Extracting prog: 9m27.723921551s
Minimizing prog: 1h23m27.020025657s
Simplifying prog options: 7m39.473730118s
Extracting C: 4m13.810671877s
Simplifying C: 1h3m27.331398882s


extracting reproducer from 30 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix-pipe-splice-setns-syz_init_net_socket$bt_l2cap-unshare-socket$inet_tcp
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
setns(r2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
unshare(0x62040200)
socket$inet_tcp(0x2, 0x1, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 3, 3, 3, 27, 27, 10, 23, 2, 8, 16, 9, 5, 25, 2, 4, 27, 23, 4, 3, 3, 6, 3, 19, 27, 2, 3, 16, 23, 13]
detailed listing:
executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r4}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071122000000000009500000700000000b2cb84ff207ccfcc9cf2f9a56840a4d4e80cccc206b2ddc23cc89823b6bf6ffcc913f889c96ac7bb9dd3d853a542bec792b4b0221dc95a698ddc3796da1df5f7712abb55d7de3c65139bc5668bc699c17cab7a5a29df877bc6933cf1fa437c82aad12e1c265f45d061db04e68399330c9261371e7aeeea4b4e376517ec1c66b464ab79c7bb2b7e5f4849651b077a53eae8923da161bc8e157c71a3ed5e05d34b49f86c84020d08f5fc8d2fe0cf78558d6e412e45f1a8ddc0c1b054bbb0bf8b6c718ac0a3927199a1912594aaa1c6fb266312933db9e2dd3bb63dc7066a471b7791c1b7d062e6c4aa274f9e074234bbfa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000340)=@loop={'/dev/loop', 0x0}, 0xee01, &(0x7f0000000100)={0x3, 0x0, 0x246, 0x7fffffffffffffff, 0xd00, 0xfffffbffffffffff, 0x0, 0x7fff, 0x2})
executing program 3:
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)={0x200000, 0x200000, 0x80000000, 0x0, 0x0, 0x8})
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
write$P9_RLERROR(r0, &(0x7f0000000240)=ANY=[], 0xa)
ioctl$TIOCGPGRP(r0, 0x540f, 0x0)
executing program 3:
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%.,:', 0x0)
write$binfmt_format(r2, &(0x7f0000000100)='-1\x00', 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000b40), 0x42, 0x80)
close(r0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0xcb)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe000040000a0000", 0x1c)
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000200)={@private0, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000240)=0x20)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x101001a, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,\x00'], 0xfb, 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000004100)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
syz_usb_disconnect(0xffffffffffffffff)
clock_gettime(0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r8, 0x29, 0xb, 0x0, 0x0)
statx(r4, &(0x7f0000000180)='./file0\x00', 0x800, 0x8, 0x0)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000c80)={0x158, 0x0, r5, [{{0x6, 0x1, 0x8, 0x9, 0x8000, 0xffffffff, {0x6, 0x0, 0x400, 0x7, 0x1805, 0xa, 0x3, 0x1, 0x600, 0xa000, 0x40c, 0xee00, r7, 0xb0}}, {0x5, 0x0, 0x1, 0xfffffffb, '%'}}, {{0x1, 0x1, 0x8001, 0x361, 0x4, 0x9, {0x0, 0x100, 0x88, 0xf9, 0x8, 0x100, 0x2, 0xc37, 0x10000, 0xc000, 0x8, r6, 0x0, 0x7, 0x8}}, {0x0, 0x9, 0xa, 0x8, '/dev/fuse\x00'}}]}, 0x158)
bind$inet6(r8, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000000ac0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x2, @empty, 0x6}, 0x1c, &(0x7f0000000c40)}}], 0x1, 0x200c0858)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r9, 0xffffffffffffffff, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r10, 0x40405514, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x40, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xc, 0x2, 0x0, 0x22820adc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})
syz_open_dev$dri(&(0x7f00000000c0), 0x4d9, 0x2)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={0x8}, 0x20)
executing program 2:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x32}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x12}}, {@i_version}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x210008, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x322020, 0x0, 0x1, 0x0, 0x0)
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil)
getdents64(r0, &(0x7f0000002f40)=""/4098, 0x1002)
executing program 4:
openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x33b, 0x4000000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, 0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_setup(0x7f5b, &(0x7f0000000400)={0x0, 0xd898, 0x800, 0x0, 0x1a9, 0x0, r2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r5}, 0x10)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000580)={0x1, 0x1, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
executing program 0:
r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000a00)={'syz', 0x2}, &(0x7f0000000c00)="eb4d63c1", 0x4, 0xffffffffffffffff)
keyctl$update(0x2, r0, &(0x7f0000000b40)="9920", 0x2)
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000580)="b19ccccf84f531d9ec4cda81a3ef2ca8", 0x10)
sendmmsg$alg(r1, &(0x7f0000001bc0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}], 0x1, 0x20041000)
recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40012143)
executing program 2:
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e23, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, {0xa, 0x4e24, 0x0, @local, 0x7}, 0xffffffffffffffff, {[0x6, 0x8, 0x1ff, 0x2e, 0x2, 0x7, 0x2, 0x81]}}, 0x5c)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
executing program 1:
syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000240)='./file0\x00', 0x4006, &(0x7f0000002440)=ANY=[], 0xff, 0xc0a, &(0x7f0000001040)="$eJzs3VFsXeddAPD/d2zHdoa2S9ek3aim2yJ1IWOZ7axNK0+iocZiLGtNHW9AeehN7IRLnOsr2+nSCrbw1AeQMEPihSEhoaGKh8kI7QGehoTEq4X2hpACjFKEkO7Dqr2gGp1zvxtfO04T6jhOmt9PSv7nnvP/zvnO952cc+757lECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIj4xV86PTaeDroWAMC99NLsK2MTrv8A8FA56/s/AAAAAAAAAAAAAADc71IU8W6k+MYTnfRa9blr5EyzdeXq3NT07sVGU1VyoMov/4yMT5z84jPPnnquFz+4/N32qXh59uzp+otLl9vLCysrC/P1uVbz/NL8wh2vYa/ldzpeNUD98qUr8xcurNQnTpzctvhq7Z3hjx2tTZ4af/VIL3duanp6ti9ncOhDb/0mt3rD41AUcSFSXHr73dSIiCL23ha3OXb222i1E8ernZibmq52ZLHZaK2WC2d6DVFE1PoKvdBro3vQF3tSj7hWVr+s8PFy92bbjeXGucWF+kxjebW52lxqzaRubVOVXsRzKaIdEZ3hm1c3FEV8M1K89Z1OOhcRA712+Fz1YvDt61Pswz7egcGIqA1FbBQPQJ/dx4ajiO9Fim9/ayzO53atmu3piK+W8WjElTJej1gr42ciUnmAPBrx3i7HEw+WwSji9yPFjyc7ab7X99V55czX6l9uXVjqy+2dVx7468O9dJ+fm0aiiEZ1xu+kD3+zAwAAAADA/aeIP4oUT/7wWGpH/5his3WxfrZxbrH7VLj37L+eS21ubm7WUjeO5TiTYzvHtRzXc9woY2ytoFbk8jnO5NjOcS3H9Rw3cuzkWBvI5XOcybGd41qO6zlu5NjJsTaYy+c4M1jV7Fo7f17LcT3HjRw7gwfRTwAAAAAAAABwa6NRxNcjxdNfeL16rziq99I/MXnqlRO/0v/O+OO3WU+ZeyIi1os7eyf3UH51eCbNpHRA7xDTff/vd/P7f7930JUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOVBFFPBUpXv9+J0WKiHrEa9GN14cPunYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDdMJKKeC9S/MlXRqrPG0XEb0TE+5vvb0bE9fc377aD3mMAAAAAAAAA+AhKRbwRKZ56pZNqEXG19s7wx47WJk+Nv3pkIAYilSn9+S/Pnj1df3Hpcnt5YWVlYb4+12qeX5pfuNPNjZxptq5cnZua3pedua3Rfa7/6MiLS+03lpsXf2t11+WHR06fW1ldbpzffXGMRhFR759zvKrw3NR0VenFZqNVFZ1Jd1pjAAAAAAAAAB4GQ6mI9yPFW3/59o1x58HumP/gztzvfimiyNNTefz5xjB09buBj1e/G+hOf2Ly1K9OfLp/etch6+PVgHp9bmp6erZv9uDQzakjebtje9tl+pT9vxop/uDP6unJPG97/w/cyP3u72z197WdK7pFn/8/+n9bj/f6/6f75pXbTKmIv44UP/Nrj8eTVT0Px02/mch5X4kUv77+RM6LQ2XeU3n5I9XfIxeaiwtjZe7VSPH3V7bnPp1zP7mVO36n7fqgKPv/qUjx37+5fqNtcv/nHtjqtf7+//TOo2Pv/b/rv/9H+ubV8nZ/9u7sOhGx8sablxqLiwvLD+PEwP1RDRMmdp+Iawe39YM+M3EvlNf/r0eKv/vjf75xv5Ov/z8V1W3V1v3fT765df2f3Lmifbr+f7Jv3mS+GxkajBhZvdweeixiZOWNNz/fvNy4uHBxoXXy1PPPTow9Pz52cuhQ7+Zua2rnlm/6fvMwKvv/tyPF9/7tr+Kzed72+7/d7/8P71zRPvX/o33zDm+7X9nzrpP7/38jxT9O/SCO5XkfdP/f+/5/LN+E37g/36f+P9I3r/qO9/GIn+ubd+xIxEfuSxkAAADcZSkV8YM8njp2m/HUf4gUb/7Xz+e8dLTMeyEvr1V/j7y01Pr86cXFpfON1ca5xYX6bLtxfqEs+6NI0fmLJ3LZohpf7Y03d8d4t8Zi/ylSPP/LvdzuWGzv2dSjW7njZe6JSPGHL23P7T3HOLKVO1Hm/kukGH9199yjW7lfKHP/M1L85E/rvdzDZe6Xcu5jW7knzi8tzu9DtwAAAAAAwJ4MpSKejRR/e3Iw9Z5v38nvP2966L1Pv/97rG/e/D16X2XPjQoA97ny+n+svKr/wp/fGMvffv3fek+m//q/U///G3Cr6Q9z/a/dnd0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOikKGIpUnzjiU66Plx+7ho502xduTo3Nb17sdFUlRyo8ss/I+MTJ7/4zLOnnuvFDy5/t30qXp49e7r+4tLl9vLCysrCfH2u1Ty/NL9wx2vYa/mdjlcNUL986cr8hQsREydOblt8tfbO8MeO1iZPjb96pJc7NzU9PduXMzj0obd+k16/FjvmH4oi/idSXHr73fSvw3n5HtviNsfOfhuNIv4mIsqdmJuarnZksdlorZYLZ/oaotZX6IVeG92DvtiTesS1svplhY+Xuzfbbiw3zi0u1Gcay6vN1eZSayZ1a5uq9CKeSxHtiOgM37y6oShiKFK89Z3OaG9e1Q6fe2n2lbGJW1RiZGty5wF1jwxGRG0oYqN4APrsPjYcRTwTKb79rbH49+Fuu1bN9nTEV8t4NOJKGa9HrJXxMxGpPEAejXhvl+OJB8tgFPFIpPjxZCf9aDj3fXVeOfO1+pdbF5b6cnvnlQf++nAv3efnppEo4t3qjN9J/+HfMwAAAADAR0gRj0eKJ394LFXjgzfGFJuti/WzjXOL3cf6vWf/9Vxqc3Nzs5a6cSzHmRzbOa7luJ7jRo6dHGtFLp/jTI7tHNdyXM9xI8dOjrWBXD7HmRzbOa7luJ7jRo6dHGuDuXyOMzm2c1zLcT3HjRw7gwfZXwAAAAAAAAC7K6KIz0aK17/fSZvD3QHe16Ibr3sf6CPv/wIAAP//CqhQjw==")
socket(0x10, 0x803, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0x4e00, 0x0, 0x730, 0xbdff, 0x10, "feeeff000000001b"})
write$binfmt_aout(r0, &(0x7f0000001ac0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r1 = syz_open_pts(r0, 0x8182)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)
executing program 0:
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[{@map_acorn}, {@block={'block', 0x3d, 0x400}, 0x0}, {@unhide}, {@nocompress}, {@map_normal}, {@map_off, 0x41}, {@showassoc}], [{@dont_hash}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]}, 0x0, 0x633, &(0x7f0000000280)="$eJzs3U1v28gdx/EfZdlWXCAo2mIRBNlkNukCDpoqkrxxYKSHstTI5lYSBZIubKDAIt3YiyBytk1SoPFl4UsfgO0b6KXYSw99EQV67rvoscCivRXoRQVJ0U96dCLb3e73IzgckX/O/Id0OKAlkgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHK8eqVSddT025tbZjSvHgatMcuz2uZ1Nyvcndiu5CQ/KpV0LZt17TtHi99J/rmtG9m7Gyolk5L2v/HONx99u1jI1x+T0JvQWSt8+Xr/2eNud+fFjBO5YI812HMVplhx3bb9KPBb7ro1fhSYtdXVyv2NRmQaftNG21FsW8YLbSEOQrPs3TXVtbUVY8vbwWZ7ve42bT7z4fdrlcqq+XCxv/vvf1iOvA2/2fTb62lMsjiJeWg+/2kWYt2WMbtPuzsrk5JMgqrTBNUmBdUqtVq1WqtVVx+sPXhYqRQHZlRO0UDEzH9p8RUzu4M38JYKyfj/d0dqqqS2NrUlM/Tlqa5QgVojlvfl4//79+3Ydo+P//kof+1o8XWl4//N7N3NUeP/iFyMTLrCsCXOiPlv9nqp19rXMz1WV13t6MVs6r01uwzP8VWQ1qWi5CtSIF8tuVqXlenPMVrTqlZV0UfaUEORjBry1ZRVpG1FimXVSvdJKCtXsQKFMlqWp7syqmpNa1qRkVVZ2wq0qbbWVZerf/d6vV09Tbf7ypg8lQdVpwmqjQkaNf7/7LPs95Tx/+suP35NEwNcul7//P+Mbp1PNgAAAAAA4Dw46V/fnfSz+3cl9dTwm7Zy2WkBAAAAAIAZSj/5v5FM5pPSu3JGnP/3Lj43AAAAAAAwG056jZ0jaWm+Pyu/EmqaLwHMnXN6AAAAAABgBtLP/28uSL303mu35Jzp/B8AAAAAAHwF/PbYPfaL+T12e/nH+gVJUWfR+cs/FxXOOwedre86e26yxN3rxwx8AyBuXHeu9m/Um04WJKXvPDvvHD0YwEl/StmbL3cn3evfCU8lsDCX//liUgKrxf47fa73spj3+u0+2S8oXZK1stTwm7bsBc1HVbnu1UJst+JfPn/6Kyk87Ofu0+5O+eNPu0/SXA6SWQd7SR6fnUinMCmXV+n9FtJrLob1+IoaeZO/a7eWnLTdSt7/Obl7heMNTdf/X+t2FnN7KZsu7ed7IO1/Kel/tZzusqPep3eHcI6yqJ7u+bAdMSKLUprFnSzmzvKdbJLn18/ie3NSrTy4D8LjWdSOZzF5Wzj/GtgWE7JItsVKksVfk4pGZLFytiwG9ggAXJbdo1EovYn54D32T4+7b3KUmzy6//BkK6/+0MsuOJyTiv3PJsa2UlJyRF/OYhaUHliL14cc0Sv9caWkEUf0yluMbklbfz56BlI/7YEs/tPr9R5V03Z/f2pU/SJZ4YuR7UbN2lyyCe+/2vt5egP8xCc7n+w8r9VWVisfVCoPappPu9GfMPYAAIaY/IydiRHOB4dn1U/+8X5WOjHifevwKwVlfaxP1dUT3csfIXBreK1Lx76GcG/wrDWJvSKdiv3jvO6NPKtLx9Jj9dYOY/MLH06fAR7FrpzzXgAA4GLdnjAOTzP+38vPu5evDz3vPjmWn35C8KjY6gVvCQAAvj5s+KWzFP/GCUO/81F1ba3qxhvWhIH3YxP69XVr/HZsQ2/Dba9b0wmDOPCCpumEWvTrNjLRZqcThLFpBKHpBJG/lT753fQf/R7ZltuOfS/qNK0bWeMF7dj1YlP3I890Nn/U9KMNG6YrRx3r+Q3fc2M/aJso2Aw9WzYmsvZYoF+37dhv+EmxbTqh33LDbfOToLnZsqZuIy/0O3GQVZi35bcbQdhKqy2rd+YHHQIA8P/o5ev9Z4+73Z0XYwoHmhzTLywMq/Cy+wgAAE5ilAYAAAAAAAAAAAAAAAAAAAAA4H/fNNf/nakwP+xiQelwzi+uTlWPo1kndpZC4c1X/9uYmCuHc/LNfzzm4BJ6qqxQnH3NV6TpLxudQeEHu9kWHRmTLBy6aPFwXxRn/98hKTz/04hFvV6vN371xZPbcGFcB08WipJeLLzFLric4xGAi/PfAAAA//8Us0P7")
creat(&(0x7f0000000140)='./bus\x00', 0x80)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
executing program 0:
socket$packet(0x11, 0x2, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x11, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_open_dev$vim2m(&(0x7f0000000500), 0x1, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x101800)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect(0x6, 0x24, &(0x7f00000001c0)=ANY=[], 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = gettid()
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f00000002c0)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f00000000c0), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0xfe}, 0x2)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r0, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
executing program 3:
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x3000010, &(0x7f00000000c0)={[{@errors_remount}, {@nobh}]}, 0x1, 0x513, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOt7rW1aSpOmNOk6LYt28T8QQcEnn3wR/AOEZR78A2RgQF/EB1FRRGf0QVDnSpIbp5Mmbd1pm07z+cBpzrn35n7PuSEn98fpvQGMrRci4o2ImIiIlyOimE9P87TYLux3l7t/753ldkoiy976axJJPq23rnZ5MiKud98SUxHxtS9HfDM5HLe5u7exVKtVt/NypVXfqjR3926u15fWqmvVzfn5udcWXl94dWE2yz1WO0u9zE++9Pn3Pv2t3y3++ca329X63EeiEH3tOE3dphc626KnvY22zyLYCEzk7SmMuiIAAJxIex//gxHxic7+fzEmOntzfSZGUTMAAADgtGRfmI5/JxEZAAAAcGmlETEdSVrOxwJMR5peyc8NfDiupbVGs/Wp1cbO5kp7XkQpCunqeq06m48VLkUhaZfn8jG2vfIrfeX5iHgmIr5fvNopl5cbtZURn/sAAACAcXG97/j/H8W0kz/egP8TAAAAAC6u0tACAAAAcFk45AcAAIDLr//4/70R1QMAAAA4E1958812ynrPv155e3dno/H2zZVqc6Nc31kuLze2t8prjcZa55599ePWV2s0tj4Tmzu3Kq1qs1Vp7u4t1hs7m63F9UcegQ0AAACco2c+fvvXSUTsf/ZqJ0V+H0CAR/xh1BUATtPEqCsAjIy7eMP4Koy6AsDIJcfMN3gHAACefDMfPXz9v/f8f+cG4HIz1gcAxo/r/zC+CkYAwlhLI+ID3exTw5YZev3/lyeNkmURd4oHpzi/CAAA52u6k5K0nB8HTEealssRT0ekpSgkq+u16mx+fPCrYuGpdnmu887k2DHDAAAAAAAAAAAAAAAAAAAAAAAAAEBXliWRAQAAAJdaRPqnpHM3/4iZ4kvT/ecHriT/LMYf88KP3vrBraVWa3uuPf1vnWd5XYmI1g/z6a8MfXwYAAAAcNqS/aGzusfp+evcudYKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDFw/947y710nnH/8sWIKA2KPxlTndepKETEtb8nMXngfUlETJxC/P13I+LZQfGTeJBlWSmvxaD4V884fqmzaQbHTyPi+inEh3F2u93/vDHo+5fGC53Xwd+/yTw9ruH9X5pHfrbTzw3qf54+tLb6wBjP3f1ZZWj8dyOemxzc//T632RI/BcPre1fWZYdjvGNr+/tDYuf/ThiZuDvT/JIrEqrvlVp7u7dXK8vrVXXqpvz83OvLby+8OrCbGV1vVbN/w6M8b2P/fzBUe2/NiD+b3/T7X+Pav9Lw1ba5z93b937UDdbGBT/xosDf3+nYkj8NP/t+2Seb8+f6eX3u/mDnv/pneePav/KkO1/3Od/44Ttf/mr3/39CRcFAM5Bc3dvY6lWq24fkZk6wTJPYuYXUxeiGv9nJvtO95O7KPV5v5n23urDKb1WXYCKHchk5xZrIi5Ik/+XGWm3BAAAnIGHO/2jrgkAAAAAAAAAAAAAAAAAAACMr/O4nVh/zP3RNBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ej/DQAA///M/t/r")
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0)
r1 = dup(r0)
read$FUSE(r1, &(0x7f0000003680)={0x2020}, 0x2020)
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000200)={@private0, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000240)=0x20)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x101001a, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,\x00'], 0xfb, 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000004100)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
syz_usb_disconnect(0xffffffffffffffff)
clock_gettime(0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r8, 0x29, 0xb, 0x0, 0x0)
statx(r4, &(0x7f0000000180)='./file0\x00', 0x800, 0x8, 0x0)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000c80)={0x158, 0x0, r5, [{{0x6, 0x1, 0x8, 0x9, 0x8000, 0xffffffff, {0x6, 0x0, 0x400, 0x7, 0x1805, 0xa, 0x3, 0x1, 0x600, 0xa000, 0x40c, 0xee00, r7, 0xb0}}, {0x5, 0x0, 0x1, 0xfffffffb, '%'}}, {{0x1, 0x1, 0x8001, 0x361, 0x4, 0x9, {0x0, 0x100, 0x88, 0xf9, 0x8, 0x100, 0x2, 0xc37, 0x10000, 0xc000, 0x8, r6, 0x0, 0x7, 0x8}}, {0x0, 0x9, 0xa, 0x8, '/dev/fuse\x00'}}]}, 0x158)
bind$inet6(r8, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000000ac0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x2, @empty, 0x6}, 0x1c, &(0x7f0000000c40)}}], 0x1, 0x200c0858)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r9, 0xffffffffffffffff, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r10, 0x40405514, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x40, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xc, 0x2, 0x0, 0x22820adc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})
syz_open_dev$dri(&(0x7f00000000c0), 0x4d9, 0x2)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={0x8}, 0x20)
executing program 1:
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x2004010, &(0x7f0000000000)=ANY=[@ANYRES16=0x0, @ANYRES16=0x0, @ANYRES32, @ANYRESDEC], 0x1, 0x1cc, &(0x7f0000000600)="$eJzs281qE10YB/Bn+rbpx4ukC1fiYpauStsraJEKYkBQslAQFNtA6UjBQkAXtjsX3oQX48KtXonLgsKRZvJtLG3UDjS/3yYPM+d/5pwTJskJzPPbrw52D49az1qfYynLYm4r8jjNYjXmouckAIDr5DSl+JZSSosnsfwxUkpVjwgA+Nd8/wPA7Hn85OmD7UZj51GeL0UU79vNdrN8Lc9vt2I/itiL9ajHjzj7gdBV1vfuN3bW847V+FAcd/PH7eZ/o/mNqMfq5PxGmc9H8wuxMpzfjHrcnJzfnJivxZ1aP78QEfX4+jIOo4jdOMsO8u828vzuw8ZY/v9OOwAAALgO1vK+zv69FqP797W10fOD/XGZ384u/P/A2P56Pm7NVzt3AJhVR2/eHrwoir3XUxRL3T5+0+Z7SmnKnoeKLyvlRf60n4sW+4vl9S4f7y1p/8jW+etTTVEbHuFYsTzFUG9cYoLz57bpPXHyN6ecRURVC/4pIip/u6e6qTvFlX4MARUY3P2DY1mVAwIAAAAAAAAAAAAAAH5xFc8VVT1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGbPzwAAAP//t8F8mQ==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x189800, 0x0)
r1 = fsopen(&(0x7f0000000c40)='devtmpfs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b0000000000000000000000008000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x19, &(0x7f000001b000)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xdc0f}}, @call={0x85, 0x0, 0x0, 0x50}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r4 = inotify_init()
inotify_add_watch(r4, &(0x7f0000000400)='.\x00', 0x20)
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x40047211, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nodioread_nolock}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x563, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbDbp6+/XFEpREQn0YKU2aRJfKnioR9FiQe91SaahdNMt2U1pYsH2YC9epAgiFsS73j0W/wH/ioIWipSgBy+R2czmpdlNtukmu+1+PjDheWZm93memfk+eZ6dWTaAvjWS/SlEvBwR3yQRRyIiybcVI984srLf0uObU9mSxPLyp38l9f2yfOO9Gq87lGdeiojfvoo4VdhcbnVh8UqpXE7n8vxYbfbaWHVh8fTl2dJMOpNenZicPPv25MR7777Tsba+ceGf7z+5/+HZr08sfffLw6N3kzgXh/Nt69vxDG6tz4zESH5MBuPcEzuOd6CwXpJ0uwLsyEAe54OR9QFHYiCPeuDF92VELAN9KhH/0Kca44DG3L5D8+DnxqMPViZAm9tfXPlsJPbX50YHl5INM6NsvjvcgfKzMn79897dbInOfQ4BsK1btyPiTLG4uf9L8v5v5860sc+TZej/YO/cz8Y/bzYb/xRWxz/RZPxzqEns7sT28V942IFiWsrGf+/n5e7fUP7qTavhgTz3v/qYbzC5dLmcZn3b/yPiZAzuy/Jb3c85u/RgudW29eO/bMnKb4wF83o8LO7b+JrpUq30LG1e79HtiFeajn+T1fOfNDn/2fG40GYZx9N7r7Xatn37d9fyTxGvN53/rN3RSra+PzlWvx7GGlfFZn/fOf77xjVrR7Lb7c/O/8Gt2z+crL9fW336Mn7c/2/aatuG9kf71/9Q8lk9PZSvu1Gq1ebGI4aSjzevn1h7bSPf2D9r/8kTW/d/za7/AxHxeZvtv3Ps51fban+Xzv/0U53/p088+OiLH1qV317/91Y9dTJf007/124Fn+XYAQAAAAAAQK8pRMThSAqjq+lCYXR05fmOY3GwUK5Ua6cuVeavTkf9u7LDMVho3Ok+su55iPH8edhGfuKJ/GREHI2IbwcO1POjU5XydLcbDwAAAAAAAAAAAAAAAAAAAD3iUIvv/2f+GOh27YBd18ZPfg/tRT2Avbdt/Hfil56AntTG/3/gBSX+oX+Jf+hf4h/6l/iH/iX+oX+Jf+hf4h8AAAAAAAAAAAAAAAAAAAAAAAAAAAA66sL589myvPT45lSWn76+MH+lcv30dFot5LvMXRudqVRmyunoVGV2u/crVyrXxidi/sZYLa3WxqoLixdnK/NXaxcvz5Zm0ovp4K63CAAAAAAAAAAAAAAAAAAAAJ4/1YXFK6VyOZ2TkNhRotgb1ehSotgb1diFRLd7JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY818AAAD//0h7Mcc=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x2, 0x96)
pwrite64(r5, &(0x7f0000000080)='2', 0x1, 0x40008)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x9, &(0x7f0000000040)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x9b}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860151b0", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendfile(r6, r6, 0x0, 0xe3aa6ea)
truncate(&(0x7f00000002c0)='./file1\x00', 0x42d9)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r9, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
executing program 4:
r0 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_AIE_ON(r0, 0x7001)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000780)={0x1b, 0x6, 0x6, 0x19, 0x8, 0x7ff, 0x5, 0x13b, 0xffffffffffffffff})
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000002c0)={[{0x6, 0x4, 0x7, 0x8, 0x8, 0xff, 0x40, 0x4, 0x7f, 0xbe, 0x4, 0x6, 0xfffffffffffffffe}, {0x80, 0x8, 0x4, 0xf7, 0x5, 0x3, 0x1, 0x7, 0x4c, 0x3, 0xfc, 0x7}, {0x9b7, 0x84, 0xba, 0x1, 0x2, 0xc, 0x4, 0x2, 0x7, 0x6, 0x0, 0x0, 0x6}], 0x1})
executing program 4:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400), 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=")
r0 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000500)={0x0, 0x2904c, 0x0, 0x10003, '\x00', [{0x0, 0x0, 0x0, 0x3}, {0xffffffff}]})
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000018, &(0x7f00000013c0)=ANY=[], 0xf, 0x6b4, &(0x7f00000000c0)="$eJzs3c9vHGf9B/D3rNcbO98qX6dN2ggVESVSQYpInFgphAsBIZRDhapy4IqVOI2VjVPZLnIrBC5FcELi0D+gIPmGOCBxDwrncuvVx0pIXCIOERyMZnbWXnvX8Tr+GXi9ovHzzDzPPPPZzz4z411ntQH+Z926lOajFLl16a2lcn11Zaq9ujJ1om5uJynrjaTZKVLMJcXj5GbZXvQs6Sn7fDJ7453Pn6x+0Vlr1kvVv/Gs/QYY0He5XnI+yUhd9hsd9hCbxrud5KW+Lq1hx2plbGOlTNrFuoQjt9ZneTe77+a8BY6Z7m2s6Nw3+0wkJ5PqFlb9TlBfHRqHF+HB2NVVDgAAAF5Qnz086ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxVN//39RL426zPkU3e//b3W31fUX2qOjDgAAAAAAAAAA9sFXnuZplnKqu75WVH/zv1CtnMm/1pL/y/tZyEzmczlLmc5iFjOfq0kmegZqLU0vLs5fXd+zNHjPawP3vHZYjxgAAAAAAAAA/iv9Irc2/v4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHQZGMdIpqOdOtT6TR7FTTKn8sJ3/r1l8QxaCNjw4/DgAAANiTsefY5/+f5mmWcirJH8v1taJ6zf9q9Xp5LO9nLouZzWLamcmd+jV0+aq/sboy1V5dmXpQLv3jfucfuwqjGjGd9x4GH/lc1WM8dzNbbbmc21Uwd9Ko9iyd68YzOK6PypiKb9eGjKxZp7U82G+3exdhX+z2rYiJMrhkPSOTdWxlNk53MlBUb9QkWzPx7Gfn3wOOlEZG1490NY31d37OHEDOT9Zl+Xh+daA53631TDRSZeJaz+x79dmZSL765z/86F577v69uwuXjs9D2sHINtu3zompnky8NigTvQMd60w0d9l/ssrE2fX1W/l+fphLOZ+3M5/Z/CTTWcxM1ur26Xo+lz8nnj1nbm5ae3unSFr189JJ9TAxnc/3qtp0LlT7nspsijzMnczkzerftVzNN3I913Oj5xk+u23c1WOrzvrG1rO++0z/ZWDwF79WV8aT/Lou+3KwxXazc790rv1lXk/35LUz65+s9zrdcx5M9mTp5W52RgcO/jzXxuaX6kp5jI/r8niYqDNRnkDdu0Q3ulc6mWhW96L+ef676txYaM/dn783/d424y9vWX+jLstptfLlYaMc/FTsr3K+vJyx+kqyeXaUba+sX2VOb7qrtuq/uHTaGn1tZ6u2ouieqT/oO1PL+Vqeqa36d7j+ka5Vba8NbJuq2s71tG36fSsP086dQ8gfAHs0kZOt8b+Pfzb+6fgvx++NvzX23RPfPPF6K6N/Hf1Wc3LkjcbrxZ/yaX5Wvf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2aOGDD+9Pt9sz84Mrje2bdqjsNPKWSlF/oc+we/34ZPJ8gR1OZSzJpi2j5YZ9O8THQ3Ye3xpGX2Xt58mh56f7JYKD+/ymrDQzzIA3d+rz0ZHPhGNZGd040UYyeAIc8YUJOHBXFh+8d2Xhgw+/Pvtg+t2Zd2fmRq9fvzF54/qbU1fuzrZnJjs/jzpK4CBs3PSPOhIAAAAAAAAAAABgWIM+IXDhpZ0+NDLUZzz8z0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX9y6lOajFLk6eXmyXF9dmWqXS7e+0bOZpNFIip8mxePkZjpLJnqGK/L7x1kbcJxPZm+88/mT1S82xmp2+ieNutyD5XrJ+SQjdblf493e83jFP7uPsEzYxW7i4Kj9JwAA//93mPQP")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x34, 0x0, 0x8, 0x5, 0x0, 0x0, {0x3, 0x0, 0x9}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048000)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x14, 0x2, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x20004004)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, 0x0)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000380)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x0, 0x41, &(0x7f00000002c0)="c26bca8b7597f49c865a04", 0xb, 0x0, 0xfffffffe, 0xfffffffe, 0x5, 0x71a8, 0x0})
ioctl$USBDEVFS_SETINTERFACE(r4, 0x80085504, &(0x7f0000000000)={0x0, 0xf})
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r5 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200, 0xd4}}, 0xe8)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0)
executing program 4:
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%.,:', 0x0)
write$binfmt_format(r2, &(0x7f0000000100)='-1\x00', 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000b40), 0x42, 0x80)
close(r0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0xcb)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe000040000a0000", 0x1c)
executing program 0:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f000000b780), 0x2, 0x0)
readv(r0, &(0x7f0000002380)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1)
executing program 1:
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
executing program 1:
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e23, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, {0xa, 0x4e24, 0x0, @local, 0x7}, 0xffffffffffffffff, {[0x6, 0x8, 0x1ff, 0x2e, 0x2, 0x7, 0x2, 0x81]}}, 0x5c)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
executing program 0:
openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x33b, 0x4000000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=<r3=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_setup(0x7f5b, &(0x7f0000000400)={0x0, 0xd898, 0x800, 0x0, 0x1a9, 0x0, r2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r5}, 0x10)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000580)={0x1, 0x1, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
setns(r2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
unshare(0x62040200)
socket$inet_tcp(0x2, 0x1, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix-pipe-splice-setns-syz_init_net_socket$bt_l2cap-unshare-socket$inet_tcp
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
setns(r2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
unshare(0x62040200)
socket$inet_tcp(0x2, 0x1, 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 1m40s
testing program (duration=1m47s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 3, 3, 3, 27, 27, 10, 23, 2, 8, 16, 9, 5, 25, 2, 4, 27, 23, 4, 3, 3, 6, 3, 19, 27, 2, 3, 16, 23, 13]
detailed listing:
executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r4}, 0x38)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071122000000000009500000700000000b2cb84ff207ccfcc9cf2f9a56840a4d4e80cccc206b2ddc23cc89823b6bf6ffcc913f889c96ac7bb9dd3d853a542bec792b4b0221dc95a698ddc3796da1df5f7712abb55d7de3c65139bc5668bc699c17cab7a5a29df877bc6933cf1fa437c82aad12e1c265f45d061db04e68399330c9261371e7aeeea4b4e376517ec1c66b464ab79c7bb2b7e5f4849651b077a53eae8923da161bc8e157c71a3ed5e05d34b49f86c84020d08f5fc8d2fe0cf78558d6e412e45f1a8ddc0c1b054bbb0bf8b6c718ac0a3927199a1912594aaa1c6fb266312933db9e2dd3bb63dc7066a471b7791c1b7d062e6c4aa274f9e074234bbfa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80)
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000340)=@loop={'/dev/loop', 0x0}, 0xee01, &(0x7f0000000100)={0x3, 0x0, 0x246, 0x7fffffffffffffff, 0xd00, 0xfffffbffffffffff, 0x0, 0x7fff, 0x2})
executing program 3:
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)={0x200000, 0x200000, 0x80000000, 0x0, 0x0, 0x8})
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/current\x00')
write$P9_RLERROR(r0, &(0x7f0000000240)=ANY=[], 0xa)
ioctl$TIOCGPGRP(r0, 0x540f, 0x0)
executing program 3:
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%.,:', 0x0)
write$binfmt_format(r2, &(0x7f0000000100)='-1\x00', 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000b40), 0x42, 0x80)
close(r0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0xcb)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe000040000a0000", 0x1c)
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000200)={@private0, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000240)=0x20)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x101001a, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,\x00'], 0xfb, 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000004100)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
syz_usb_disconnect(0xffffffffffffffff)
clock_gettime(0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r8, 0x29, 0xb, 0x0, 0x0)
statx(r4, &(0x7f0000000180)='./file0\x00', 0x800, 0x8, 0x0)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000c80)={0x158, 0x0, r5, [{{0x6, 0x1, 0x8, 0x9, 0x8000, 0xffffffff, {0x6, 0x0, 0x400, 0x7, 0x1805, 0xa, 0x3, 0x1, 0x600, 0xa000, 0x40c, 0xee00, r7, 0xb0}}, {0x5, 0x0, 0x1, 0xfffffffb, '%'}}, {{0x1, 0x1, 0x8001, 0x361, 0x4, 0x9, {0x0, 0x100, 0x88, 0xf9, 0x8, 0x100, 0x2, 0xc37, 0x10000, 0xc000, 0x8, r6, 0x0, 0x7, 0x8}}, {0x0, 0x9, 0xa, 0x8, '/dev/fuse\x00'}}]}, 0x158)
bind$inet6(r8, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000000ac0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x2, @empty, 0x6}, 0x1c, &(0x7f0000000c40)}}], 0x1, 0x200c0858)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r9, 0xffffffffffffffff, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r10, 0x40405514, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x40, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xc, 0x2, 0x0, 0x22820adc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})
syz_open_dev$dri(&(0x7f00000000c0), 0x4d9, 0x2)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={0x8}, 0x20)
executing program 2:
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x32}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x12}}, {@i_version}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x210008, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x322020, 0x0, 0x1, 0x0, 0x0)
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00')
mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil)
getdents64(r0, &(0x7f0000002f40)=""/4098, 0x1002)
executing program 4:
openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x33b, 0x4000000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, 0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_setup(0x7f5b, &(0x7f0000000400)={0x0, 0xd898, 0x800, 0x0, 0x1a9, 0x0, r2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r5}, 0x10)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000580)={0x1, 0x1, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
executing program 0:
r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000a00)={'syz', 0x2}, &(0x7f0000000c00)="eb4d63c1", 0x4, 0xffffffffffffffff)
keyctl$update(0x2, r0, &(0x7f0000000b40)="9920", 0x2)
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000580)="b19ccccf84f531d9ec4cda81a3ef2ca8", 0x10)
sendmmsg$alg(r1, &(0x7f0000001bc0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}], 0x1, 0x20041000)
recvmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x40012143)
executing program 2:
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e23, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, {0xa, 0x4e24, 0x0, @local, 0x7}, 0xffffffffffffffff, {[0x6, 0x8, 0x1ff, 0x2e, 0x2, 0x7, 0x2, 0x81]}}, 0x5c)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
executing program 1:
syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000240)='./file0\x00', 0x4006, &(0x7f0000002440)=ANY=[], 0xff, 0xc0a, &(0x7f0000001040)="$eJzs3VFsXeddAPD/d2zHdoa2S9ek3aim2yJ1IWOZ7axNK0+iocZiLGtNHW9AeehN7IRLnOsr2+nSCrbw1AeQMEPihSEhoaGKh8kI7QGehoTEq4X2hpACjFKEkO7Dqr2gGp1zvxtfO04T6jhOmt9PSv7nnvP/zvnO952cc+757lECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIj4xV86PTaeDroWAMC99NLsK2MTrv8A8FA56/s/AAAAAAAAAAAAAADc71IU8W6k+MYTnfRa9blr5EyzdeXq3NT07sVGU1VyoMov/4yMT5z84jPPnnquFz+4/N32qXh59uzp+otLl9vLCysrC/P1uVbz/NL8wh2vYa/ldzpeNUD98qUr8xcurNQnTpzctvhq7Z3hjx2tTZ4af/VIL3duanp6ti9ncOhDb/0mt3rD41AUcSFSXHr73dSIiCL23ha3OXb222i1E8ernZibmq52ZLHZaK2WC2d6DVFE1PoKvdBro3vQF3tSj7hWVr+s8PFy92bbjeXGucWF+kxjebW52lxqzaRubVOVXsRzKaIdEZ3hm1c3FEV8M1K89Z1OOhcRA712+Fz1YvDt61Pswz7egcGIqA1FbBQPQJ/dx4ajiO9Fim9/ayzO53atmu3piK+W8WjElTJej1gr42ciUnmAPBrx3i7HEw+WwSji9yPFjyc7ab7X99V55czX6l9uXVjqy+2dVx7468O9dJ+fm0aiiEZ1xu+kD3+zAwAAAADA/aeIP4oUT/7wWGpH/5his3WxfrZxbrH7VLj37L+eS21ubm7WUjeO5TiTYzvHtRzXc9woY2ytoFbk8jnO5NjOcS3H9Rw3cuzkWBvI5XOcybGd41qO6zlu5NjJsTaYy+c4M1jV7Fo7f17LcT3HjRw7gwfRTwAAAAAAAABwa6NRxNcjxdNfeL16rziq99I/MXnqlRO/0v/O+OO3WU+ZeyIi1os7eyf3UH51eCbNpHRA7xDTff/vd/P7f7930JUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOVBFFPBUpXv9+J0WKiHrEa9GN14cPunYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDdMJKKeC9S/MlXRqrPG0XEb0TE+5vvb0bE9fc377aD3mMAAAAAAAAA+AhKRbwRKZ56pZNqEXG19s7wx47WJk+Nv3pkIAYilSn9+S/Pnj1df3Hpcnt5YWVlYb4+12qeX5pfuNPNjZxptq5cnZua3pedua3Rfa7/6MiLS+03lpsXf2t11+WHR06fW1ldbpzffXGMRhFR759zvKrw3NR0VenFZqNVFZ1Jd1pjAAAAAAAAAB4GQ6mI9yPFW3/59o1x58HumP/gztzvfimiyNNTefz5xjB09buBj1e/G+hOf2Ly1K9OfLp/etch6+PVgHp9bmp6erZv9uDQzakjebtje9tl+pT9vxop/uDP6unJPG97/w/cyP3u72z197WdK7pFn/8/+n9bj/f6/6f75pXbTKmIv44UP/Nrj8eTVT0Px02/mch5X4kUv77+RM6LQ2XeU3n5I9XfIxeaiwtjZe7VSPH3V7bnPp1zP7mVO36n7fqgKPv/qUjx37+5fqNtcv/nHtjqtf7+//TOo2Pv/b/rv/9H+ubV8nZ/9u7sOhGx8sablxqLiwvLD+PEwP1RDRMmdp+Iawe39YM+M3EvlNf/r0eKv/vjf75xv5Ov/z8V1W3V1v3fT765df2f3Lmifbr+f7Jv3mS+GxkajBhZvdweeixiZOWNNz/fvNy4uHBxoXXy1PPPTow9Pz52cuhQ7+Zua2rnlm/6fvMwKvv/tyPF9/7tr+Kzed72+7/d7/8P71zRPvX/o33zDm+7X9nzrpP7/38jxT9O/SCO5XkfdP/f+/5/LN+E37g/36f+P9I3r/qO9/GIn+ubd+xIxEfuSxkAAADcZSkV8YM8njp2m/HUf4gUb/7Xz+e8dLTMeyEvr1V/j7y01Pr86cXFpfON1ca5xYX6bLtxfqEs+6NI0fmLJ3LZohpf7Y03d8d4t8Zi/ylSPP/LvdzuWGzv2dSjW7njZe6JSPGHL23P7T3HOLKVO1Hm/kukGH9199yjW7lfKHP/M1L85E/rvdzDZe6Xcu5jW7knzi8tzu9DtwAAAAAAwJ4MpSKejRR/e3Iw9Z5v38nvP2966L1Pv/97rG/e/D16X2XPjQoA97ny+n+svKr/wp/fGMvffv3fek+m//q/U///G3Cr6Q9z/a/dnd0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOikKGIpUnzjiU66Plx+7ho502xduTo3Nb17sdFUlRyo8ss/I+MTJ7/4zLOnnuvFDy5/t30qXp49e7r+4tLl9vLCysrCfH2u1Ty/NL9wx2vYa/mdjlcNUL986cr8hQsREydOblt8tfbO8MeO1iZPjb96pJc7NzU9PduXMzj0obd+k16/FjvmH4oi/idSXHr73fSvw3n5HtviNsfOfhuNIv4mIsqdmJuarnZksdlorZYLZ/oaotZX6IVeG92DvtiTesS1svplhY+Xuzfbbiw3zi0u1Gcay6vN1eZSayZ1a5uq9CKeSxHtiOgM37y6oShiKFK89Z3OaG9e1Q6fe2n2lbGJW1RiZGty5wF1jwxGRG0oYqN4APrsPjYcRTwTKb79rbH49+Fuu1bN9nTEV8t4NOJKGa9HrJXxMxGpPEAejXhvl+OJB8tgFPFIpPjxZCf9aDj3fXVeOfO1+pdbF5b6cnvnlQf++nAv3efnppEo4t3qjN9J/+HfMwAAAADAR0gRj0eKJ394LFXjgzfGFJuti/WzjXOL3cf6vWf/9Vxqc3Nzs5a6cSzHmRzbOa7luJ7jRo6dHGtFLp/jTI7tHNdyXM9xI8dOjrWBXD7HmRzbOa7luJ7jRo6dHGuDuXyOMzm2c1zLcT3HjRw7gwfZXwAAAAAAAAC7K6KIz0aK17/fSZvD3QHe16Ibr3sf6CPv/wIAAP//CqhQjw==")
socket(0x10, 0x803, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0x4e00, 0x0, 0x730, 0xbdff, 0x10, "feeeff000000001b"})
write$binfmt_aout(r0, &(0x7f0000001ac0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r1 = syz_open_pts(r0, 0x8182)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)
executing program 0:
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[{@map_acorn}, {@block={'block', 0x3d, 0x400}, 0x0}, {@unhide}, {@nocompress}, {@map_normal}, {@map_off, 0x41}, {@showassoc}], [{@dont_hash}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]}, 0x0, 0x633, &(0x7f0000000280)="$eJzs3U1v28gdx/EfZdlWXCAo2mIRBNlkNukCDpoqkrxxYKSHstTI5lYSBZIubKDAIt3YiyBytk1SoPFl4UsfgO0b6KXYSw99EQV67rvoscCivRXoRQVJ0U96dCLb3e73IzgckX/O/Id0OKAlkgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHK8eqVSddT025tbZjSvHgatMcuz2uZ1Nyvcndiu5CQ/KpV0LZt17TtHi99J/rmtG9m7Gyolk5L2v/HONx99u1jI1x+T0JvQWSt8+Xr/2eNud+fFjBO5YI812HMVplhx3bb9KPBb7ro1fhSYtdXVyv2NRmQaftNG21FsW8YLbSEOQrPs3TXVtbUVY8vbwWZ7ve42bT7z4fdrlcqq+XCxv/vvf1iOvA2/2fTb62lMsjiJeWg+/2kWYt2WMbtPuzsrk5JMgqrTBNUmBdUqtVq1WqtVVx+sPXhYqRQHZlRO0UDEzH9p8RUzu4M38JYKyfj/d0dqqqS2NrUlM/Tlqa5QgVojlvfl4//79+3Ydo+P//kof+1o8XWl4//N7N3NUeP/iFyMTLrCsCXOiPlv9nqp19rXMz1WV13t6MVs6r01uwzP8VWQ1qWi5CtSIF8tuVqXlenPMVrTqlZV0UfaUEORjBry1ZRVpG1FimXVSvdJKCtXsQKFMlqWp7syqmpNa1qRkVVZ2wq0qbbWVZerf/d6vV09Tbf7ypg8lQdVpwmqjQkaNf7/7LPs95Tx/+suP35NEwNcul7//P+Mbp1PNgAAAAAA4Dw46V/fnfSz+3cl9dTwm7Zy2WkBAAAAAIAZSj/5v5FM5pPSu3JGnP/3Lj43AAAAAAAwG056jZ0jaWm+Pyu/EmqaLwHMnXN6AAAAAABgBtLP/28uSL303mu35Jzp/B8AAAAAAHwF/PbYPfaL+T12e/nH+gVJUWfR+cs/FxXOOwedre86e26yxN3rxwx8AyBuXHeu9m/Um04WJKXvPDvvHD0YwEl/StmbL3cn3evfCU8lsDCX//liUgKrxf47fa73spj3+u0+2S8oXZK1stTwm7bsBc1HVbnu1UJst+JfPn/6Kyk87Ofu0+5O+eNPu0/SXA6SWQd7SR6fnUinMCmXV+n9FtJrLob1+IoaeZO/a7eWnLTdSt7/Obl7heMNTdf/X+t2FnN7KZsu7ed7IO1/Kel/tZzusqPep3eHcI6yqJ7u+bAdMSKLUprFnSzmzvKdbJLn18/ie3NSrTy4D8LjWdSOZzF5Wzj/GtgWE7JItsVKksVfk4pGZLFytiwG9ggAXJbdo1EovYn54D32T4+7b3KUmzy6//BkK6/+0MsuOJyTiv3PJsa2UlJyRF/OYhaUHliL14cc0Sv9caWkEUf0yluMbklbfz56BlI/7YEs/tPr9R5V03Z/f2pU/SJZ4YuR7UbN2lyyCe+/2vt5egP8xCc7n+w8r9VWVisfVCoPappPu9GfMPYAAIaY/IydiRHOB4dn1U/+8X5WOjHifevwKwVlfaxP1dUT3csfIXBreK1Lx76GcG/wrDWJvSKdiv3jvO6NPKtLx9Jj9dYOY/MLH06fAR7FrpzzXgAA4GLdnjAOTzP+38vPu5evDz3vPjmWn35C8KjY6gVvCQAAvj5s+KWzFP/GCUO/81F1ba3qxhvWhIH3YxP69XVr/HZsQ2/Dba9b0wmDOPCCpumEWvTrNjLRZqcThLFpBKHpBJG/lT753fQf/R7ZltuOfS/qNK0bWeMF7dj1YlP3I890Nn/U9KMNG6YrRx3r+Q3fc2M/aJso2Aw9WzYmsvZYoF+37dhv+EmxbTqh33LDbfOToLnZsqZuIy/0O3GQVZi35bcbQdhKqy2rd+YHHQIA8P/o5ev9Z4+73Z0XYwoHmhzTLywMq/Cy+wgAAE5ilAYAAAAAAAAAAAAAAAAAAAAA4H/fNNf/nakwP+xiQelwzi+uTlWPo1kndpZC4c1X/9uYmCuHc/LNfzzm4BJ6qqxQnH3NV6TpLxudQeEHu9kWHRmTLBy6aPFwXxRn/98hKTz/04hFvV6vN371xZPbcGFcB08WipJeLLzFLric4xGAi/PfAAAA//8Us0P7")
creat(&(0x7f0000000140)='./bus\x00', 0x80)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000180)='./bus\x00', 0x0, 0x63d014, 0x0)
r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0)
executing program 0:
socket$packet(0x11, 0x2, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x11, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_open_dev$vim2m(&(0x7f0000000500), 0x1, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x101800)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect(0x6, 0x24, &(0x7f00000001c0)=ANY=[], 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = gettid()
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f00000002c0)={0x1, 0x6}, 0x2)
write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f00000000c0), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0xfe}, 0x2)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r0, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)
executing program 3:
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x3000010, &(0x7f00000000c0)={[{@errors_remount}, {@nobh}]}, 0x1, 0x513, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOt7rW1aSpOmNOk6LYt28T8QQcEnn3wR/AOEZR78A2RgQF/EB1FRRGf0QVDnSpIbp5Mmbd1pm07z+cBpzrn35n7PuSEn98fpvQGMrRci4o2ImIiIlyOimE9P87TYLux3l7t/753ldkoiy976axJJPq23rnZ5MiKud98SUxHxtS9HfDM5HLe5u7exVKtVt/NypVXfqjR3926u15fWqmvVzfn5udcWXl94dWE2yz1WO0u9zE++9Pn3Pv2t3y3++ca329X63EeiEH3tOE3dphc626KnvY22zyLYCEzk7SmMuiIAAJxIex//gxHxic7+fzEmOntzfSZGUTMAAADgtGRfmI5/JxEZAAAAcGmlETEdSVrOxwJMR5peyc8NfDiupbVGs/Wp1cbO5kp7XkQpCunqeq06m48VLkUhaZfn8jG2vfIrfeX5iHgmIr5fvNopl5cbtZURn/sAAACAcXG97/j/H8W0kz/egP8TAAAAAC6u0tACAAAAcFk45AcAAIDLr//4/70R1QMAAAA4E1958812ynrPv155e3dno/H2zZVqc6Nc31kuLze2t8prjcZa55599ePWV2s0tj4Tmzu3Kq1qs1Vp7u4t1hs7m63F9UcegQ0AAACco2c+fvvXSUTsf/ZqJ0V+H0CAR/xh1BUATtPEqCsAjIy7eMP4Koy6AsDIJcfMN3gHAACefDMfPXz9v/f8f+cG4HIz1gcAxo/r/zC+CkYAwlhLI+ID3exTw5YZev3/lyeNkmURd4oHpzi/CAAA52u6k5K0nB8HTEealssRT0ekpSgkq+u16mx+fPCrYuGpdnmu887k2DHDAAAAAAAAAAAAAAAAAAAAAAAAAEBXliWRAQAAAJdaRPqnpHM3/4iZ4kvT/ecHriT/LMYf88KP3vrBraVWa3uuPf1vnWd5XYmI1g/z6a8MfXwYAAAAcNqS/aGzusfp+evcudYKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDFw/947y710nnH/8sWIKA2KPxlTndepKETEtb8nMXngfUlETJxC/P13I+LZQfGTeJBlWSmvxaD4V884fqmzaQbHTyPi+inEh3F2u93/vDHo+5fGC53Xwd+/yTw9ruH9X5pHfrbTzw3qf54+tLb6wBjP3f1ZZWj8dyOemxzc//T632RI/BcPre1fWZYdjvGNr+/tDYuf/ThiZuDvT/JIrEqrvlVp7u7dXK8vrVXXqpvz83OvLby+8OrCbGV1vVbN/w6M8b2P/fzBUe2/NiD+b3/T7X+Pav9Lw1ba5z93b937UDdbGBT/xosDf3+nYkj8NP/t+2Seb8+f6eX3u/mDnv/pneePav/KkO1/3Od/44Ttf/mr3/39CRcFAM5Bc3dvY6lWq24fkZk6wTJPYuYXUxeiGv9nJvtO95O7KPV5v5n23urDKb1WXYCKHchk5xZrIi5Ik/+XGWm3BAAAnIGHO/2jrgkAAAAAAAAAAAAAAAAAAACMr/O4nVh/zP3RNBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ej/DQAA///M/t/r")
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0)
r1 = dup(r0)
read$FUSE(r1, &(0x7f0000003680)={0x2020}, 0x2020)
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000200)={@private0, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000240)=0x20)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x101001a, &(0x7f0000000480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,\x00'], 0xfb, 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000004100)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
syz_usb_disconnect(0xffffffffffffffff)
clock_gettime(0x0, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r8, 0x29, 0xb, 0x0, 0x0)
statx(r4, &(0x7f0000000180)='./file0\x00', 0x800, 0x8, 0x0)
write$FUSE_DIRENTPLUS(r3, &(0x7f0000000c80)={0x158, 0x0, r5, [{{0x6, 0x1, 0x8, 0x9, 0x8000, 0xffffffff, {0x6, 0x0, 0x400, 0x7, 0x1805, 0xa, 0x3, 0x1, 0x600, 0xa000, 0x40c, 0xee00, r7, 0xb0}}, {0x5, 0x0, 0x1, 0xfffffffb, '%'}}, {{0x1, 0x1, 0x8001, 0x361, 0x4, 0x9, {0x0, 0x100, 0x88, 0xf9, 0x8, 0x100, 0x2, 0xc37, 0x10000, 0xc000, 0x8, r6, 0x0, 0x7, 0x8}}, {0x0, 0x9, 0xa, 0x8, '/dev/fuse\x00'}}]}, 0x158)
bind$inet6(r8, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000000ac0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x2, @empty, 0x6}, 0x1c, &(0x7f0000000c40)}}], 0x1, 0x200c0858)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r9, 0xffffffffffffffff, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r10, 0x40405514, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x40, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xc, 0x2, 0x0, 0x22820adc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]})
syz_open_dev$dri(&(0x7f00000000c0), 0x4d9, 0x2)
mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={0x8}, 0x20)
executing program 1:
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x2004010, &(0x7f0000000000)=ANY=[@ANYRES16=0x0, @ANYRES16=0x0, @ANYRES32, @ANYRESDEC], 0x1, 0x1cc, &(0x7f0000000600)="$eJzs281qE10YB/Bn+rbpx4ukC1fiYpauStsraJEKYkBQslAQFNtA6UjBQkAXtjsX3oQX48KtXonLgsKRZvJtLG3UDjS/3yYPM+d/5pwTJskJzPPbrw52D49az1qfYynLYm4r8jjNYjXmouckAIDr5DSl+JZSSosnsfwxUkpVjwgA+Nd8/wPA7Hn85OmD7UZj51GeL0UU79vNdrN8Lc9vt2I/itiL9ajHjzj7gdBV1vfuN3bW847V+FAcd/PH7eZ/o/mNqMfq5PxGmc9H8wuxMpzfjHrcnJzfnJivxZ1aP78QEfX4+jIOo4jdOMsO8u828vzuw8ZY/v9OOwAAALgO1vK+zv69FqP797W10fOD/XGZ384u/P/A2P56Pm7NVzt3AJhVR2/eHrwoir3XUxRL3T5+0+Z7SmnKnoeKLyvlRf60n4sW+4vl9S4f7y1p/8jW+etTTVEbHuFYsTzFUG9cYoLz57bpPXHyN6ecRURVC/4pIip/u6e6qTvFlX4MARUY3P2DY1mVAwIAAAAAAAAAAAAAAH5xFc8VVT1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGbPzwAAAP//t8F8mQ==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x189800, 0x0)
r1 = fsopen(&(0x7f0000000c40)='devtmpfs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x6, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b0000000000000000000000008000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x19, &(0x7f000001b000)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xdc0f}}, @call={0x85, 0x0, 0x0, 0x50}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r4 = inotify_init()
inotify_add_watch(r4, &(0x7f0000000400)='.\x00', 0x20)
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000001c0), 0x100, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x40047211, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000100)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@resgid}, {@data_err_ignore}, {@grpquota}, {@nodioread_nolock}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x563, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbDbp6+/XFEpREQn0YKU2aRJfKnioR9FiQe91SaahdNMt2U1pYsH2YC9epAgiFsS73j0W/wH/ioIWipSgBy+R2czmpdlNtukmu+1+PjDheWZm93memfk+eZ6dWTaAvjWS/SlEvBwR3yQRRyIiybcVI984srLf0uObU9mSxPLyp38l9f2yfOO9Gq87lGdeiojfvoo4VdhcbnVh8UqpXE7n8vxYbfbaWHVh8fTl2dJMOpNenZicPPv25MR7777Tsba+ceGf7z+5/+HZr08sfffLw6N3kzgXh/Nt69vxDG6tz4zESH5MBuPcEzuOd6CwXpJ0uwLsyEAe54OR9QFHYiCPeuDF92VELAN9KhH/0Kca44DG3L5D8+DnxqMPViZAm9tfXPlsJPbX50YHl5INM6NsvjvcgfKzMn79897dbInOfQ4BsK1btyPiTLG4uf9L8v5v5860sc+TZej/YO/cz8Y/bzYb/xRWxz/RZPxzqEns7sT28V942IFiWsrGf+/n5e7fUP7qTavhgTz3v/qYbzC5dLmcZn3b/yPiZAzuy/Jb3c85u/RgudW29eO/bMnKb4wF83o8LO7b+JrpUq30LG1e79HtiFeajn+T1fOfNDn/2fG40GYZx9N7r7Xatn37d9fyTxGvN53/rN3RSra+PzlWvx7GGlfFZn/fOf77xjVrR7Lb7c/O/8Gt2z+crL9fW336Mn7c/2/aatuG9kf71/9Q8lk9PZSvu1Gq1ebGI4aSjzevn1h7bSPf2D9r/8kTW/d/za7/AxHxeZvtv3Ps51fban+Xzv/0U53/p088+OiLH1qV317/91Y9dTJf007/124Fn+XYAQAAAAAAQK8pRMThSAqjq+lCYXR05fmOY3GwUK5Ua6cuVeavTkf9u7LDMVho3Ok+su55iPH8edhGfuKJ/GREHI2IbwcO1POjU5XydLcbDwAAAAAAAAAAAAAAAAAAAD3iUIvv/2f+GOh27YBd18ZPfg/tRT2Avbdt/Hfil56AntTG/3/gBSX+oX+Jf+hf4h/6l/iH/iX+oX+Jf+hf4h8AAAAAAAAAAAAAAAAAAAAAAAAAAAA66sL589myvPT45lSWn76+MH+lcv30dFot5LvMXRudqVRmyunoVGV2u/crVyrXxidi/sZYLa3WxqoLixdnK/NXaxcvz5Zm0ovp4K63CAAAAAAAAAAAAAAAAAAAAJ4/1YXFK6VyOZ2TkNhRotgb1ehSotgb1diFRLd7JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABY818AAAD//0h7Mcc=")
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x2, 0x96)
pwrite64(r5, &(0x7f0000000080)='2', 0x1, 0x40008)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x9, &(0x7f0000000040)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x9b}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860151b0", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendfile(r6, r6, 0x0, 0xe3aa6ea)
truncate(&(0x7f00000002c0)='./file1\x00', 0x42d9)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r9, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
executing program 4:
r0 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_AIE_ON(r0, 0x7001)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000780)={0x1b, 0x6, 0x6, 0x19, 0x8, 0x7ff, 0x5, 0x13b, 0xffffffffffffffff})
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f00000002c0)={[{0x6, 0x4, 0x7, 0x8, 0x8, 0xff, 0x40, 0x4, 0x7f, 0xbe, 0x4, 0x6, 0xfffffffffffffffe}, {0x80, 0x8, 0x4, 0xf7, 0x5, 0x3, 0x1, 0x7, 0x4c, 0x3, 0xfc, 0x7}, {0x9b7, 0x84, 0xba, 0x1, 0x2, 0xc, 0x4, 0x2, 0x7, 0x6, 0x0, 0x0, 0x6}], 0x1})
executing program 4:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400), 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=")
r0 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000500)={0x0, 0x2904c, 0x0, 0x10003, '\x00', [{0x0, 0x0, 0x0, 0x3}, {0xffffffff}]})
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x2000018, &(0x7f00000013c0)=ANY=[], 0xf, 0x6b4, &(0x7f00000000c0)="$eJzs3c9vHGf9B/D3rNcbO98qX6dN2ggVESVSQYpInFgphAsBIZRDhapy4IqVOI2VjVPZLnIrBC5FcELi0D+gIPmGOCBxDwrncuvVx0pIXCIOERyMZnbWXnvX8Tr+GXi9ovHzzDzPPPPZzz4z411ntQH+Z926lOajFLl16a2lcn11Zaq9ujJ1om5uJynrjaTZKVLMJcXj5GbZXvQs6Sn7fDJ7453Pn6x+0Vlr1kvVv/Gs/QYY0He5XnI+yUhd9hsd9hCbxrud5KW+Lq1hx2plbGOlTNrFuoQjt9ZneTe77+a8BY6Z7m2s6Nw3+0wkJ5PqFlb9TlBfHRqHF+HB2NVVDgAAAF5Qnz086ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgxVN//39RL426zPkU3e//b3W31fUX2qOjDgAAAAAAAAAA9sFXnuZplnKqu75WVH/zv1CtnMm/1pL/y/tZyEzmczlLmc5iFjOfq0kmegZqLU0vLs5fXd+zNHjPawP3vHZYjxgAAAAAAAAA/iv9Irc2/v4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHQZGMdIpqOdOtT6TR7FTTKn8sJ3/r1l8QxaCNjw4/DgAAANiTsefY5/+f5mmWcirJH8v1taJ6zf9q9Xp5LO9nLouZzWLamcmd+jV0+aq/sboy1V5dmXpQLv3jfucfuwqjGjGd9x4GH/lc1WM8dzNbbbmc21Uwd9Ko9iyd68YzOK6PypiKb9eGjKxZp7U82G+3exdhX+z2rYiJMrhkPSOTdWxlNk53MlBUb9QkWzPx7Gfn3wOOlEZG1490NY31d37OHEDOT9Zl+Xh+daA53631TDRSZeJaz+x79dmZSL765z/86F577v69uwuXjs9D2sHINtu3zompnky8NigTvQMd60w0d9l/ssrE2fX1W/l+fphLOZ+3M5/Z/CTTWcxM1ur26Xo+lz8nnj1nbm5ae3unSFr189JJ9TAxnc/3qtp0LlT7nspsijzMnczkzerftVzNN3I913Oj5xk+u23c1WOrzvrG1rO++0z/ZWDwF79WV8aT/Lou+3KwxXazc790rv1lXk/35LUz65+s9zrdcx5M9mTp5W52RgcO/jzXxuaX6kp5jI/r8niYqDNRnkDdu0Q3ulc6mWhW96L+ef676txYaM/dn783/d424y9vWX+jLstptfLlYaMc/FTsr3K+vJyx+kqyeXaUba+sX2VOb7qrtuq/uHTaGn1tZ6u2ouieqT/oO1PL+Vqeqa36d7j+ka5Vba8NbJuq2s71tG36fSsP086dQ8gfAHs0kZOt8b+Pfzb+6fgvx++NvzX23RPfPPF6K6N/Hf1Wc3LkjcbrxZ/yaX5Wvf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2aOGDD+9Pt9sz84Mrje2bdqjsNPKWSlF/oc+we/34ZPJ8gR1OZSzJpi2j5YZ9O8THQ3Ye3xpGX2Xt58mh56f7JYKD+/ymrDQzzIA3d+rz0ZHPhGNZGd040UYyeAIc8YUJOHBXFh+8d2Xhgw+/Pvtg+t2Zd2fmRq9fvzF54/qbU1fuzrZnJjs/jzpK4CBs3PSPOhIAAAAAAAAAAABgWIM+IXDhpZ0+NDLUZzz8z0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX9y6lOajFLk6eXmyXF9dmWqXS7e+0bOZpNFIip8mxePkZjpLJnqGK/L7x1kbcJxPZm+88/mT1S82xmp2+ieNutyD5XrJ+SQjdblf493e83jFP7uPsEzYxW7i4Kj9JwAA//93mPQP")
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x34, 0x0, 0x8, 0x5, 0x0, 0x0, {0x3, 0x0, 0x9}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048000)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x14, 0x2, 0x8, 0x201, 0x0, 0x0, {0x5, 0x0, 0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x20004004)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, 0x0)
ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000380)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x0, 0x41, &(0x7f00000002c0)="c26bca8b7597f49c865a04", 0xb, 0x0, 0xfffffffe, 0xfffffffe, 0x5, 0x71a8, 0x0})
ioctl$USBDEVFS_SETINTERFACE(r4, 0x80085504, &(0x7f0000000000)={0x0, 0xf})
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r5 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200, 0xd4}}, 0xe8)
sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0)
executing program 4:
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%.,:', 0x0)
write$binfmt_format(r2, &(0x7f0000000100)='-1\x00', 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000b40), 0x42, 0x80)
close(r0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0xcb)
r7 = socket(0x10, 0x3, 0x0)
write(r7, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe000040000a0000", 0x1c)
executing program 0:
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f000000b780), 0x2, 0x0)
readv(r0, &(0x7f0000002380)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1)
executing program 1:
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000000)=0xfffffffe, 0x4)
executing program 1:
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e23, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, {0xa, 0x4e24, 0x0, @local, 0x7}, 0xffffffffffffffff, {[0x6, 0x8, 0x1ff, 0x2e, 0x2, 0x7, 0x2, 0x81]}}, 0x5c)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
executing program 0:
openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x33b, 0x4000000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=<r3=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_setup(0x7f5b, &(0x7f0000000400)={0x0, 0xd898, 0x800, 0x0, 0x1a9, 0x0, r2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r5}, 0x10)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000580)={0x1, 0x1, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
setns(r2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
unshare(0x62040200)
socket$inet_tcp(0x2, 0x1, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix-pipe-splice-setns-syz_init_net_socket$bt_l2cap-unshare-socket$inet_tcp
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
setns(r2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
unshare(0x62040200)
socket$inet_tcp(0x2, 0x1, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
single: successfully extracted reproducer
found reproducer with 13 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix-pipe-splice-setns-syz_init_net_socket$bt_l2cap-unshare
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
setns(r2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
unshare(0x62040200)

program crashed: INFO: rcu detected stall in batadv_nc_worker
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix-pipe-splice-setns-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
setns(r2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix-pipe-splice-setns
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)
setns(r2, 0x0)

program crashed: lost connection to test machine
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix-pipe-splice
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x7, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix-pipe
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240))
pipe(&(0x7f0000000200))

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime-socketpair$unix
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240))

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-bpf$PROG_LOAD
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, 0x0, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-sched_setscheduler-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-getpid-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
getpid()
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, 0x0, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in corrupted
a never seen crash title: INFO: rcu detected stall in corrupted, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in syscall_enter_from_user_mode
a never seen crash title: INFO: rcu detected stall in syscall_enter_from_user_mode, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in batadv_iv_send_outstanding_bat_ogm_packet
a never seen crash title: INFO: rcu detected stall in batadv_iv_send_outstanding_bat_ogm_packet, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in corrupted
a never seen crash title: INFO: rcu detected stall in corrupted, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in gc_worker
a never seen crash title: INFO: rcu detected stall in gc_worker, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in sys_rt_sigreturn
a never seen crash title: INFO: rcu detected stall in sys_rt_sigreturn, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in sys_getpid
a never seen crash title: INFO: rcu detected stall in sys_getpid, ignore
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
validation run: crashed=true
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

program crashed: INFO: rcu detected stall in corrupted
validation run: crashed=true
reproducing took 2h56m21.819444339s
repro crashed as (corrupted=true):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
	(detected by 1, t=10502 jiffies, g=8173, q=395)
rcu: All QSes seen, last rcu_preempt kthread activity 10501 (4294956243-4294945742), jiffies_till_next_fqs=1, root ->qsmask 0x0
rcu: rcu_preempt kthread starved for 10502 jiffies! g8173 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:R  running task     stack:28032 pid:   15 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5030 [inline]
 __schedule+0x11b8/0x43b0 kernel/sched/core.c:6376
 schedule+0x11b/0x1e0 kernel/sched/core.c:6459
 schedule_timeout+0x15c/0x280 kernel/time/timer.c:1914
 rcu_gp_fqs_loop+0x29e/0x11b0 kernel/rcu/tree.c:1972
 rcu_gp_kthread+0x98/0x350 kernel/rcu/tree.c:2145
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4399 Comm: syz.0.17 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:__preempt_count_add arch/x86/include/asm/preempt.h:80 [inline]
RIP: 0010:__local_bh_disable_ip+0x93/0x190 kernel/softirq.c:336
Code: 44 3c 0b f3 65 8b 05 f4 00 ba 7e a9 00 00 0f 00 0f 85 df 00 00 00 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 4c 8b 74 24 40 fa <65> 01 1d ce 00 ba 7e 65 8b 05 c7 00 ba 7e 31 d8 a9 00 ff 00 00 75
RSP: 0018:ffffc900037bfa60 EFLAGS: 00000046
RAX: 0000000080000000 RBX: 0000000000000200 RCX: ffff8880197b0000
RDX: 0000000000000000 RSI: 0000000000000200 RDI: ffffffff812bdd35
RBP: ffffc900037bfb10 R08: dffffc0000000000 R09: ffffed10032f62b2
R10: ffffed10032f62b2 R11: 1ffff110032f62b1 R12: 1ffff920006f7f4c
R13: 1ffff110032f62f1 R14: 0000000000000246 R15: dffffc0000000000
FS:  0000555575626500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000006b000 CR3: 00000000734d7000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 fpregs_lock arch/x86/include/asm/fpu/api.h:70 [inline]
 copy_fpstate_to_sigframe+0x1fc/0xb90 arch/x86/kernel/fpu/signal.c:198
 get_sigframe arch/x86/kernel/signal.c:295 [inline]
 __setup_rt_frame arch/x86/kernel/signal.c:471 [inline]
 setup_rt_frame arch/x86/kernel/signal.c:780 [inline]
 handle_signal arch/x86/kernel/signal.c:824 [inline]
 arch_do_signal_or_restart+0x67a/0x1300 arch/x86/kernel/signal.c:869
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7feb179aebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe2579c158 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 00007feb17bd5fa0 RCX: 00007feb179aebe9
RDX: 000020000006b000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007feb17a31e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007feb17bd5fa0 R14: 00007feb17bd5fa0 R15: 0000000000000004
 </TASK>

report is corrupted, running repro again
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-timer_create-timer_settime
program crashed: INFO: rcu detected stall in batadv_iv_send_outstanding_bat_ogm_packet
final repro crashed as (corrupted=false):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P3065/1:b..l
	(detected by 1, t=10502 jiffies, g=7141, q=1550)
task:kworker/u4:4    state:R  running task     stack:27232 pid: 3065 ppid:     2 flags:0x00004000
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5030 [inline]
 __schedule+0x11b8/0x43b0 kernel/sched/core.c:6376
 preempt_schedule_irq+0xb1/0x150 kernel/sched/core.c:6780
 irqentry_exit+0x63/0x70 kernel/entry/common.c:432
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:lock_acquire+0x1f2/0x3f0 kernel/locking/lockdep.c:5627
Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f6 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 66 43 c7 44 3d 09 00 00 43 c6 44 3d 0b
RSP: 0018:ffffc9000ce3f900 EFLAGS: 00000206
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 57343770c3666500
RDX: 0000000000000000 RSI: ffffffff8a0b2860 RDI: ffffffff8a599340
RBP: ffffc9000ce3fa20 R08: dffffc0000000000 R09: fffffbfff1ff6e19
R10: fffffbfff1ff6e19 R11: 1ffffffff1ff6e18 R12: ffffffff8c11c360
R13: 1ffff920019c7f2c R14: 0000000000000246 R15: dffffc0000000000
 rcu_lock_acquire+0x2a/0x30 include/linux/rcupdate.h:312
 rcu_read_lock include/linux/rcupdate.h:739 [inline]
 batadv_iv_ogm_slide_own_bcast_window net/batman-adv/bat_iv_ogm.c:754 [inline]
 batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:825 [inline]
 batadv_iv_ogm_schedule+0x432/0xe90 net/batman-adv/bat_iv_ogm.c:868
 batadv_iv_send_outstanding_bat_ogm_packet+0x72d/0x840 net/batman-adv/bat_iv_ogm.c:1712
 process_one_work+0x863/0x1000 kernel/workqueue.c:2310
 worker_thread+0xaa8/0x12a0 kernel/workqueue.c:2457
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
rcu: rcu_preempt kthread timer wakeup didn't happen for 6935 jiffies! g7141 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
rcu: 	Possible timer handling issue on cpu=0 timer-softirq=2940
rcu: rcu_preempt kthread starved for 6936 jiffies! g7141 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt     state:I stack:27008 pid:   15 ppid:     2 flags:0x00004000
Call Trace:
 <TASK>
 context_switch kernel/sched/core.c:5030 [inline]
 __schedule+0x11b8/0x43b0 kernel/sched/core.c:6376
 schedule+0x11b/0x1e0 kernel/sched/core.c:6459
 schedule_timeout+0x15c/0x280 kernel/time/timer.c:1914
 rcu_gp_fqs_loop+0x29e/0x11b0 kernel/rcu/tree.c:1972
 rcu_gp_kthread+0x98/0x350 kernel/rcu/tree.c:2145
 kthread+0x436/0x520 kernel/kthread.c:334
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287
 </TASK>
rcu: Stack dump where RCU GP kthread last ran:
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4293 Comm: syz-executor332 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:check_kcov_mode kernel/kcov.c:172 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x13/0x60 kernel/kcov.c:206
Code: 48 8b 3d c0 ac f1 0b 48 89 de 5b e9 77 99 43 00 00 00 cc cc 00 00 cc 48 8b 04 24 65 48 8b 0d 94 ab 8a 7e 65 8b 15 95 ab 8a 7e <81> e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 34 16 00 00
RSP: 0018:ffffc90000007d18 EFLAGS: 00000046
RAX: ffffffff8167bb8f RBX: ffff8880b902a280 RCX: ffff888027311dc0
RDX: 0000000080010002 RSI: 0000003e4d9b5d80 RDI: 0000003e4d59fe82
RBP: ffffc90000007e98 R08: 0000000000000004 R09: 0000000000000003
R10: fffff52000000f80 R11: 1ffff92000000f80 R12: 0000000000000000
R13: 1ffff11017205452 R14: 0000003e4d59fe82 R15: dffffc0000000000
FS:  00005555864da480(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6c646883a0 CR3: 0000000021f17000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __next_base kernel/time/hrtimer.c:480 [inline]
 __hrtimer_run_queues+0xbdf/0xc40 kernel/time/hrtimer.c:1728
 hrtimer_interrupt+0x3bb/0x8d0 kernel/time/hrtimer.c:1816
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1097 [inline]
 __sysvec_apic_timer_interrupt+0x137/0x4a0 arch/x86/kernel/apic/apic.c:1114
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1108 [inline]
 sysvec_apic_timer_interrupt+0x9b/0xc0 arch/x86/kernel/apic/apic.c:1108
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:676
RIP: 0010:__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:169 [inline]
RIP: 0010:_raw_spin_unlock_irq+0x25/0x40 kernel/locking/spinlock.c:202
Code: f6 ff 0f 1f 00 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 7e db aa f7 48 89 df e8 46 b0 ab f7 e8 91 46 cc f7 fb bf 01 00 00 00 <e8> 76 d4 9f f7 65 8b 05 17 d4 50 76 85 c0 74 02 5b c3 e8 c4 de 4e
RSP: 0018:ffffc900033cfbc0 EFLAGS: 00000282
RAX: 995d13ce0acb8c00 RBX: ffff88807b820940 RCX: 995d13ce0acb8c00
RDX: dffffc0000000000 RSI: ffffffff8a0b15c0 RDI: 0000000000000001
RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffed100f704129
R10: ffffed100f704129 R11: 1ffff1100f704128 R12: ffff88807b820940
R13: 0000000000000021 R14: dffffc0000000000 R15: 000000001c000004
 spin_unlock_irq include/linux/spinlock.h:413 [inline]
 get_signal+0x11d6/0x12c0 kernel/signal.c:2903
 arch_do_signal_or_restart+0xc1/0x1300 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0x9e/0x130 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:214
 __syscall_exit_to_user_mode_work kernel/entry/common.c:296 [inline]
 syscall_exit_to_user_mode+0x16/0x40 kernel/entry/common.c:307
 do_syscall_64+0x58/0xa0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f6c645c2ebc
Code: 1e fa 80 3d 05 55 0c 00 00 75 2b 55 48 83 3d 7a 30 0c 00 00 48 89 e5 74 0c 48 8b 3d 56 32 0c 00 e8 49 e3 ff ff e8 64 ff ff ff <c6> 05 dd 54 0c 00 01 5d c3 0f 1f 00 c3 0f 1f 80 00 00 00 00 f3 0f
RSP: 002b:00007fff2cd685d0 EFLAGS: 00010246
RAX: 00007f6c64687af0 RBX: 0000000000000001 RCX: 0000000000000004
RDX: 00007f6c6468aec0 RSI: 0000000000000000 RDI: 00007f6c64687af0
RBP: 00007fff2cd685d0 R08: 00007fff2cd6867c R09: 00007fff2cd6867c
R10: 0000000000000000 R11: 0000000000000293 R12: 00007f6c6468aea8
R13: 0000000000000000 R14: 00007f6c6468aec0 R15: 00007f6c645c6670
 </TASK>
sched: RT throttling activated