 0x0, "f55f817bc06c88f47480ab5a58b45baf660401c8bc69351dac1f1747678b1958be4f737c06ed8b91cfcb18062bc5832e880319bf07279cd8bb654dd3911a359dbee08f634402630b53fa8ce128836865"}, 0xd8)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000040)={{@my=0x1}, 0xfffffffffffffeec})
r1 = add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)
gettid()
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaa07000000cd60e400ff0038"], 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f86dd", 0x5ea}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
tkill(0x0, 0x0)
keyctl$clear(0x7, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000200)='C', 0x1, r1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800900"], 0x48}}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
close(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ff41000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x14, r8, 0xc99752fbd6bf8f05, 0x0, 0x0, {0x4e}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x100, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000080)
unshare(0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x20, 0x3b, 0x9, 0x0, 0x0, {0x4}, [@typed={0x4}, @nested={0x8, 0xa, 0x0, 0x1, [@generic="4efeecac"]}]}, 0x20}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)
executing program 3:
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x0, 0x4}, {@in=@loopback, 0x0, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3}, {0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x8, {0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0xe}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x0)
unshare(0x2c020400)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1405, 0x131, 0x0, 0x0, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540))
syz_open_procfs$userns(0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "2b23ca5ed9707954c7310801"}}}}}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev, @multicast1, @random="e374636d35dc", @multicast1}}}}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev2(r3, &(0x7f0000000600), 0x0, 0x0, 0xffff, 0x0)
write$sequencer(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000001040))
executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x500}, {}]}})
sendmsg$key(r0, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="02060000020000e50000000000000000"], 0x10}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="c9935f2bb8007f35e9836832e07e9b571d838b29621252ce5f8cf8388f1840b1442957c8f4e8d4492900dd9645d88454b74a36ebf3b8a4a634f733317480fabd1d833e4d47098b7a74f12149d1bb3ae19d91a12013a417567f187239c3940d5f89c391eb220a9b61d2bf04b5323b079caf3c19d098bf232a4796f0ec7bb8c10474f2eea0199e09363a0ed00dd3e9f759c20ea320feb7e6911d81", @ANYRES16=r3, @ANYBLOB="0500ffffffff000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000b00000060000000cf000e0080000000080211000001080211000001505050505050000000000000000000006400000000060101010101010301010602070005750000007adc21b58f24e0ee963a73f337a51c30819317c95b2bb6a0a870aae8a88f528ea67e7bc956aced2f3c31f8e7c0473cbe05a641f71c705c076ca4b8677b270519a4970295d3adbba2ed2c6f98ee5e162c7f0cb8b5c0c05ba5e5edfe8d13eddef3995dfe1eb15498eb2b1a88ed94412d4af59625030084042a0100720603030303030371070000000000005876060000000000000004000f00080026006c09000008000c006400000004000501"], 0x110}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r4)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000dc159217e6e2ec00", @ANYRES16=r5, @ANYBLOB="0106000000000000000045000000"], 0x14}, 0x1, 0x0, 0x0, 0x20044004}, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140))
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x7ff}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r7}, 0x38)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000100), &(0x7f00000001c0)=0xffffffffffffff66)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
r10 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r11=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x85, 0x0, &(0x7f0000000540))
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000005c0)=@assoc_id=r11, 0x4)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000600)={0x4})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
executing program 1:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x24f9, &(0x7f0000002ec0), &(0x7f00000000c0), &(0x7f0000000140)=<r4=>0x0)
r5 = memfd_secret(0x0)
ftruncate(r5, 0x3)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, 0x0, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x302, 0x0, 0x0, {0x2, 0x0, 0x5}}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x4}]}]}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}}], {0x14}}, 0x110}}, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb5, &(0x7f00000002c0), &(0x7f0000000080)=0x4)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000002, 0x11, r5, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4a, 0x0, 0xffffffffffffff9c, 0x0, 0x0})
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 0:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in em28xx_release_resources
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
bisect: split chunks (needed=true): <10>
bisect: split chunk #0 of len 10 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 29, 26, 27, 28]
detailed listing:
executing program 3:
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newsa={0x154, 0x10, 0x713, 0x0, 0x0, {{@in=@remote, @in=@multicast2, 0x0, 0x4}, {@in=@loopback, 0x0, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3}, {0xfffffffffffffffc, 0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x8, {0x0, 0x0, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0xe}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x40}, 0x0)
unshare(0x2c020400)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1405, 0x131, 0x0, 0x0, "", [{{0x8}, {0x8}}]}, 0x20}}, 0x0)
syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000540))
syz_open_procfs$userns(0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000400)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0x1c, 0x0, @gue={{0x2, 0x0, 0x0, 0x7}, "2b23ca5ed9707954c7310801"}}}}}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000500)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x2, @dev, @multicast1, @random="e374636d35dc", @multicast1}}}}, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
pwritev2(r3, &(0x7f0000000600), 0x0, 0x0, 0xffff, 0x0)
write$sequencer(0xffffffffffffffff, 0x0, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
readv(r3, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}], 0x1)
r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(r4, 0x40096101, &(0x7f0000001040))
executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x500}, {}]}})
sendmsg$key(r0, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="02060000020000e50000000000000000"], 0x10}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="c9935f2bb8007f35e9836832e07e9b571d838b29621252ce5f8cf8388f1840b1442957c8f4e8d4492900dd9645d88454b74a36ebf3b8a4a634f733317480fabd1d833e4d47098b7a74f12149d1bb3ae19d91a12013a417567f187239c3940d5f89c391eb220a9b61d2bf04b5323b079caf3c19d098bf232a4796f0ec7bb8c10474f2eea0199e09363a0ed00dd3e9f759c20ea320feb7e6911d81", @ANYRES16=r3, @ANYBLOB="0500ffffffff000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="0c0099000b00000060000000cf000e0080000000080211000001080211000001505050505050000000000000000000006400000000060101010101010301010602070005750000007adc21b58f24e0ee963a73f337a51c30819317c95b2bb6a0a870aae8a88f528ea67e7bc956aced2f3c31f8e7c0473cbe05a641f71c705c076ca4b8677b270519a4970295d3adbba2ed2c6f98ee5e162c7f0cb8b5c0c05ba5e5edfe8d13eddef3995dfe1eb15498eb2b1a88ed94412d4af59625030084042a0100720603030303030371070000000000005876060000000000000004000f00080026006c09000008000c006400000004000501"], 0x110}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r4)
sendmsg$DEVLINK_CMD_RATE_NEW(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="000000000000dc159217e6e2ec00", @ANYRES16=r5, @ANYBLOB="0106000000000000000045000000"], 0x14}, 0x1, 0x0, 0x0, 0x20044004}, 0x0)
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140))
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_sctp(0x2, 0x0, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000002c0)=[@in6={0xa, 0x0, 0x0, @private0}]}, &(0x7f0000000180)=0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x7ff}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r7}, 0x38)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000100), &(0x7f00000001c0)=0xffffffffffffff66)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
r10 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r11=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x85, 0x0, &(0x7f0000000540))
setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000005c0)=@assoc_id=r11, 0x4)
ioctl$USBDEVFS_RESETEP(0xffffffffffffffff, 0x80045503, &(0x7f0000000600)={0x4})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
executing program 1:
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCCBRK(r0, 0x5428)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x24f9, &(0x7f0000002ec0), &(0x7f00000000c0), &(0x7f0000000140)=<r4=>0x0)
r5 = memfd_secret(0x0)
ftruncate(r5, 0x3)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, 0x0, 0x40)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000001aa80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x302, 0x0, 0x0, {0x2, 0x0, 0x5}}, @NFT_MSG_NEWSETELEM={0x20, 0xc, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_DATA={0x4}]}]}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}}], {0x14}}, 0x110}}, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xb5, &(0x7f00000002c0), &(0x7f0000000080)=0x4)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x2000002, 0x11, r5, 0x0)
syz_io_uring_submit(r7, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4a, 0x0, 0xffffffffffffff9c, 0x0, 0x0})
executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000800)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x158, 0x288, 0x158, 0x288, 0x1f0, 0x320, 0x320, 0x320, 0x320, 0x320, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'ipvlan1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @TTL={0x28}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'pim6reg1\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@dev, @private, 0x0, 0x0, 'hsr0\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0xf, 0x1, 0x80000000)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x100000001)
connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r4, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}}, 0x0)
close(r2)
syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x0, 0x0)
unshare(0x6a040000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000300)={'erspan0\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x32, 0x14, 0x0, 0x0, 0x3, 0x0, 0x0, @broadcast, @remote}}}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
executing program 0:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf988", 0x7e, r0)
r2 = add_key$user(&(0x7f0000000180), &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r2, r1, r2}, &(0x7f00000002c0)=""/250, 0xfa, &(0x7f0000000400)={&(0x7f00000003c0)={'sha224-generic\x00'}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_GET_PIT(r4, 0x400caed0, &(0x7f0000000300))
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000404c05d50310000200000109022400010000000009041200010300000009210000000122010009058103"], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000240)={0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="400302000000020a48d89a79c41c37d02086b3a5b5def021c58bb5cc35b9c687c195bd1a236d321b5ef5ec9124b944da4f4ab04d841f079e2bfdec6bb244eb5bd9d2099db31c9beeaa0c01cda23a79248c01f35aa932a177bcc010e44ee98de0c72f139701580b6277ef8cf82247738940bb7d0165becf3b9a845c5bc86bc807cbc8a30a0b55874a0561aa01664f4e75a6e4eff86c859b57a18245e6fe45a8e4608f0b793566632b5ea04615b82d6a0bbf197c6d73b6efdeb89dd86f09a653ac4720ba866183746aad59cd00a356eb29a4b865cf66462c7d971348a37b26a40f0f1bf75c2dbb06262853b60cde75ed43a6af3c823673c91e6898dff4146162ff83953116e95c"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r6 = eventfd2(0x1, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000080))
read$eventfd(r6, &(0x7f0000000000), 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x0)
r8 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
utimensat(r8, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0xffffffffffffffff}}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r9 = syz_io_uring_setup(0x36dc, &(0x7f0000000140)={0x0, 0xe9da, 0x400, 0x1, 0x255}, &(0x7f0000000040), &(0x7f00000000c0))
io_uring_setup(0x6c81, &(0x7f00000001c0)={0x0, 0xb840, 0x800, 0x3, 0x25a, 0x0, r9})
syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14a042)
write$hidraw(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6015690900482f00fc020000000000000000000003ff0000ff020000400000000000000000000001242088a8000000000004000000000800000086dd88a888be08000000100000000100000000000000080022eb00000000200000000200000000000000000100000800655800000000"], 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 28, 29, 29, 29]
detailed listing:
executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000180))
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f00000101c0)={@my=0x1})
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x6a0401)
unshare(0x20040400)
creat(&(0x7f0000000040)='./file0\x00', 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x10005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x3, 0x30}, 0xc)
sendto$inet(r3, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000280)='p', 0x1, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r4, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9901c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c4947987748ab21a48aef3", 0xfd1, 0xfff, 0x0)
mq_timedreceive(r4, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000001600)=@raw={'raw\x00', 0x4001, 0x3, 0x1e8, 0x0, 0xb, 0x148, 0xc0, 0x148, 0x150, 0x242, 0x240, 0x150, 0x215, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'geneve1\x00', 'ipvlan0\x00'}, 0x0, 0x98, 0xc0, 0x0, {0xff0f000000000000}, [@common=@icmp={{0x28}, {0x3, "4911"}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x16}, @broadcast, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'caif0\x00', {0xff}, {}, 0x2f, 0x1, 0x42}, 0xec010000, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000400)={0x0})
executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x18, 0x0, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x803, 0x0)
write$binfmt_script(r3, 0x0, 0xfffffe5d)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r4)
r5 = socket(0xa, 0x1, 0x0)
close(r5)
sendmmsg$inet_sctp(r5, &(0x7f00000019c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000802000000000000000000000000000000000000004b1fa6ac"], 0x30}], 0x1, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYRESDEC], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r6, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c884}, 0x0)
socket(0x10, 0x803, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r7, 0x29, 0x33, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r8, 0x407, 0x10005)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)
executing program 2:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)={@in, 0x0, 0x0, 0x0, 0x0, "f55f817bc06c88f47480ab5a58b45baf660401c8bc69351dac1f1747678b1958be4f737c06ed8b91cfcb18062bc5832e880319bf07279cd8bb654dd3911a359dbee08f634402630b53fa8ce128836865"}, 0xd8)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000040)={{@my=0x1}, 0xfffffffffffffeec})
r1 = add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)
gettid()
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaa07000000cd60e400ff0038"], 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f86dd", 0x5ea}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
tkill(0x0, 0x0)
keyctl$clear(0x7, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000200)='C', 0x1, r1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800900"], 0x48}}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
close(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ff41000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x14, r8, 0xc99752fbd6bf8f05, 0x0, 0x0, {0x4e}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x100, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000080)
unshare(0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x20, 0x3b, 0x9, 0x0, 0x0, {0x4}, [@typed={0x4}, @nested={0x8, 0xa, 0x0, 0x1, [@generic="4efeecac"]}]}, 0x20}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <5>
bisect: split chunk #0 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 29]
detailed listing:
executing program 2:
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000040)={@in, 0x0, 0x0, 0x0, 0x0, "f55f817bc06c88f47480ab5a58b45baf660401c8bc69351dac1f1747678b1958be4f737c06ed8b91cfcb18062bc5832e880319bf07279cd8bb654dd3911a359dbee08f634402630b53fa8ce128836865"}, 0xd8)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000040)={{@my=0x1}, 0xfffffffffffffeec})
r1 = add_key$keyring(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r1)
gettid()
r2 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaeaaaaaaaaaaaa07000000cd60e400ff0038"], 0x0)
sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f86dd", 0x5ea}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb65d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205000000"], 0x0}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
read(0xffffffffffffffff, &(0x7f0000000200)=""/209, 0xd1)
tkill(0x0, 0x0)
keyctl$clear(0x7, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000200)='C', 0x1, r1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000100005800900"], 0x48}}, 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
close(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/stat\x00', 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, &(0x7f0000000300)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff00000000d609080000000000db9af0ff41000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x78}}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x14, r8, 0xc99752fbd6bf8f05, 0x0, 0x0, {0x4e}}, 0x14}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r8, 0x100, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000080)
unshare(0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x20, 0x3b, 0x9, 0x0, 0x0, {0x4}, [@typed={0x4}, @nested={0x8, 0xa, 0x0, 0x1, [@generic="4efeecac"]}]}, 0x20}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x4)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 28, 29]
detailed listing:
executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000180))
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f00000101c0)={@my=0x1})
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x6a0401)
unshare(0x20040400)
creat(&(0x7f0000000040)='./file0\x00', 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x10005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x3, 0x30}, 0xc)
sendto$inet(r3, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000280)='p', 0x1, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r4, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9901c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c4947987748ab21a48aef3", 0xfd1, 0xfff, 0x0)
mq_timedreceive(r4, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000001600)=@raw={'raw\x00', 0x4001, 0x3, 0x1e8, 0x0, 0xb, 0x148, 0xc0, 0x148, 0x150, 0x242, 0x240, 0x150, 0x215, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'geneve1\x00', 'ipvlan0\x00'}, 0x0, 0x98, 0xc0, 0x0, {0xff0f000000000000}, [@common=@icmp={{0x28}, {0x3, "4911"}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x16}, @broadcast, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'caif0\x00', {0xff}, {}, 0x2f, 0x1, 0x42}, 0xec010000, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000400)={0x0})
executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
executing program 0:
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x18, 0x0, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x803, 0x0)
write$binfmt_script(r3, 0x0, 0xfffffe5d)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r4)
r5 = socket(0xa, 0x1, 0x0)
close(r5)
sendmmsg$inet_sctp(r5, &(0x7f00000019c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000802000000000000000000000000000000000000004b1fa6ac"], 0x30}], 0x1, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYRESDEC], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r6, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c884}, 0x0)
socket(0x10, 0x803, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r7, 0x29, 0x33, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r8, 0x407, 0x10005)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$vim2m_VIDIOC_ENUM_FMT-openat$cgroup_root-openat$cgroup_ro-write$UHID_CREATE2-socket$inet6_udp-socket$nl_netfilter-socket$netlink-socket-write$binfmt_script-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-sendmsg$NL80211_CMD_FRAME-syz_genetlink_get_family_id$tipc-socket-close-sendmmsg$inet_sctp-getsockname$packet-sendmsg$nl_route-sendmsg$nl_route_sched-socket-socket$inet6_mptcp-setsockopt$inet6_int-pipe2-write$binfmt_misc-vmsplice-fcntl$setpipe-syz_open_dev$tty1-dup
detailed listing:
executing program 0:
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x18, 0x0, 0x0, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"})
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='memory.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x803, 0x0)
write$binfmt_script(r3, 0x0, 0xfffffe5d)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r4)
r5 = socket(0xa, 0x1, 0x0)
close(r5)
sendmmsg$inet_sctp(r5, &(0x7f00000019c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000802000000000000000000000000000000000000004b1fa6ac"], 0x30}], 0x1, 0x0)
getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYRESDEC], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r6, {0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c884}, 0x0)
socket(0x10, 0x803, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r7, 0x29, 0x33, 0x0, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x4)
vmsplice(r8, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r8, 0x407, 0x10005)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r9)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [29, 28]
detailed listing:
executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000180))
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f00000101c0)={@my=0x1})
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x6a0401)
unshare(0x20040400)
creat(&(0x7f0000000040)='./file0\x00', 0x1de)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x10005)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getpid()
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000080)={0x0, 0x3, 0x30}, 0xc)
sendto$inet(r3, &(0x7f00000000c0)='}', 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r3, &(0x7f0000000280)='p', 0x1, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r4, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9901c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c4947987748ab21a48aef3", 0xfd1, 0xfff, 0x0)
mq_timedreceive(r4, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
sendto$inet(r3, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000001600)=@raw={'raw\x00', 0x4001, 0x3, 0x1e8, 0x0, 0xb, 0x148, 0xc0, 0x148, 0x150, 0x242, 0x240, 0x150, 0x215, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'geneve1\x00', 'ipvlan0\x00'}, 0x0, 0x98, 0xc0, 0x0, {0xff0f000000000000}, [@common=@icmp={{0x28}, {0x3, "4911"}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x16}, @broadcast, 0xffffffff, 0xff, 'veth1_to_bridge\x00', 'caif0\x00', {0xff}, {}, 0x2f, 0x1, 0x42}, 0xec010000, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x248)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000400)={0x0})
executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset-mkdirat-open-setsockopt$netlink_NETLINK_DROP_MEMBERSHIP-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-rt_sigsuspend-ioctl$FBIOPUT_CON2FBMAP-sendmsg$inet
detailed listing:
executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 4:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset-mkdirat-open-setsockopt$netlink_NETLINK_DROP_MEMBERSHIP-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-rt_sigsuspend-ioctl$FBIOPUT_CON2FBMAP-sendmsg$inet
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
bisect: concatenation succeeded
found reproducer with 28 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset-mkdirat-open-setsockopt$netlink_NETLINK_DROP_MEMBERSHIP-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-rt_sigsuspend-ioctl$FBIOPUT_CON2FBMAP
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f00000003c0)={0x2f, 0x1})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset-mkdirat-open-setsockopt$netlink_NETLINK_DROP_MEMBERSHIP-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON-rt_sigsuspend
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
rt_sigsuspend(0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset-mkdirat-open-setsockopt$netlink_NETLINK_DROP_MEMBERSHIP-prctl$PR_SET_SYSCALL_USER_DISPATCH_ON
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset-mkdirat-open-setsockopt$netlink_NETLINK_DROP_MEMBERSHIP
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r6 = open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r6, 0x10e, 0x2, &(0x7f0000000140)=0x5, 0x4)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset-mkdirat-open
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
open(&(0x7f0000000100)='./file0/file0/file0\x00', 0x123500, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset-mkdirat
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat-capset
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')
capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000040))

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP-symlinkat
detailed listing:
executing program 0:
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r1, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r3, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r4, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)
symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f00000000c0)='./file0\x00')

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime-getsockopt$MISDN_TIME_STAMP
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt$MISDN_TIME_STAMP(r3, 0x0, 0x1, &(0x7f0000000240), &(0x7f0000000380)=0x4)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-timerfd_settime
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timerfd_settime(0xffffffffffffffff, 0x0, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR-sendmsg$nl_route
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})
sendmsg$nl_route(r2, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key-ioctl$VHOST_SET_VRING_ADDR
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000200)={0x2, 0x0, 0x0, &(0x7f0000000100)=""/208, &(0x7f00000002c0)=""/155, 0xf000})

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key-sendmsg$key
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009180000000000000000000000040003000000000000000000000000000000000000000000000000000000000005000600000300000a0000000000000000000000000000000000000000000001000000000000000004000400000000000000000000000000000000000000000000000000000000000200010000000000000000000000000005000500000000000a00000000000000fe880000000000000000000000000001000000000000000002001300000000000000005d9053bc63e22fc8844d4814331abab429a4f23182e50ff88f6a95bd74065831577fcf83574e608aa4c13ea4ce88e7d09f1774134ce9b77cdbb04b607db2cc95477048ade35dbc8649d27da1c2415a9bdc278a2e34226c0000000000"], 0xc0}}, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro-socket$key
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route-openat$cgroup_ro
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect-socket$nl_route
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-close
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
close(0xffffffffffffffff)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-ioctl$TUNSETOFFLOAD-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4010744d, 0x20000000)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-openat$cgroup_int-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-ioctl$TUNSETOFFLOAD-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x20001400)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-openat$cgroup_ro-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-ioctl$VIDIOC_G_CROP-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x0, {0x5}})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_open_dev$video-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): open-syz_usb_connect
detailed listing:
executing program 0:
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b793e3401aeb03e3a0010000000109021b0001000000000904000001a1078a00090582020000000000"], 0x0)

program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
detailed listing:
executing program 0:
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
simplifying C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect
program crashed: KASAN: slab-use-after-free Read in v4l2_fh_open
reproducing took 1h40m42.041055655s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init drivers/media/v4l2-core/v4l2-fh.c:25 [inline]
BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xcb/0x430 drivers/media/v4l2-core/v4l2-fh.c:63
Read of size 8 at addr ffff88802b1b0740 by task v4l_id/5267

CPU: 0 UID: 0 PID: 5267 Comm: v4l_id Not tainted 6.11.0-rc4-syzkaller-00019-gb311c1b497e5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 v4l2_fh_init drivers/media/v4l2-core/v4l2-fh.c:25 [inline]
 v4l2_fh_open+0xcb/0x430 drivers/media/v4l2-core/v4l2-fh.c:63
 em28xx_v4l2_open+0x14c/0x9d0 drivers/media/usb/em28xx/em28xx-video.c:2155
 v4l2_open+0x232/0x370 drivers/media/v4l2-core/v4l2-dev.c:427
 chrdev_open+0x5b0/0x630 fs/char_dev.c:414
 do_dentry_open+0x970/0x1440 fs/open.c:959
 vfs_open+0x3e/0x330 fs/open.c:1089
 do_open fs/namei.c:3727 [inline]
 path_openat+0x2b3e/0x3470 fs/namei.c:3886
 do_filp_open+0x235/0x490 fs/namei.c:3913
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4df1f999a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffd960364f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffd96036708 RCX: 00007f4df1f999a4
RDX: 0000000000000000 RSI: 00007ffd96036f22 RDI: 00000000ffffff9c
RBP: 00007ffd96036f22 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd96036720 R14: 0000556dac06c670 R15: 00007f4df215ba80
 </TASK>

Allocated by task 25:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4189
 kmalloc_noprof include/linux/slab.h:681 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 em28xx_v4l2_init+0xfd/0x2f40 drivers/media/usb/em28xx/em28xx-video.c:2534
 em28xx_init_extension+0x120/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1117
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 25:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240
 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2252 [inline]
 slab_free mm/slub.c:4473 [inline]
 kfree+0x149/0x360 mm/slub.c:4594
 em28xx_free_v4l2 drivers/media/usb/em28xx/em28xx-video.c:2120 [inline]
 kref_put include/linux/kref.h:65 [inline]
 em28xx_v4l2_init+0x16d7/0x2f40 drivers/media/usb/em28xx/em28xx-video.c:2903
 em28xx_init_extension+0x120/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1117
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff88802b1b0000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1856 bytes inside of
 freed 8192-byte region [ffff88802b1b0000, ffff88802b1b2000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b1b0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xfdffffff(slab)
raw: 00fff00000000040 ffff888015842280 ffffea0001fb3600 0000000000000004
raw: 0000000000000000 0000000080020002 00000001fdffffff 0000000000000000
head: 00fff00000000040 ffff888015842280 ffffea0001fb3600 0000000000000004
head: 0000000000000000 0000000080020002 00000001fdffffff 0000000000000000
head: 00fff00000000003 ffffea0000ac6c01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4910, tgid 4910 (dhcpcd-run-hook), ts 31130502084, free_ts 31118556464
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439
 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695
 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
 alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
 alloc_slab_page+0x5f/0x120 mm/slub.c:2321
 allocate_slab+0x5a/0x2f0 mm/slub.c:2484
 new_slab mm/slub.c:2537 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3723
 __slab_alloc+0x58/0xa0 mm/slub.c:3813
 __slab_alloc_node mm/slub.c:3866 [inline]
 slab_alloc_node mm/slub.c:4025 [inline]
 __kmalloc_cache_noprof+0x1d5/0x2c0 mm/slub.c:4184
 kmalloc_noprof include/linux/slab.h:681 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 tomoyo_print_bprm security/tomoyo/audit.c:26 [inline]
 tomoyo_init_log+0x11ce/0x2050 security/tomoyo/audit.c:264
 tomoyo_supervisor+0x38a/0x11f0 security/tomoyo/common.c:2089
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0x178/0x210 security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x1384/0x1cf0 security/tomoyo/domain.c:878
 tomoyo_bprm_check_security+0x115/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x65/0x90 security/security.c:1191
 search_binary_handler fs/exec.c:1815 [inline]
 exec_binprm fs/exec.c:1869 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1920
 do_execveat_common+0x55f/0x6f0 fs/exec.c:2027
page last free pid 4909 tgid 4909 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0xd22/0xea0 mm/page_alloc.c:2612
 discard_slab mm/slub.c:2583 [inline]
 __put_partials+0xeb/0x130 mm/slub.c:3051
 put_cpu_partial+0x17c/0x250 mm/slub.c:3126
 __slab_free+0x2ea/0x3d0 mm/slub.c:4343
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3988 [inline]
 slab_alloc_node mm/slub.c:4037 [inline]
 kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044
 getname_flags+0xb7/0x540 fs/namei.c:139
 do_sys_openat2+0xd2/0x1d0 fs/open.c:1410
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff88802b1b0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802b1b0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88802b1b0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff88802b1b0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802b1b0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in v4l2_fh_init drivers/media/v4l2-core/v4l2-fh.c:25 [inline]
BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xcb/0x430 drivers/media/v4l2-core/v4l2-fh.c:63
Read of size 8 at addr ffff88802b1b0740 by task v4l_id/5267

CPU: 0 UID: 0 PID: 5267 Comm: v4l_id Not tainted 6.11.0-rc4-syzkaller-00019-gb311c1b497e5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 v4l2_fh_init drivers/media/v4l2-core/v4l2-fh.c:25 [inline]
 v4l2_fh_open+0xcb/0x430 drivers/media/v4l2-core/v4l2-fh.c:63
 em28xx_v4l2_open+0x14c/0x9d0 drivers/media/usb/em28xx/em28xx-video.c:2155
 v4l2_open+0x232/0x370 drivers/media/v4l2-core/v4l2-dev.c:427
 chrdev_open+0x5b0/0x630 fs/char_dev.c:414
 do_dentry_open+0x970/0x1440 fs/open.c:959
 vfs_open+0x3e/0x330 fs/open.c:1089
 do_open fs/namei.c:3727 [inline]
 path_openat+0x2b3e/0x3470 fs/namei.c:3886
 do_filp_open+0x235/0x490 fs/namei.c:3913
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1416
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4df1f999a4
Code: 24 20 48 8d 44 24 30 48 89 44 24 28 64 8b 04 25 18 00 00 00 85 c0 75 2c 44 89 e2 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 60 48 8b 15 55 a4 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffd960364f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffd96036708 RCX: 00007f4df1f999a4
RDX: 0000000000000000 RSI: 00007ffd96036f22 RDI: 00000000ffffff9c
RBP: 00007ffd96036f22 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd96036720 R14: 0000556dac06c670 R15: 00007f4df215ba80
 </TASK>

Allocated by task 25:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4189
 kmalloc_noprof include/linux/slab.h:681 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 em28xx_v4l2_init+0xfd/0x2f40 drivers/media/usb/em28xx/em28xx-video.c:2534
 em28xx_init_extension+0x120/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1117
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Freed by task 25:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579
 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240
 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256
 kasan_slab_free include/linux/kasan.h:184 [inline]
 slab_free_hook mm/slub.c:2252 [inline]
 slab_free mm/slub.c:4473 [inline]
 kfree+0x149/0x360 mm/slub.c:4594
 em28xx_free_v4l2 drivers/media/usb/em28xx/em28xx-video.c:2120 [inline]
 kref_put include/linux/kref.h:65 [inline]
 em28xx_v4l2_init+0x16d7/0x2f40 drivers/media/usb/em28xx/em28xx-video.c:2903
 em28xx_init_extension+0x120/0x1c0 drivers/media/usb/em28xx/em28xx-core.c:1117
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

The buggy address belongs to the object at ffff88802b1b0000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 1856 bytes inside of
 freed 8192-byte region [ffff88802b1b0000, ffff88802b1b2000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b1b0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: 0xfdffffff(slab)
raw: 00fff00000000040 ffff888015842280 ffffea0001fb3600 0000000000000004
raw: 0000000000000000 0000000080020002 00000001fdffffff 0000000000000000
head: 00fff00000000040 ffff888015842280 ffffea0001fb3600 0000000000000004
head: 0000000000000000 0000000080020002 00000001fdffffff 0000000000000000
head: 00fff00000000003 ffffea0000ac6c01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4910, tgid 4910 (dhcpcd-run-hook), ts 31130502084, free_ts 31118556464
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x2e4c/0x2f10 mm/page_alloc.c:3439
 __alloc_pages_noprof+0x256/0x6c0 mm/page_alloc.c:4695
 __alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
 alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
 alloc_slab_page+0x5f/0x120 mm/slub.c:2321
 allocate_slab+0x5a/0x2f0 mm/slub.c:2484
 new_slab mm/slub.c:2537 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3723
 __slab_alloc+0x58/0xa0 mm/slub.c:3813
 __slab_alloc_node mm/slub.c:3866 [inline]
 slab_alloc_node mm/slub.c:4025 [inline]
 __kmalloc_cache_noprof+0x1d5/0x2c0 mm/slub.c:4184
 kmalloc_noprof include/linux/slab.h:681 [inline]
 kzalloc_noprof include/linux/slab.h:807 [inline]
 tomoyo_print_bprm security/tomoyo/audit.c:26 [inline]
 tomoyo_init_log+0x11ce/0x2050 security/tomoyo/audit.c:264
 tomoyo_supervisor+0x38a/0x11f0 security/tomoyo/common.c:2089
 tomoyo_audit_env_log security/tomoyo/environ.c:36 [inline]
 tomoyo_env_perm+0x178/0x210 security/tomoyo/environ.c:63
 tomoyo_environ security/tomoyo/domain.c:672 [inline]
 tomoyo_find_next_domain+0x1384/0x1cf0 security/tomoyo/domain.c:878
 tomoyo_bprm_check_security+0x115/0x180 security/tomoyo/tomoyo.c:102
 security_bprm_check+0x65/0x90 security/security.c:1191
 search_binary_handler fs/exec.c:1815 [inline]
 exec_binprm fs/exec.c:1869 [inline]
 bprm_execve+0xa56/0x1770 fs/exec.c:1920
 do_execveat_common+0x55f/0x6f0 fs/exec.c:2027
page last free pid 4909 tgid 4909 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0xd22/0xea0 mm/page_alloc.c:2612
 discard_slab mm/slub.c:2583 [inline]
 __put_partials+0xeb/0x130 mm/slub.c:3051
 put_cpu_partial+0x17c/0x250 mm/slub.c:3126
 __slab_free+0x2ea/0x3d0 mm/slub.c:4343
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x9e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3988 [inline]
 slab_alloc_node mm/slub.c:4037 [inline]
 kmem_cache_alloc_noprof+0x135/0x2a0 mm/slub.c:4044
 getname_flags+0xb7/0x540 fs/namei.c:139
 do_sys_openat2+0xd2/0x1d0 fs/open.c:1410
 do_sys_open fs/open.c:1431 [inline]
 __do_sys_openat fs/open.c:1447 [inline]
 __se_sys_openat fs/open.c:1442 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1442
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Memory state around the buggy address:
 ffff88802b1b0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802b1b0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88802b1b0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                           ^
 ffff88802b1b0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802b1b0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================