Extracting prog: 3m53.266198304s
Minimizing prog: 24m31.228513603s
Simplifying prog options: 0s
Extracting C: 52.821588092s
Simplifying C: 12m3.045302742s


extracting reproducer from 24 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 24 programs with base timeout 30s
testing program (duration=36s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 5, 9, 9, 2, 3, 5, 24, 9, 10, 11, 4, 7, 9, 2, 13, 9, 7, 24, 9, 10, 8, 7, 5]
detailed listing:
executing program 1:
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
pipe2(&(0x7f0000000080), 0x4080)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000001c0)=ANY=[], 0x0)
executing program 3:
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000099e000/0x18000)=nil, 0x0, 0x0, 0x14, 0x0, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f00000002c0)={'broute\x00', 0x0, 0x0, 0x0, [0x9, 0x39, 0x6, 0x9, 0x768f, 0x21800000000000]}, &(0x7f0000000340)=0x78)
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006380)={0x2020}, 0x2020)
executing program 3:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a3100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ac0)=@newsa={0x144, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x80, 0x0, 0x4e24, 0x0, 0x0, 0x20}, {@in=@broadcast, 0xffffffff, 0x33}, @in=@multicast2, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9, 0x2}, 0x0, 0x10000, 0x2, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x1}}]}, 0x144}}, 0x0)
executing program 0:
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4000, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000010010000"], 0x18}, 0x0)
executing program 1:
r0 = syz_usb_connect$uac3(0x5, 0x93, &(0x7f0000000480)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x40, 0x644, 0x8021, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x81, 0x3, 0x1, 0x54, 0xc0, 0xf, {0x8, 0xb, 0x0, 0x1, 0x1, 0x1, 0x30, 0x4}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0xe, 0x1d, 0x81}, [@output_terminal={0x13, 0x24, 0x3, 0x6, 0x401, 0x6, 0x5, 0x3, 0xab3, 0xfff7, 0x5, 0x1}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x5, 0xe0, 0x0, {0xa, 0x25, 0x25, 0x8, 0x1f, 0x2}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x8, 0xc, 0x1, {0xa, 0x25, 0x25, 0x800, 0xf3, 0x3}}}}}}}}]}}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac3(r0, &(0x7f0000000880)={0x14, 0x0, &(0x7f0000000840)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x422}}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000001600)={0x2c, 0x0, &(0x7f00000014c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x83e}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac3(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1c01}}}, 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, 0x0, &(0x7f0000000300)={0x0, 0x3, 0x16, @string={0x16, 0x3, "d7275949b717222d4e2b9246d6a6837f8394800f"}}, 0x0, 0x0, 0x0}, 0x0)
executing program 0:
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000001c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@hyper})
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@hyper}, 0x0, 0x1, 0xfffffffd})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2400, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
syslog(0x4, &(0x7f00000001c0)=""/211, 0xd3)
syslog(0x3, &(0x7f0000002d00)=""/147, 0x93)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000000)=0x42c8, 0x4)
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f00000000c0)=0x7fc4, 0x4)
syslog(0xa, &(0x7f0000000100)=""/116, 0x74)
getsockopt$inet6_int(r3, 0x29, 0x1a, 0x0, &(0x7f0000000040))
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x46, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bind$tipc(r4, &(0x7f0000000000)=@id={0x1e, 0x3, 0x2, {0x4e23, 0x3}}, 0x10)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000040)={0x0, 0x4000000, 0x8, 0xd, 0x200, &(0x7f0000001500)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000a0000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
ioctl$KDSETMODE(r6, 0x4b3a, 0x1)
executing program 3:
syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8000)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x28383, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
socket$nl_route(0x10, 0x3, 0x0)
writev(r0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x2000000007d, 0x0, 0x7fffffffffffffff, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x5, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)
executing program 2:
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380), 0x149842, 0x0)
close(r3)
executing program 0:
r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f00000002c0)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000e80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000b80)={0x34, &(0x7f0000000880)={0x20, 0x16, 0x2, ';:'}, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 3:
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x4080)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000001c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000430109029200030172e5000904000000010100000a24010000000201020c0d240700000500006e626805000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0], 0x0)
executing program 2:
timer_create(0x0, 0x0, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000006380)={0x2020}, 0x2020)
executing program 2:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
finit_module(0xffffffffffffffff, 0x0, 0x3)
executing program 2:
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e21, 0x1, @loopback, 0x13}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5998c867c22b401046a89606ffcf92e", "2c5be7ad", "a0ca05c0707e52f4"}, 0x28)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040), 0x0)
recvfrom$inet6(r1, &(0x7f00000000c0)=""/3, 0x3, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x10000008ebc, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
executing program 3:
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a3100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000680)={0x20, 0xb, 0x5, "d66122e977"}, 0x0, 0x0, 0x0, 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
executing program 1:
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000001c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@hyper})
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0x0, 0x0)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@hyper}, 0x0, 0x1, 0xfffffffd})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2400, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
syslog(0x4, &(0x7f00000001c0)=""/211, 0xd3)
syslog(0x3, &(0x7f0000002d00)=""/147, 0x93)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000000)=0x42c8, 0x4)
r4 = socket$tipc(0x1e, 0x5, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x0)
setsockopt$sock_int(r5, 0x1, 0x12, &(0x7f00000000c0)=0x7fc4, 0x4)
syslog(0xa, &(0x7f0000000100)=""/116, 0x74)
getsockopt$inet6_int(r3, 0x29, 0x1a, 0x0, &(0x7f0000000040))
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x46, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bind$tipc(r4, &(0x7f0000000000)=@id={0x1e, 0x3, 0x2, {0x4e23, 0x3}}, 0x10)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000040)={0x0, 0x4000000, 0x8, 0xd, 0x200, &(0x7f0000001500)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000a0000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
ioctl$KDSETMODE(r6, 0x4b3a, 0x1)
executing program 2:
syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8000)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x28383, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
socket$nl_route(0x10, 0x3, 0x0)
writev(r0, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x2000000007d, 0x0, 0x7fffffffffffffff, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x5, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)
executing program 0:
sched_setscheduler(0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000380), 0x149842, 0x0)
close(r3)
executing program 1:
sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x14, 0x0, 0xa11, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4008081}, 0x40004)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf50, 0x0, 0xffff, 0x9dff, 0x15})
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff6, 0x0, 0x1, "0062007d82000000000000002240f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000200)=0x17)
executing program 2:
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r0 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, 0x0, 0x0)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0}, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_sctp-setsockopt$IP_VS_SO_SET_ADD-socket$kcm-setsockopt$IP_VS_SO_SET_ADDDEST-sendmsg$sock
detailed listing:
executing program 0:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e21, 0x3, 'rr\x00', 0x1, 0x10000004, 0x8}, 0x2c)
r1 = socket$kcm(0xa, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x80, 0x5d}, {@dev={0xac, 0x14, 0x14, 0x43}, 0x4e24, 0x4, 0x1cb, 0x12d61, 0x5}}, 0x44)
sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xfffffeec}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

program crashed: BUG: sleeping function called from invalid context in ip_vs_conn_new
validation run: crashed=true
reproducing took 47m12.025911015s
repro crashed as (corrupted=false):
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6113, name: syz.0.17
preempt_count: 1, expected: 0
RCU nest depth: 2, expected: 2
4 locks held by syz.0.17/6113:
 #0: ffffffff8e3c80c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8e3c80c0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8e3c80c0 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xa1/0x3a0 include/linux/netfilter.h:242
 #1: ffffffff8e25f260 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #2: ffffffff8e3c80c0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #3: ffff88804225e8f0 (&cp->lock#2){+...}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #3: ffff88804225e8f0 (&cp->lock#2){+...}-{3:3}, at: ip_vs_conn_hash net/netfilter/ipvs/ip_vs_conn.c:272 [inline]
 #3: ffff88804225e8f0 (&cp->lock#2){+...}-{3:3}, at: ip_vs_conn_new+0x14fe/0x25f0 net/netfilter/ipvs/ip_vs_conn.c:1448
Preemption disabled at:
[<ffffffff89958e48>] bit_spin_lock include/linux/bit_spinlock.h:38 [inline]
[<ffffffff89958e48>] hlist_bl_lock+0x18/0x110 include/linux/list_bl.h:149
CPU: 0 UID: 0 PID: 6113 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 __might_resched+0x329/0x480 kernel/sched/core.c:9162
 __rt_spin_lock kernel/locking/spinlock_rt.c:48 [inline]
 rt_spin_lock+0xc2/0x400 kernel/locking/spinlock_rt.c:57
 spin_lock include/linux/spinlock_rt.h:45 [inline]
 ip_vs_conn_hash net/netfilter/ipvs/ip_vs_conn.c:272 [inline]
 ip_vs_conn_new+0x14fe/0x25f0 net/netfilter/ipvs/ip_vs_conn.c:1448
 ip_vs_sched_persist net/netfilter/ipvs/ip_vs_core.c:549 [inline]
 ip_vs_schedule+0x10fd/0x1d70 net/netfilter/ipvs/ip_vs_core.c:686
 udp_conn_schedule+0x391/0x7a0 net/netfilter/ipvs/ip_vs_proto_udp.c:78
 ip_vs_try_to_schedule net/netfilter/ipvs/ip_vs_core.c:1657 [inline]
 ip_vs_in_hook+0xc50/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2229
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
 nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
 __ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
 ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
 ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1508
 udp_send_skb+0x7e4/0xf70 net/ipv4/udp.c:1161
 udp_sendmsg+0x1937/0x21a0 net/ipv4/udp.c:1443
 udpv6_sendmsg+0x996/0x25c0 net/ipv6/udp.c:1522
 sock_sendmsg_nosec net/socket.c:786 [inline]
 __sock_sendmsg net/socket.c:801 [inline]
 ____sys_sendmsg+0x5aa/0x9c0 net/socket.c:2650
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2704
 __sys_sendmsg net/socket.c:2736 [inline]
 __do_sys_sendmsg net/socket.c:2741 [inline]
 __se_sys_sendmsg net/socket.c:2739 [inline]
 __x64_sys_sendmsg+0x1c3/0x2a0 net/socket.c:2739
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9717edc819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe51612c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f9718155fa0 RCX: 00007f9717edc819
RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000004
RBP: 00007f9717f72c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9718155fac R14: 00007f9718155fa0 R15: 00007f9718155fa0
 </TASK>

final repro crashed as (corrupted=false):
BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6113, name: syz.0.17
preempt_count: 1, expected: 0
RCU nest depth: 2, expected: 2
4 locks held by syz.0.17/6113:
 #0: ffffffff8e3c80c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:300 [inline]
 #0: ffffffff8e3c80c0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:838 [inline]
 #0: ffffffff8e3c80c0 (rcu_read_lock){....}-{1:3}, at: nf_hook+0xa1/0x3a0 include/linux/netfilter.h:242
 #1: ffffffff8e25f260 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #2: ffffffff8e3c80c0 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 kernel/softirq.c:163
 #3: ffff88804225e8f0 (&cp->lock#2){+...}-{3:3}, at: spin_lock include/linux/spinlock_rt.h:45 [inline]
 #3: ffff88804225e8f0 (&cp->lock#2){+...}-{3:3}, at: ip_vs_conn_hash net/netfilter/ipvs/ip_vs_conn.c:272 [inline]
 #3: ffff88804225e8f0 (&cp->lock#2){+...}-{3:3}, at: ip_vs_conn_new+0x14fe/0x25f0 net/netfilter/ipvs/ip_vs_conn.c:1448
Preemption disabled at:
[<ffffffff89958e48>] bit_spin_lock include/linux/bit_spinlock.h:38 [inline]
[<ffffffff89958e48>] hlist_bl_lock+0x18/0x110 include/linux/list_bl.h:149
CPU: 0 UID: 0 PID: 6113 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 __might_resched+0x329/0x480 kernel/sched/core.c:9162
 __rt_spin_lock kernel/locking/spinlock_rt.c:48 [inline]
 rt_spin_lock+0xc2/0x400 kernel/locking/spinlock_rt.c:57
 spin_lock include/linux/spinlock_rt.h:45 [inline]
 ip_vs_conn_hash net/netfilter/ipvs/ip_vs_conn.c:272 [inline]
 ip_vs_conn_new+0x14fe/0x25f0 net/netfilter/ipvs/ip_vs_conn.c:1448
 ip_vs_sched_persist net/netfilter/ipvs/ip_vs_core.c:549 [inline]
 ip_vs_schedule+0x10fd/0x1d70 net/netfilter/ipvs/ip_vs_core.c:686
 udp_conn_schedule+0x391/0x7a0 net/netfilter/ipvs/ip_vs_proto_udp.c:78
 ip_vs_try_to_schedule net/netfilter/ipvs/ip_vs_core.c:1657 [inline]
 ip_vs_in_hook+0xc50/0x1bf0 net/netfilter/ipvs/ip_vs_core.c:2229
 nf_hook_entry_hookfn include/linux/netfilter.h:158 [inline]
 nf_hook_slow+0xc5/0x220 net/netfilter/core.c:619
 nf_hook+0x22a/0x3a0 include/linux/netfilter.h:273
 __ip_local_out+0x558/0x6a0 net/ipv4/ip_output.c:120
 ip_local_out+0x2a/0x190 net/ipv4/ip_output.c:129
 ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1508
 udp_send_skb+0x7e4/0xf70 net/ipv4/udp.c:1161
 udp_sendmsg+0x1937/0x21a0 net/ipv4/udp.c:1443
 udpv6_sendmsg+0x996/0x25c0 net/ipv6/udp.c:1522
 sock_sendmsg_nosec net/socket.c:786 [inline]
 __sock_sendmsg net/socket.c:801 [inline]
 ____sys_sendmsg+0x5aa/0x9c0 net/socket.c:2650
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2704
 __sys_sendmsg net/socket.c:2736 [inline]
 __do_sys_sendmsg net/socket.c:2741 [inline]
 __se_sys_sendmsg net/socket.c:2739 [inline]
 __x64_sys_sendmsg+0x1c3/0x2a0 net/socket.c:2739
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f9717edc819
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe51612c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f9718155fa0 RCX: 00007f9717edc819
RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000004
RBP: 00007f9717f72c91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f9718155fac R14: 00007f9718155fa0 R15: 00007f9718155fa0
 </TASK>