Extracting prog: 13m53.51697333s
Minimizing prog: 1h16m26.809629966s
Simplifying prog options: 4m10.414247545s
Extracting C: 2m38.444691341s
Simplifying C: 0s


extracting reproducer from 13 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-bpf$MAP_CREATE-bpf$PROG_LOAD_XDP-socket$can_raw-socket$can_raw-bind$can_raw-socket$can_raw-setsockopt-bind$can_raw-dup3-prctl$PR_SET_TAGGED_ADDR_CTRL-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_LOOKUP_BATCH-socket$kcm-socket$alg-bind$alg-ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD-sendmsg$kcm-bpf$PROG_LOAD_XDP
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r6, &(0x7f0000000000), 0x10)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r7, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r7, 0x0, 0x0)
dup3(r5, r6, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b0000000f000000cc000200060000ec05"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240), 0x4af, r8}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f00000000c0), &(0x7f0000000680), 0x2, r4}, 0x38)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r9, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000006c0)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-accept4$bt_l2cap-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
accept4$bt_l2cap(r4, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-bpf$BPF_PROG_DETACH-syz_genetlink_get_family_id$devlink-socket$nl_generic-syz_genetlink_get_family_id$ethtool-syz_genetlink_get_family_id$gtp-sendmsg$GTP_CMD_GETPDP-syz_usb_connect-syz_usb_disconnect
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r1)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r1)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000002880)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000027c0)={0x14, r2, 0x301, 0x70bd25, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)
r3 = syz_usb_connect(0x5, 0x207, &(0x7f0000009a00)=ANY=[], 0x0)
syz_usb_disconnect(r3)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-socket$inet6_tcp-bind$inet6-listen-setsockopt$inet6_tcp_int-sendto$inet6
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x6}, 0x1c)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setaffinity-openat$vhost_vsock-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-ioctl$VHOST_SET_VRING_BASE-eventfd-ioctl$VHOST_SET_VRING_KICK-mknod$loop-ioctl$VHOST_SET_MEM_TABLE-unshare
detailed listing:
executing program 0:
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
eventfd(0x80000b)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0)
mknod$loop(0x0, 0x1000, 0x1)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)={0x1a})
unshare(0x64000600)

program did not crash
single: failed to extract reproducer
bisect: bisecting 13 programs with base timeout 30s
testing program (duration=33s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [6, 20, 22, 5, 3, 19, 4, 13, 6, 29, 14, 24, 30]
detailed listing:
executing program 3:
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chroot(&(0x7f00000001c0)='./file0\x00')
syz_open_dev$video4linux(&(0x7f0000000000), 0x79, 0x80)
syz_open_dev$video4linux(&(0x7f00000000c0), 0xffffffffffffffff, 0x23101)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
symlink(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x80}, 0x50)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_io_uring_setup(0x1d37, &(0x7f0000000340)={0x0, 0x47bb, 0x200, 0x1, 0x372}, &(0x7f0000000280), &(0x7f0000000180))
timer_settime(0x0, 0x0, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @my=0x0}, 0x10)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = io_uring_setup(0xd71, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x5, @any, 0xb}, 0xe)
r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000280), 0x8, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
sendmsg$IPCTNL_MSG_EXP_DELETE(r3, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0xec, 0x2, 0x2, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x8}, @CTA_EXPECT_NAT={0x88, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x68, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}, @CTA_EXPECT_FLAGS={0x8}, @CTA_EXPECT_FN={0xa, 0xb, 'Q.931\x00'}, @CTA_EXPECT_MASTER={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0xf8}, @CTA_EXPECT_TUPLE={0x1c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x4000804}, 0x8000)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000)={0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x167)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x20140c4, 0x0)
chroot(&(0x7f0000000b80)='./file0\x00')
umount2(&(0x7f0000000000)='./file0\x00', 0x8)
executing program 2:
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f00000003c0)={0x20, 0x13, 0xc, "30a7137489699583ccd85eb3"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000300)={0x40, 0xa, 0x28, "90e96a84180d88810c741ce0b39cf1e41b8e13f4055c3f577d2d7ab15f15db77d877bbad35722688"}, 0x0, 0x0, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x3, 0x2}}, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x40, 0xb, 0x2, '0j'}, &(0x7f0000000600)={0x40, 0xf, 0x2, 0xfffa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000840)={0x44, &(0x7f00000005c0)={0x40, 0x5, 0x4, "153a2000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r0, &(0x7f00000011c0)={0xfc, {"a483885aed0d09f91b5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f073063030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801118c20b8f16bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399ea4727d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a040200b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a64002bebc2407aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef64ab253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bf068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827475e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcb32b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba36b37767b6b45a44957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b94025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b03512629f46366e7205dd8d6f37525c1a0e94210dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9154f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d603994732d6b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21396532713e5b69cf767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285e6a89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeaf1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b627cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e46a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5c92441918145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed608000000a006e39336d07c2b80817a28ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030f81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c00004f5d374755534d7f68f679c4ff516e9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00", 0x1000}}, 0xffbc)
ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f0000000500))
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
syz_open_dev$usbmon(0x0, 0x3, 0x30000)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001821", @ANYRES32, @ANYRES16], &(0x7f0000000300)='GPL\x00', 0x2, 0x100a, &(0x7f0000002500)=""/4106, 0x0, 0x5}, 0x94)
r3 = socket$inet6(0x10, 0x3, 0x0)
r4 = memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xe)
ftruncate(r4, 0x0)
sendmsg(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0000bd2dca8a9848a3c728f138d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade5b175c0a9b2ce9", 0x55}], 0x1}, 0x0)
executing program 4:
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000300), &(0x7f0000000180)=0x8)
executing program 0:
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
eventfd(0x80000b)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0)
mknod$loop(0x0, 0x1000, 0x1)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000700)={0x1a})
unshare(0x64000600)
executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x6}, 0x1c)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f00000002c0)={0xa, 0x4008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x5c, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fsopen(&(0x7f0000000100)='nilfs2\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r6, 0xc010640c, &(0x7f00000001c0)={0x14})
openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004200)="aa8e9df36226466e888b39901e75023156b5530e75c1e203314842ea78a6048cdec3383c60dcd8fa24f6928f6e02ab1090989c59ae38dceda05af132af4546a298837c63ea70975feb0919d7f7766791d530b90d522b23c58776ac7a4035383c5a0dd90d8b766c96816631f1742a0da0ce6ddd053a05966f6b6ec22dd28a0a2636d07696a307496b0b0d8bb370227dca3c96838e556681409be388f1dfbf500f1aee82b374f4473aecbdb77cf567fece7f8ec733fa91aa92a186f9768d16d0257ef826959fb3a73e4976a019bde8a82e9bb0a0443cbb1ab2c6e8f8748489948710294efb79d70edec2271491bc1cddc9c9d2713cc3063761f2bea07f5577bbe5224302ef23adcc96cb5ecee406c7977c97d7000000006e28198954bba79006fd58b2a2b43047e7f3ead143ccb6b27043d7a7512e9d3bad0138554f4b465ab6d1cec9b40cb301ac6491ee7fcdc0588e53eb2510471de91e3e73c98f0a3cc9929eac63f477a1208a80f8c75d0a1d9edb895d675d036a1863dddea98b18c846ac253b2470324b21eaaa6e69389b91bcd470995cd6835c6fac80d5ca41b66562c910f893124cf0f20dc65d90aa0f9cd1a7c88f755aaf33875d7639ae1b7413834636de57f44302b723646257ee7456bdfee10f2eaf0c05f2cf01a115ed8ac2908827af3d85da2f1bcf53d87ee830dc5e98fcfc1a22e547ce57508f606945a7599d8e1cc0268987cb7b3d00a6bfacea7bd05430255bc8b473a071b83695783944ef856fc89906e0b44a13166309bc8cc1dbae68399e1e8e4a2ea265c1a104dd862563cdaeee2b37e72fbda323cc72360b6d4fad2fd2409397f90422bbe6e9068aaf38e18918736e6357a6caac59ae803ffbe853ff716a388423bbc93bb2d6b1222bb94c96a3bddf421288d47039fa1b73573dbed87e1f6b280f8b045f9be8e0d85f6cf416bfc0f3f4ce988aefa2382cccf39e40b2a1657814b7953d0a0aea45d50d02d66982e5269f1ededd6a9f8f9e212314a4bb5c2f4898278fd3a585c1ff60e435b186c552134e5ddb0f2cc95dac405bc4bd32ccda41b05c6a376070c8ef2d6eb3ea7fce97da8f09440d47dc5faca6271d1ce4f4201b315d1cc3fa1d4cc2baa14e4c57bafb7b5bb2e9e859505360e1738a36100dd6c2fb6610fc0ed88e452148ecd8b73517f69c28f0c979525d21ba4fef353eebb2326f48217c44a322e9f1f08f92af1ff5ee5f2dc563f1a0edb09d0646105be0c46ddc8b71301e68013e863d539af5b3a2b11f770d8c0c086988216602619ec440f98d434add23bc7f54d145260773e53121188ca179832d5c406f2b4a91045edca91232416219fade02bf6ba002352943850294b05d9a142889205e6b69336cecfe8a7cfc88688368d54b475f3915eea851334395f80b41177ed4d17d91880a22c1c0cf33a550e32fbf76505458d07ebccc4e77bafae1700c9997f6fe28452f011e370642f228bbf0e2f3dc05741127f6d73e96c073b26e730ac19cb17dfc63c0ed4b5d53ffd6e312e3e80822c8bbea3cf2914f3f8ee53fb4edde1d4507fa9d7de54eecb75132befab6bf486cb05bc8727dadac49c83bf08d9eb94621b42241f9eb8fd1e6fbf969d932a023760faa62c178b7f0a1d43adbf5c21a35a58d381442ecdfc2dcce2d11e5efae8433b14fc9fc28294ae76eaa95f38ac121f255d9b478c81a1caf5c606c34e6efa80dd3aa77cc4001b9fceebcc77a1efea7bf9f749f62c7a8bd5deb0f70c54ab5daab010cf14b2f1012516dc1639edb2d890638b73559d060be47f594f322efdd40c5945148fe1690585923488910fcb3159006f935f7d184e4b4c404ccb6e2a799cc67aa2b56a13c16e3ad92b85a12060881c1d140708ffece6965f9746ed4eef74d37424e760f4b266c80c93390523eadc65494962bed4efc86a0fead2fe25c9108c5d591770cee92f9ff2d916ba0dedc6551a47ce3a4dbc97043e588b3483f0793786fe9f32f1b79ba3f4c4ccabba52a59861c8024bcdfc8ecb0acc821160b060d5dc24f0ade14d08b56218a32a03f9eba729c02fc6b714bc72b11cc7fe47b51b3a174cfa2d8f5df80a0fd4d1dd2ed36b868b46ee5a8cc72e91b57bd05005b5142b5531650813fb5496af379f9e7b1b73c49c64dead9725af0742a41b770205390791de856715c0138ca22f134911a28d2caf22ef21049d1ba721d278bcf675317c5303cbaf96535414fd92c55d741120200d49729e01e399e4c30fa8da659654196af7991a3d294c775a610f242a56c88d542641036de7eccbd64f9f306a3920596d350637a6409f667110b46c6d85ab94df4d7b0af12318522ba1e745e7de45176789a53213b9b3d23b2599275e4f1858fdb2fd63f8c6f7990235e2fb3c4c8f215715973b60b1e56d1f061b6ff33510d08fa403559cbcc21bd141b41f1e9ab4e163a0f80a918ba13031c483931a9dcdb790ad77fbdf5634662cb75e79d986e4724f64c80203600df7ac9950330431b83777bd968a86be5698b13c37513235ac89a0a1dcb799112a86a2d96b1708e0c5e983756d8243927fc7d42be6ff4c946c0763a9745897726f38b65920363b7c32051bf9e770ab1ec140ff11fc639f36fa760afcfd6ba2f609df8cb0949f26119895b69c8ffd0836a01da1e407ba08f37a1144674f5a71b3499ffcccb21e75f19cdfb33c7eded5fa5c264784a78edc5f6de17da15317a66fea522b6e92a52efa5013797212d816c3229c7dd523e2165f9f042c3b3b16e608a1d87ab9c46c2b291bf547e1f4312913b16e39a714c24ebc5cb4f4f80bb20ce4efdf2921db45b7389fef98bd0e8aa40be16758b0d7755ab631b27c5d49225e84fea63e3f031c665851ef4ed18628b26445da2cad4741800cf72a401ad79a7462657068e0f2ee65eeb86da66890247cb45b31d3ad06ea7500eac5be65528c55bf190b0ec27673b67b36117344097a0dbb9db47a2b5144218002d14cbb98629c2ed35db5cdcf93994e3e3d1a1673ff60ec0d9bae1217ba6f39ae4ac4c9e5a19f85634f3091150c4724aaabe3bd1445cfa33fac93b86c5871ca168a728899e2e0062a596fba22b962764420f1268bb8ae0a894559c488cfce6b71aa8478964d2eef5086b2cee891ca031b6543bb7ba55006621f1d80e17abcba9f9d05fc5e61c6c4a890aba4b205f5570e7866ec4de380420c4758de63ff0f7b1acb0521e45cd9bc54df1a4614c04c524f43e86f58757eddb645bbc56a63de5bb560f56a31796dc344d58e2ff2d3fe5228d87c0439e6353943c92160fb847a172eea37ad0c22de5d1e7cd66730218832c87b73366131e29a1545b26d4c500a9afd75864b460cea1ba33a5dca6e5585e9c78a8ee3361f20e2b79489ed2ef1c935d7deeef6de0d009b72a0751929209b351331c0225c29341f5d476b278061a0a33c1e455815bbb83eebf5f5c3fe97c4b3df32846a094501a157196b6c1db1e05cec4f2dee823ebea7da05f5ee63aee1670128471465ae83defcf26aba78f18544146fcc9305ed5899965edbcf9f677c499a52d984db346c12faf02553338e6553488c29c9f3f4537a9437b5eb7382f95f9e844d27fa0b1ffc48d2b44e383b1fdb567b7f23863e8e10b6210f8031859cea410d52f99b5a8d2f218e7c92e231904b171dc077c636db15087cfb0ca6a2cd09f6b7973627a03ebfb4772daddc8ad7c9e534d8bc58cfc6d1305374b589a2a85c8a3c471c7408712ff5cfd7a50bee627d0417a5667dba71866320857cdb84e071a37e477f1b5ac16bdd464d8bf3ae31860ad19722bea1d85d1a5c09e1ab36dcd6c4bf524ed2137745e3562147081027d7852bee1ccc9563e4ff0ce72affa7002e9a066591ddf31abc4388281d98d2d88fa1c5f22cb60523e72e3d838fc6b0163fe0082ce0d8d59098363a174818113182d40cdb6367cb4a867c5aaa480c95f4a98439a2b58291fedcbfedfc3ebb41fe6b0a12fce36518ea6082fb919cdff23e3b40aa26eac8d634e03fc3a1e0fafe402c875709b15b622f35bfdd233ea8d7989ec38dfa1e5b5688d76c615b5efba62dd7d50be97b92f16c838edecd426e18dd270ddda42121d7ad8d26ec28df29580e6dcd7f968885d1cbc5f573efda890a408b45701bdf5cb2e3c54f8481710145ac1f5bdb1b53a1e9a7efd8a3ad7dad7bd0fa017e080854913beda2ccc95631a5c1da5c5afaa84bcc3f1a7041208fac9e09ef52140f142bed882b8988ea062cc8ecd7fd78fd33aeee8e8d5cc891514e3407fbb171e84e45fa14713e995513e16763424e356032ac81047c8e2bfe05dfecc510b55866d4a8696c91afd7b6b809fcf2e0f8a21834f43149d8e2b5dc5fddacb8ff9341376281e8f7d762fdb61a8e6536529b0d4d3cd8217fdb4f0b8341587737da7f50dbe4e5b7851a25d52066bd0e3ad11aed47ee02bec11d0f125cdee1f505cc5c1223d386b2fda556331cf57d8df433927cf12a5fbff853be266c5a64b6424f7b106931d312f0fd447206d21c1945579915e7e21627c7fc423a813823ce5fa2c6f3114303d0995c5706418a088535c62eda2a60c82b727c31177252f8ea025c16a3676ea0ccec24ea57e68c7e0f1b0e06f78a8ccead63eb4c0ef5c59b1d3a805644f8089e604a5bd3aa4494ff7fca02dd5894a6f02e572edd487af04ace3e37f19074325613d6f7d2af73062607b45a3c9365337a1c5e6bae9702a65f0a1b9ce75e43f6381efd9d610ad37532b62c6ab5957ded77a5d01604f67d7ccaa495266ab7fe161268b9a6156643ab6289fa0be75ac433a0204df164c02d3d0cb1b7bf0acd92ca8ff19b710b0b511820d0500fdf58f598fc611380a0f7dffce7bbc934edc967ba0094a0281750176748a4e2c99684c1c4a40258b0da77a0bfb9a4b808d5932443389f0f346dad998cee519624aeb07ea4446064282b1448bfa2e5ac3393d30b5c3865a8995869f69bab0747cfcbbd2bfd407c82e198da326f36be9a508e12d6d73fb262b37fcd7ff70b372c966b7198a9f2364012ff8127f200c079cb70d550f9483c1bf9fba69ebc961c989a82fc38cffe853e4738f33f1fa42fe7167e4bb79110f237d7e4989d2f6f4bd21905e491e2d4b6ac5a66025c11a93ab1eddcade3c3e78c270eaf6a0a6ed43df6e35bcaea9aa716d547d2136c2388379abf645e3f7cad1cc1fdc92b882729ff92b0612302970bd9ca7e36d76b2eb4d9dfe35116bb7771e448867e57026e622e1e54422b064fdb707fef339aa16fde808f622a7269b77c292c7e85fade6dcde475c2f61d71370209bc0e46ba7c7b71e41df246d283f5574205ca6b4819c63d97193eb084fd6b0c20b956cfc4b45b51fd46b2e034ff0f003179c7539fbc4e888c0633767604ed0f07beb4fe00f5a3b56ad9f3997cb49c7a8b92a719411b20874686a8a5ab462914baa85d016df99796a868af3dfa6ad98ceaaa18af2f2fad2ebf3dee1df8c8863e84ed83d6da5e283ca9cc385e0ded20531f127ff4aa974b91634d8f367154d3e23ebb04571a5a453d1265e873d00d40be7e1eb7e74529822b4c81d742c981a988fb786084cbd1e721358c7a1ea5293aa609773b890a5c9de4d1349588def4232d41fa5d7cfbc3dd130754891c304118a895268555874613e9c89c66bceea609e7ca1a914ea327db1f85a3809098e801289d8ab71997c2ad5bd1f3fd4b3c6b80667ac2b6b23b35018206dbf708284f0e0fac58d0b6d72c0d0034b6ed37b1f9931158f2443f045f65e33084ebc6aac93d8c0e3c1c52878dd3f54b9f88a40821090cdeb3bdbb61f0be16338a2a7ba0f77e9ecd5400b6f809a49eee78346c69e7ab560fcc32f2d19e665bb91fbc00e4c00838a1385d5156d1696f694027a9e6a7ef66933202012caca81c1b3ebe64976a9d000e28a6aae5d6f061c5acf8e4bca00bc5ecc547ab1664cdb2125300130a5a92abc0d36cf911fb3123034e925ea097fde14253dd3de52bf5c8a6bf01436c92dbbf5450a9b7775a981b09eab05406dae83f8ddcf898b1bace4b8487f0b4ec5b5316a9b7e3bcd6da41caa23604b3932ff3daf31bb19e74c687773bb54503f6b3ed74aef1410dc4a9a72fa05b1e120e682a7e7f9b8c7b6836fa9d8f96d16fa17975bc3dd7784f0d621d5a69038b0947d1cb47381c82c6df030fc8033dd66b380d884b12991ef5d5283e552f723aaf791bf3af581423c57b536b91e5a158695b68f7eccfd72fd2af1016e261ec863215d1df0fe756366e56fa86c4495cd9a45e83227af93a5b431c5d33fea2b3d469aab08f57b85b3a14a47d7da8ca74dae34f963cf660057466dac3937ce00060f8db8099178944aa37474a37eaef3b9ca04bd0eb1d03c25887d530cd690625f5829830851a6a58a7b411bc87aa70f26e80514799664e35c44db243d61add5bcaba3695e45e9f1a3cbf8ebdfb87571c44b9dcddc5fd422e94cbeb02bb58abd14e140829e12f7f0c7e3cc1a1bcae8429775e531710bfa504e103b17c20c329f653c015ab514fd6cf162b96d871930de99413e148fa58c1ff262a997c6ed1bc008912c6b864031dc95b5a3ad6aa3521167a62fe771baff828cafaf178539048d2e91a62ee7a50df04062422150347774db320fb535ddd4c03a8cdfc3affd253c200e1d5678ff12eb6f5bd43da636778cd2f8551295f4cbbc902322e491c5c10fee144daeaec4cc2a2f855f5312f4c8cac1155c8d3b93a5fe6a60118a0a9912b16d583582b478e4f05c375247d4cd897c49a8cfd2540833311039d9b121e5d5779d71b206d0d862b95e0eab28005f86ddd6ec514d931a521fc035eaacfd10ec5f97af541cabf08512f6c79e7e0db5217bd14aab6d3e9458018c3e59769bcb689347d7e394b469e9c9d9da2be8fc7a54b1aab301b68c1faf7ba7bfd05b8a313c902ad3733e523fd64739d9af110e39a96f1048fd6a43d13045ec71ff3d1f64a904f3878cb18f58b3b84942331ec05d3372a328a83e8aab828574313964f6f6c5af246faf2c69a95e9ceca77c0fbf303103a2d38ef6da2929a3dbccae5823f82d9a37c989154c8a760df8e7d8589daf1fd69683cadd2c7ac13e285a7661c23913912ee272797e3a0808654fd0b9f74f2fe04cb34167aa630b8aa58efc2586bef8c7c2e354d7c8d08de7d25a80b08bae8d2326d16a15d537d8baffcbbae460ce608ded63a45bdf0caf9dc335aa8d2aac03a62a9c6c62ce7c2caa9a731baa549d1880d3facdb4bee43ae27ccd5a22f143da8e7b4deb5c2a194d450eb5ff6949a950115d4e1d60fc75115346a0aaaf1400a301dcc8a04f9d2762c093f88adac799f6bd5150ca9c7d3ac1f728b88b1b0807a7407ad9b8febd89a801c9845af62bf2fc98aea4835d52871774e72b9fc07d26d55ef163833fd2f5c951ff963f43fcdaf03995cf3f14360b05be587e7a19fb760a944166b1fbd04c0d02bda8ff5d92a23c4e683db1b2823a6b02a16a7bc7963aaeeec43d97a85752fa439544127fb71d8b4fee6a09b966bc4e7be67acca35bfe4acabf18f6e9cc938c1e0af43e11754cbe7b37738019d9a162083f5f1fcdd9299921a349f1e0ee840b19fed4c0b5273d5e71ff5f1f20dbb36c89e1edbbef78de1a6229a2cd22bcf2164a1b567f7c08c6ba78ff2e53bc348dd2ab53b9deffc9cf8726feaf9cb07b4f94d189314da8c0005f3bb031e44c402339588832779790e814c707fdbe0830d53b4d35812f27e7709bee185d6d6d67a65382dcf56d567180a4a74cb05b0f7d0202bf33b88729f2bab7003264a2d67ea93d022baea74d7ca54a0081923a82e56750f22f58bc997ea57afe1bce18405383055745f0c6bfbbc514df76107b3c5d04bfe033dace72bd5bead25e736a0052b6efe7eb1153d1afe9202e227d60e4e38f5f294894d2ef9b89998194492e427442a18506e24ddcc1952354fe0250ad949be08a63b6c0e206ecbac70415c36f1bf78d7068ce8eb804561eab2540c6c984e63d1217de1242ae70a5dd457d7a96f24ad9e8a59c060a2a95e9e04a6a4429f40d47d2770e9d3ece295d748aa30a7bbd2aec570733be7855c3a789d71d94b3c86ccdd3cca3ddcb35a969e8c2d5b17ded6ab8b81b90a4206ac2ff163c04ba9886b5ec6138db5eb6ffc19201f66a1057858e564960de679b2996bb93c8d2b440fde169d1fbb5886fe673639c514c2eb8bca75f79abbb73c4a125e5f4d7d4ccd5c9fc85cedc9fe6f2b2b75ec384fa6ecec37579a70bd29b4c9893badb36e1b33cf61b07ee7d2a5550ac9f23b5fe629297efe94eb8a8c2adce65a61ddae84544fe8f81455e2d053fdf7efde38b92b0b4d3e7ff9d81f5de7d571cb4db7e059cbe1ac2153b22b57b4d45d58fa50d152efa2d85d262238ce4816e40f93b65f53b6646297f69e3dde4ae7c57e9112054cb831eca5716863196db7667674b00be7c83f900c944ea2bc8e8e6b6b335a6e9f63e6f6635f6afc0889355aa4f0b928b90f76e6f03b5d40e9a0cace6243aff4590c0ef255860401b16da288687e890b1921b8ba63860df7aad86279c89d16cc4ad1ef4633639f203724c1958fb3b6a990f555e8df8f494fbdae25b353c14fe524541347c1d7f61c349f55773575fab73df09ebd1c635ad5f93fc8e075093ec3fd8b832e5331e329c2578d1f6f7a0a44838e578fe40db7d11645c2c73e0a438a80085988294d98a4ef4c5faa593dd5a9b0dec12d8a6dfd15cc4503bb2078739f26f9c10d0b1fc2634094cfd2ff6bec88a7513debde5fcabb85fd31df8d97bcfaf247edb89cb056fc52bc06f117a3e1022a57817b9abe1793cf279e163212f501681eb9ef08e39adb9ba80ec3cd45f5ae7afc0c256a3470e8ed3ca41c5502c510f0526eab848ec5a7115a53741cf05846989b9b5fc6d2ad74fb855a852e3fc7234bb0ed8b6937167133925dbeb4313a9895860e761300a0695e03e81c2c1e3fe3f4b8c42c946b010259ffa4c1d345350020cddc8e9697fb83c22fff5190558551584368e7a270f958bc72e2624c3e45bbef318b5134f0419e725945e445993f2f176f0a21f5dba86398529fe5159d57c0d75d64f950763b52935e778b20356615409dcb088514eeba3f811e9ce6ce2bd1ba6ac932bd79f7a518959f99d52acbc2a1d0c02c70b9ea46d662d39c315b36315f4220e5dce293275050a3e6df506d0c1d7786017572cd758ba4995963fa034ecd49cadb42bb1ee280600557ce2e17488e1dd4595b8c7d4f20f420a3a01b6228d764c5069222cc93e2091fd2053f05a50eda7840c13f45c6e2a2fbc0f9de4baefb7b40ea1fb7e9d30fb1fdb8f20eafca0c7c8c61c57dfcb8e2836e8d0ce546e8e37b9fc467e1bbeab314be171573398e0c2fb032049a99acf174a857c019609e83010dda8da078a4311efcaaff62fa908dde87cec4d41078c343eec5a80c42d0146d57e9a14f2b5611be05e3b665728c14ea9536d146926fe1e8d5acf12afca415ef5ad77bdfead7ea087183962592296d3d892c64a0a3b9fc95b50f03df7f4f50f950b43a289af09ca92a01a684e5c649b8da4a3365878273a00afd14b4fa2ddaeea5007f728899ba9f5fc9d1d7893a489e56c5fb152e5f775042f4b3bab6cea9cbf9a2b91647fe3c62d3ae4b5d065460b51d51b6e91f2f4fe90a3775e6312ffc805612fee8c314ee70c92de3feefb3cda56a59ddba83757b0e85cb0ee7ad1ac608a1e6a64656d9f586afc38fd1f6474b521724532d88cd351688db077dc9d229a78f8704b21f85324bf9c697874cac5f709c6701a421ac368edda0ec3a0b90268c449acf753d7e8cab501ae3d7e04788e899ec54a2517545b68fd928fb659349e1692bdeccca648fd13a7602868c44e77ed6fd587538a74adc6acdb1ebd1816af88ece2ca64f2603428a0aa842fe86be6b2b568fd29c23433c9e3f9f0e45bd13beb22ac06eb82ae0eb2b3b328aca4abba5e72a155e2cc82ac92c4697fdb9439511c1144fe2ba36f516fa181f7f8d58af69f87a6c936d1e561fff0509819e65a681aaea445a106f8ff3dfd987e2e24e977281cb85cc5e5eb987da2d17e73dacfd9880bd14ecad13d5705643f926303b389a61fd63139577de263a5fdef1facdac0068a9471fc17ac654e88e0a0d12c8aca1e850b64a88f2382e0cf3a4e3363827a06abc1eeb87216e3447dfbf8c04080ca2fe1a08cc2e2001eb386cf02ac0d3b328bcf1de009d048a03cd955c628971c30a137dc66879cbe938390a8f63251f55e559549dd11969b637876a20bc7c6f5fe2b753923d2f0269f2082206eb2312f40654cc95bb38add159104495018a5aa7b8f5836162de9a03b6981c662f2ee02a168d530a002616c09c4cc26c2a2726711e3e25b4e3acb6dcba25fde78ecede51f01e22a2f79409c77011a599ff57d81e70dbde5fcbdc841f9af0e49e8200cd2d3c73013e0e5608ee1951ac04a111864b545e7bc2434c2474286519feaff4da07324d1b13bb16d1daa1d485bcd5466b82c9622f92664f1153d08c6e644b3d0f5902b4d749895f7763015bf0e2849703ed920a3866a260f22fe40f46c76ca6ca10ae8994505fa613a6b1aec84ee6620c25ca4d002f56ddd21b12eed5132634a3194281283fe5fdac07d2fec091dc0f748fe25c6b08cf8d4ff893e863a43c4c92fba47d86c8dfbbabbdca0cec09f732bc0b8df2a97ee7208e64512249300aa4c44c10d4c4503bd76e7b4e2c9aa2e274166ef103d5c832a760f33b5a0eae4dab922f0fec5adbf409bff956b4ce40e6157d498d46ae053f1ad73655bfb0a3dfac6b96c09bac4d07e6bd7f3ac6337f58cccc631466985f6ad680d21a5fe9a9bde4b6980c689e6e8c7a413b6e3084997c089443ffaca9be80c96ce1d9b6de074b4aecfd2db3b679a2d5cf0523aa14414699d481eace4aa397d818ff4d3e73d82031849c7e4f1f1503b636728637f87cf7a7df5472abfcb7e5d77439e1018dba49a41e1c8e63942fe0d1a426f390e8e225fee14501a34762b8d835ca14d6a3a3d8042724ea9e6b568fe0eb84306397ffa8345935e9be8642e6ffbd96e636fd16cacae5d4b88fd0aa0bfbba8221f68eabc98c67de6f9eab2cca07b096b458bbfdc7f1da0bb845a1a6e19c6da87a958acb1aad0b74d6537e97fb0673a20178cbb963f909839e49ec593ddcfc3046aa54c22e3a54148c440d1f2ba1fa7417572c629e48e6d2e07760a87581971d1edccc03c0e465d4d6321d820b3346fb516c1813585a6a8462124f91428a90ed037f40cd6f23596dc90c03825636e55a061838964213c70104ec0c5909a0c62240e93314f9b67ce8fafa115251282a6ee7a036a861d1af11919dbfa7ceb7b2260e66be6300a536e78ebdf60a6f022574b35205341f3557e409d8ecc0c2304b372605c9284aebe1b92f13051db78210df83873b0496625507cf8e1ee5e90aa66f45be75e388d6e0a021b8af3787ee06cd710719b4d06ca5ba5f87de812a660f939584ea880d3c71bc58135e612431850180ee39b707bd98aff26d2c5e4396b43daefd82b2ec1004978637b8d389cc415d628fea6f66f28664f9409448e68a2d48a0a00", 0x2000, &(0x7f0000000f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x90, 0x0, 0x7ff, {0x5, 0x3, 0xdc, 0x5, 0x3, 0x6, {0x4, 0x638, 0xfffffffffffffff8, 0x8, 0x3, 0x79, 0xfffffffe, 0x7, 0x1, 0x8000, 0x4, 0x0, 0x0, 0x7, 0x5}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(0xffffffffffffffff, &(0x7f0000001740)={0x2020}, 0xfffffffffffffedf)
mount$fuse(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000240), 0x2080800, &(0x7f0000000840)=ANY=[@ANYBLOB='\x00B>', @ANYRESHEX=r7, @ANYRESHEX=r4, @ANYBLOB=',max_read=0x0000000000000003,max_read=0x0000000000000005,max_read=0x0000000000000456,func=PATH_CHECK,smackfsroot=syz_tun\x00,smackfsroot=syz_tun\x00,uid>', @ANYRESDEC=0x0, @ANYRES32=r4])
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10)
get_robust_list(0x0, &(0x7f0000000400)=0x0, 0x0)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r1)
r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), r1)
sendmsg$GTP_CMD_GETPDP(r1, &(0x7f0000002880)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000027c0)={0x14, r2, 0x301, 0x70bd25, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)
r3 = syz_usb_connect(0x5, 0x207, &(0x7f0000009a00)=ANY=[], 0x0)
syz_usb_disconnect(r3)
executing program 2:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
accept4$bt_l2cap(r4, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)
executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r6, &(0x7f0000000000), 0x10)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r7, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r7, 0x0, 0x0)
dup3(r5, r6, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b0000000f000000cc000200060000ec05"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240), 0x4af, r8}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f00000000c0), &(0x7f0000000680), 0x2, r4}, 0x38)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r9, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000006c0)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-sched_setscheduler-bpf$MAP_CREATE-bpf$PROG_LOAD_XDP-socket$can_raw-socket$can_raw-bind$can_raw-socket$can_raw-setsockopt-bind$can_raw-dup3-prctl$PR_SET_TAGGED_ADDR_CTRL-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH-bpf$MAP_LOOKUP_BATCH-socket$kcm-socket$alg-bind$alg-ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD-sendmsg$kcm-bpf$PROG_LOAD_XDP
detailed listing:
executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r5 = socket$can_raw(0x1d, 0x3, 0x1)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r6, &(0x7f0000000000), 0x10)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r7, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r7, 0x0, 0x0)
dup3(r5, r6, 0x0)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0b0000000f000000cc000200060000ec05"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240), 0x4af, r8}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f00000000c0), &(0x7f0000000680), 0x2, r4}, 0x38)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r10, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r9, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
sendmsg$kcm(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000006c0)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-accept4$bt_l2cap-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
accept4$bt_l2cap(r4, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: general protection fault in lock_sock_nested
single: successfully extracted reproducer
found reproducer with 24 syscalls
minimizing guilty program
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-accept4$bt_l2cap-syz_emit_vhci
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x3)
accept4$bt_l2cap(r3, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-accept4$bt_l2cap-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
accept4$bt_l2cap(r4, &(0x7f0000000200), 0x0, 0x800)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in l2cap_connect_cfm
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-sched_setaffinity-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(0xffffffffffffffff, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-socket$igmp-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
r3 = socket$igmp(0x2, 0x3, 0x2)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-ptrace$pokeuser-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r2, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ptrace(0x10, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r2, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-read$msr-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-syz_open_dev$MSR-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r2, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-sched_setscheduler-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r2, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setaffinity-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r2, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: general protection fault in lock_sock_nested
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r3, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r2, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-prlimit64-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-socket$inet_udp-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-bpf$PROG_LOAD-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-openat$ptmx-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: general protection fault in lock_sock_nested
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: general protection fault in lock_sock_nested
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, 0x0, 0x0)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(0x0, 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
program did not crash
simplifying guilty program options
testing program (duration=1m45.379167295s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb
validation run: crashed=true
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb
validation run: crashed=true
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m45.379167295s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-bpf$PROG_LOAD-socket$inet_udp-prlimit64-sched_setscheduler-getpid-sched_setscheduler-syz_open_dev$MSR-read$msr-sched_setaffinity-syz_clone-ptrace-openat$procfs-socket$igmp-sched_setaffinity-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-listen-syz_emit_vhci-setsockopt$MRT_DONE
detailed listing:
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)
setsockopt$MRT_DONE(r3, 0x0, 0xc9, 0x0, 0x0)

program crashed: KASAN: slab-use-after-free Read in l2cap_sock_new_connection_cb
validation run: crashed=true
reproducing took 1h56m16.552692458s
repro crashed as (corrupted=false):
 </TASK>
kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
Bluetooth: hci3: failed to register connection device
==================================================================
BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f9/0x2b0 net/bluetooth/l2cap_sock.c:1500
Read of size 8 at addr ffff888034df07a8 by task kworker/u9:3/5924

CPU: 1 UID: 0 PID: 5924 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: hci3 hci_rx_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xca/0x240 mm/kasan/report.c:482
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 l2cap_sock_new_connection_cb+0x1f9/0x2b0 net/bluetooth/l2cap_sock.c:1500
 l2cap_connect_cfm+0x37a/0x1040 net/bluetooth/l2cap_core.c:7288
 hci_connect_cfm+0x95/0x140 include/net/bluetooth/hci_core.h:2107
 le_conn_complete_evt+0xfb8/0x1500 net/bluetooth/hci_event.c:5799
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5825
 hci_event_func net/bluetooth/hci_event.c:7586 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7643
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4099
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Allocated by task 5924:
 kasan_save_stack mm/kasan/common.c:56 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
 poison_kmalloc_redzone mm/kasan/common.c:400 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417
 kasan_kmalloc include/linux/kasan.h:262 [inline]
 __do_kmalloc_node mm/slub.c:5650 [inline]
 __kmalloc_noprof+0x233/0x7d0 mm/slub.c:5662
 kmalloc_noprof include/linux/slab.h:961 [inline]
 sk_prot_alloc+0xe7/0x220 net/core/sock.c:2239
 sk_alloc+0x3a/0x370 net/core/sock.c:2295
 bt_sock_alloc+0x3b/0x310 net/bluetooth/af_bluetooth.c:151
 l2cap_sock_alloc net/bluetooth/l2cap_sock.c:1897 [inline]
 l2cap_sock_new_connection_cb+0xe2/0x2b0 net/bluetooth/l2cap_sock.c:1485
 l2cap_connect_cfm+0x37a/0x1040 net/bluetooth/l2cap_core.c:7288
 hci_connect_cfm+0x95/0x140 include/net/bluetooth/hci_core.h:2107
 le_conn_complete_evt+0xfb8/0x1500 net/bluetooth/hci_event.c:5799
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5825
 hci_event_func net/bluetooth/hci_event.c:7586 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7643
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4099
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 6561:
 kasan_save_stack mm/kasan/common.c:56 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
 __kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:587
 kasan_save_free_info mm/kasan/kasan.h:406 [inline]
 poison_slab_object mm/kasan/common.c:252 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:284
 kasan_slab_free include/linux/kasan.h:234 [inline]
 slab_free_hook mm/slub.c:2543 [inline]
 slab_free mm/slub.c:6642 [inline]
 kfree+0x197/0x950 mm/slub.c:6849
 sk_prot_free net/core/sock.c:2278 [inline]
 __sk_destruct+0x4e4/0x670 net/core/sock.c:2373
 l2cap_sock_cleanup_listen+0xda/0x3e0 net/bluetooth/l2cap_sock.c:1465
 l2cap_sock_release+0x6a/0x230 net/bluetooth/l2cap_sock.c:1426
 __sock_release net/socket.c:662 [inline]
 sock_close+0xc3/0x240 net/socket.c:1455
 __fput+0x45b/0xa80 fs/file_table.c:468
 task_work_run+0x1d4/0x260 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop+0xe9/0x130 kernel/entry/common.c:43
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff888034df0000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 1960 bytes inside of
 freed 2048-byte region [ffff888034df0000, ffff888034df0800)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34df0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x80000000000040(head|node=0|zone=1)
page_type: f5(slab)
raw: 0080000000000040 ffff88813ff27000 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0080000000000040 ffff88813ff27000 dead000000000100 dead000000000122
head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0080000000000003 ffffea0000d37c01 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 105983598332, free_ts 105930998295
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x234/0x290 mm/page_alloc.c:1845
 prep_new_page mm/page_alloc.c:1853 [inline]
 get_page_from_freelist+0x28c0/0x2960 mm/page_alloc.c:3879
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5178
 alloc_pages_mpol+0xd1/0x380 mm/mempolicy.c:2416
 alloc_slab_page mm/slub.c:3059 [inline]
 allocate_slab+0x96/0x350 mm/slub.c:3232
 new_slab mm/slub.c:3286 [inline]
 ___slab_alloc+0xb10/0x1400 mm/slub.c:4655
 __slab_alloc+0xc6/0x1f0 mm/slub.c:4778
 __slab_alloc_node mm/slub.c:4854 [inline]
 slab_alloc_node mm/slub.c:5276 [inline]
 __do_kmalloc_node mm/slub.c:5649 [inline]
 __kmalloc_node_track_caller_noprof+0x2a8/0x7e0 mm/slub.c:5759
 kmalloc_reserve+0x136/0x290 net/core/skbuff.c:601
 __alloc_skb+0x142/0x2d0 net/core/skbuff.c:670
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nlmsg_new include/net/netlink.h:1055 [inline]
 rtmsg_ifinfo_build_skb+0x84/0x260 net/core/rtnetlink.c:4400
 rtmsg_ifinfo_event net/core/rtnetlink.c:4442 [inline]
 rtmsg_ifinfo+0x8c/0x1a0 net/core/rtnetlink.c:4451
 register_netdevice+0x1746/0x1b10 net/core/dev.c:11346
 __ip_tunnel_create+0x3e7/0x560 net/ipv4/ip_tunnel.c:268
 ip_tunnel_init_net+0x2ba/0x800 net/ipv4/ip_tunnel.c:1147
 vti_init_net+0x2f/0x100 net/ipv4/ip_vti.c:517
page last free pid 5832 tgid 5832 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1394 [inline]
 __free_frozen_pages+0xfb6/0x1140 mm/page_alloc.c:2901
 discard_slab mm/slub.c:3330 [inline]
 __put_partials+0x149/0x170 mm/slub.c:3876
 __slab_free+0x29e/0x370 mm/slub.c:5929
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x97/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:352
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4978 [inline]
 slab_alloc_node mm/slub.c:5288 [inline]
 __kmalloc_cache_noprof+0x181/0x6c0 mm/slub.c:5766
 kmalloc_noprof include/linux/slab.h:957 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 kset_create lib/kobject.c:965 [inline]
 kset_create_and_add+0x5a/0x180 lib/kobject.c:1008
 register_queue_kobjects net/core/net-sysfs.c:2106 [inline]
 netdev_register_kobject+0x1a2/0x310 net/core/net-sysfs.c:2362
 register_netdevice+0x12a0/0x1b10 net/core/dev.c:11294
 __ip_tunnel_create+0x3e7/0x560 net/ipv4/ip_tunnel.c:268
 ip_tunnel_init_net+0x2ba/0x800 net/ipv4/ip_tunnel.c:1147
 ops_init+0x35c/0x5c0 net/core/net_namespace.c:137
 setup_net+0xfe/0x320 net/core/net_namespace.c:445
 copy_net_ns+0x34e/0x4e0 net/core/net_namespace.c:580
 create_new_namespaces+0x3f3/0x720 kernel/nsproxy.c:110

Memory state around the buggy address:
 ffff888034df0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888034df0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888034df0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
 ffff888034df0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888034df0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
 </TASK>
kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
Bluetooth: hci3: failed to register connection device
==================================================================
BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f9/0x2b0 net/bluetooth/l2cap_sock.c:1500
Read of size 8 at addr ffff888034df07a8 by task kworker/u9:3/5924

CPU: 1 UID: 0 PID: 5924 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
Workqueue: hci3 hci_rx_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xca/0x240 mm/kasan/report.c:482
 kasan_report+0x118/0x150 mm/kasan/report.c:595
 l2cap_sock_new_connection_cb+0x1f9/0x2b0 net/bluetooth/l2cap_sock.c:1500
 l2cap_connect_cfm+0x37a/0x1040 net/bluetooth/l2cap_core.c:7288
 hci_connect_cfm+0x95/0x140 include/net/bluetooth/hci_core.h:2107
 le_conn_complete_evt+0xfb8/0x1500 net/bluetooth/hci_event.c:5799
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5825
 hci_event_func net/bluetooth/hci_event.c:7586 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7643
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4099
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Allocated by task 5924:
 kasan_save_stack mm/kasan/common.c:56 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
 poison_kmalloc_redzone mm/kasan/common.c:400 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:417
 kasan_kmalloc include/linux/kasan.h:262 [inline]
 __do_kmalloc_node mm/slub.c:5650 [inline]
 __kmalloc_noprof+0x233/0x7d0 mm/slub.c:5662
 kmalloc_noprof include/linux/slab.h:961 [inline]
 sk_prot_alloc+0xe7/0x220 net/core/sock.c:2239
 sk_alloc+0x3a/0x370 net/core/sock.c:2295
 bt_sock_alloc+0x3b/0x310 net/bluetooth/af_bluetooth.c:151
 l2cap_sock_alloc net/bluetooth/l2cap_sock.c:1897 [inline]
 l2cap_sock_new_connection_cb+0xe2/0x2b0 net/bluetooth/l2cap_sock.c:1485
 l2cap_connect_cfm+0x37a/0x1040 net/bluetooth/l2cap_core.c:7288
 hci_connect_cfm+0x95/0x140 include/net/bluetooth/hci_core.h:2107
 le_conn_complete_evt+0xfb8/0x1500 net/bluetooth/hci_event.c:5799
 hci_le_conn_complete_evt+0x187/0x450 net/bluetooth/hci_event.c:5825
 hci_event_func net/bluetooth/hci_event.c:7586 [inline]
 hci_event_packet+0x78f/0x1200 net/bluetooth/hci_event.c:7643
 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4099
 process_one_work kernel/workqueue.c:3263 [inline]
 process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427
 kthread+0x711/0x8a0 kernel/kthread.c:463
 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 6561:
 kasan_save_stack mm/kasan/common.c:56 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:77
 __kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:587
 kasan_save_free_info mm/kasan/kasan.h:406 [inline]
 poison_slab_object mm/kasan/common.c:252 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:284
 kasan_slab_free include/linux/kasan.h:234 [inline]
 slab_free_hook mm/slub.c:2543 [inline]
 slab_free mm/slub.c:6642 [inline]
 kfree+0x197/0x950 mm/slub.c:6849
 sk_prot_free net/core/sock.c:2278 [inline]
 __sk_destruct+0x4e4/0x670 net/core/sock.c:2373
 l2cap_sock_cleanup_listen+0xda/0x3e0 net/bluetooth/l2cap_sock.c:1465
 l2cap_sock_release+0x6a/0x230 net/bluetooth/l2cap_sock.c:1426
 __sock_release net/socket.c:662 [inline]
 sock_close+0xc3/0x240 net/socket.c:1455
 __fput+0x45b/0xa80 fs/file_table.c:468
 task_work_run+0x1d4/0x260 kernel/task_work.c:227
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop+0xe9/0x130 kernel/entry/common.c:43
 exit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]
 syscall_exit_to_user_mode_work include/linux/entry-common.h:175 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:210 [inline]
 do_syscall_64+0x2bd/0xfa0 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff888034df0000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 1960 bytes inside of
 freed 2048-byte region [ffff888034df0000, ffff888034df0800)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34df0
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x80000000000040(head|node=0|zone=1)
page_type: f5(slab)
raw: 0080000000000040 ffff88813ff27000 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0080000000000040 ffff88813ff27000 dead000000000100 dead000000000122
head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 0080000000000003 ffffea0000d37c01 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 105983598332, free_ts 105930998295
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x234/0x290 mm/page_alloc.c:1845
 prep_new_page mm/page_alloc.c:1853 [inline]
 get_page_from_freelist+0x28c0/0x2960 mm/page_alloc.c:3879
 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5178
 alloc_pages_mpol+0xd1/0x380 mm/mempolicy.c:2416
 alloc_slab_page mm/slub.c:3059 [inline]
 allocate_slab+0x96/0x350 mm/slub.c:3232
 new_slab mm/slub.c:3286 [inline]
 ___slab_alloc+0xb10/0x1400 mm/slub.c:4655
 __slab_alloc+0xc6/0x1f0 mm/slub.c:4778
 __slab_alloc_node mm/slub.c:4854 [inline]
 slab_alloc_node mm/slub.c:5276 [inline]
 __do_kmalloc_node mm/slub.c:5649 [inline]
 __kmalloc_node_track_caller_noprof+0x2a8/0x7e0 mm/slub.c:5759
 kmalloc_reserve+0x136/0x290 net/core/skbuff.c:601
 __alloc_skb+0x142/0x2d0 net/core/skbuff.c:670
 alloc_skb include/linux/skbuff.h:1383 [inline]
 nlmsg_new include/net/netlink.h:1055 [inline]
 rtmsg_ifinfo_build_skb+0x84/0x260 net/core/rtnetlink.c:4400
 rtmsg_ifinfo_event net/core/rtnetlink.c:4442 [inline]
 rtmsg_ifinfo+0x8c/0x1a0 net/core/rtnetlink.c:4451
 register_netdevice+0x1746/0x1b10 net/core/dev.c:11346
 __ip_tunnel_create+0x3e7/0x560 net/ipv4/ip_tunnel.c:268
 ip_tunnel_init_net+0x2ba/0x800 net/ipv4/ip_tunnel.c:1147
 vti_init_net+0x2f/0x100 net/ipv4/ip_vti.c:517
page last free pid 5832 tgid 5832 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1394 [inline]
 __free_frozen_pages+0xfb6/0x1140 mm/page_alloc.c:2901
 discard_slab mm/slub.c:3330 [inline]
 __put_partials+0x149/0x170 mm/slub.c:3876
 __slab_free+0x29e/0x370 mm/slub.c:5929
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x97/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x148/0x160 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x22/0x80 mm/kasan/common.c:352
 kasan_slab_alloc include/linux/kasan.h:252 [inline]
 slab_post_alloc_hook mm/slub.c:4978 [inline]
 slab_alloc_node mm/slub.c:5288 [inline]
 __kmalloc_cache_noprof+0x181/0x6c0 mm/slub.c:5766
 kmalloc_noprof include/linux/slab.h:957 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 kset_create lib/kobject.c:965 [inline]
 kset_create_and_add+0x5a/0x180 lib/kobject.c:1008
 register_queue_kobjects net/core/net-sysfs.c:2106 [inline]
 netdev_register_kobject+0x1a2/0x310 net/core/net-sysfs.c:2362
 register_netdevice+0x12a0/0x1b10 net/core/dev.c:11294
 __ip_tunnel_create+0x3e7/0x560 net/ipv4/ip_tunnel.c:268
 ip_tunnel_init_net+0x2ba/0x800 net/ipv4/ip_tunnel.c:1147
 ops_init+0x35c/0x5c0 net/core/net_namespace.c:137
 setup_net+0xfe/0x320 net/core/net_namespace.c:445
 copy_net_ns+0x34e/0x4e0 net/core/net_namespace.c:580
 create_new_namespaces+0x3f3/0x720 kernel/nsproxy.c:110

Memory state around the buggy address:
 ffff888034df0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888034df0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888034df0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                  ^
 ffff888034df0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888034df0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================