Extracting prog: 11m0.449182474s
Minimizing prog: 18m25.712717778s
Simplifying prog options: 0s
Extracting C: 20.996369354s
Simplifying C: 5m9.788996992s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000600)={0xcc, 0x0, 0x1})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-syz_mount_image$ext4-openat$dir-lseek
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@errors_remount}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x22}}, {@noauto_da_alloc}, {@jqfmt_vfsv1}, {@oldalloc}, {@init_itable}]}, 0x2, 0x460, &(0x7f0000000200)="$eJzs289vFFUcAPDvzLZFfrYi/gBRq8TY+KOlBZWDF40mHjCa6AGPtS2EUKihNRFCpBqDFxNDomfj0cS/wJsXo55MvOrdkBDlAnqqmdmZul12uyxsd4H9fJJp39t5u/O+O+/NvnlvN4C+NZr9SSK2RcTvETFcza4tMFr9d+3KuZl/rpybSWJl5e2/krzc1SvnZsqi5fO2FpmxNCL9NCkOstbimbMnpufn504X+Ymlk+9PLJ45+9zxk9PH5o7NnZo6dOjggckXX5h6viNxZnFd3fPRwt7dr7978Y2ZIxff+/m7rL7biv21cXTKaBb43yu5+n1PdvpgPba9Jp0M9LAitKUSEdnpGsz7/3BU4v+TNxyvfdLTygEbKvts2tR89/IKcBdLotc1AHqj/KDP7n/LrUtDj9vC5ZerN0BZ3NeKrbpnINKizGDd/W0njUbEkeV/v8622KB5CACAWp/PfHU4nm00/kvjgZpyO4o1lJGIuDcidkbEfRGxKyLuj8jLPhgRD7V5/PqloevHP+mlmwrsBmXjv5eKta21479y9BcjlSK3PY9/MDl6fH5uf/GejMXgpiw/uc4xfnj1ty+a7asd/2VbdvxyLFjU49JAOUFXVGl2emk6H5R2wOWPI/YMNIo/WV0JSCJid0Tsae+ld5SJ409/u7dZodbxr6MD60wr30Q8VT3/y1EXfylZf31y4p6Yn9s/UbaK6/3y64W3mh3/luLvgOz8b1nb/uuLjCS167WL7R/jwh+fNb2naav9F7L2P5S8k1+PhorHPpxeWjo9GTGUHI5YqayWzR+fiuvyZfks/rF9jfv/zuI5WfwPR0TWiB+JiEcj4rGi7o9HxBMRsW+d+H96pfm+lvFvXueFOyCLf7bh9W+1/ded//YTlRM/fn/T8efn/2CeGiseya9/LdxoBW/lvQMAAIA7RZp/Bz5Jx1fTaTo+Xv0O/67Yks4vLC49c3Thg1Oz1e/Kj8RgWs50DdfMh04my8UrVvNTxVxxuf9AMW/8ZWVznh+fWZif7XHs0O+2Nun/mT8rLZ++wbOTwIZrtI42NdSDigBdV9//07XZ8292szJAV/m9NvSvFv0/7VY9gO67sc9/c31wN2rU/8/X5VuvBQB3Ivf/0L/0f+hf+j/0L/0f+tKt/K5fop8Tkd4W1WiV0MJvMtHrKxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBn/BcAAP//UUjvgw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io$hid-syz_usb_control_io$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222800000096030094"], 0x0}, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-syz_open_dev$loop-openat$cgroup_ro-ioctl$LOOP_CONFIGURE-ioctl$LOOP_CHANGE_FD-socket$inet6_udplite-ioctl$TCSETS-syz_open_pts-sendmsg$netlink
detailed listing:
executing program 0:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000280)={[{@usrquota}, {}, {@nobh}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x1001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xcddc, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c07, 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x6, "00009200000000000000000000000058b200"})
syz_open_pts(0xffffffffffffffff, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x20000850)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix-sendmmsg$unix-recvmmsg-bpf$MAP_CREATE_CONST_STR-bpf$MAP_CREATE_RINGBUF-bpf$PROG_LOAD
detailed listing:
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [2, 13, 12, 2, 3, 2, 2, 7, 2, 2, 22, 5, 13, 4, 7, 3, 9, 18, 10, 8, 21, 3, 19, 2, 7, 16, 9, 3, 4, 3]
detailed listing:
executing program 4:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x23, 0x204, &(0x7f0000000cc0)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c001000c845f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714b5e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b048d856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2903d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000600000000000000000000f80000000000000000000000000000000000000000005593e85f00"})
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file3\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r3}, 0x10)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6)
executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r3 = syz_open_procfs(r1, &(0x7f0000000040)='smaps\x00')
preadv(r3, &(0x7f0000000440)=[{&(0x7f00000041c0)=""/4096, 0x1000}], 0x1, 0x1e, 0x20704513)
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
dup(0xffffffffffffffff)
gettid()
executing program 1:
r0 = io_uring_setup(0x2c4c, &(0x7f00000000c0)={0x0, 0x2, 0x1000, 0x1000000, 0x4})
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x18, 0x0, 0x1)
executing program 1:
syz_mount_image$fuse(0x0, 0x0, 0x10, 0x0, 0x1, 0x0, &(0x7f00000002c0)="8031d5af7052c0c9ecd2")
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
executing program 4:
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
executing program 0:
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000040)={'syz_tun\x00', {0x2, 0x4e23, @local}})
executing program 0:
r0 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x655e, 0x4)
r1 = dup2(r0, r0)
setsockopt$inet6_int(r1, 0x29, 0x33, &(0x7f0000000580)=0x7ff, 0x44)
write$tun(r1, &(0x7f0000000040)=ANY=[], 0x46)
recvmmsg(r1, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2022, 0x0)
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="680000001400010000000000fbdbdf25e0000001000000000000000000000000fc000000000000000000000000000000000000000007000000", @ANYRESDEC], 0x68}}, 0x4004040)
executing program 3:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
chroot(0x0)
executing program 3:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x200, 0x101000)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000007200)=0x800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1c}}, 0x200}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x18, 0x0, &(0x7f00000001c0))
executing program 0:
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000280), 0x5, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2042, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file1'}, 0x5e)
unlink(&(0x7f0000000000)='./file1\x00')
close(r0)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
r2 = syz_io_uring_setup(0x7a6e, &(0x7f0000000040)={0x0, 0x2000}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_register$IORING_REGISTER_BUFFERS2(r2, 0x2, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[r2]}, 0x1)
executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000080)={0xa, 0x4e22, 0x1000000080000, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@rthdrdstopts={{0x12, 0x29, 0x32, {0x3a}}}], 0x18}, 0x0)
executing program 3:
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x18502, &(0x7f0000001b80)=ANY=[], 0x1, 0x11f3, &(0x7f0000000980)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fcntl$setstatus(r1, 0x4, 0x4400)
dup3(r1, r0, 0x0)
io_setup(0x6, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}])
executing program 0:
syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x58b9, &(0x7f0000000000)={0x0, 0x3d63, 0x2, 0x1, 0x161}, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_enter(r0, 0x10de, 0x5bfc, 0x3, 0x0, 0x0)
executing program 1:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x16, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000640)="a6dd10154eae5588333a0309e91cc5e16af5c44251b238d99a74e4f558447fa635c685f062d42da23f0e6bc75fdd8c28021bde9a93296cff2c129a29b07a1f85be5ee592ea12733bac889db86e1268033b2973c5091a4af73afa050019e1e8ec2f0c12eef8870d5e041c98919e5523d4f6494df85607d4a2b06e7cef02df24ed431a0539757f4d324a10b509fb037ce369211b9097419da127af0ece4bae11c7ecf3cca9b9db37151223be609f8098696b4b7e09b75687e1dca8b700e395a1d41320c986c733851c5bf3b0bbad2285cbdc5be094c5ef984495c98cfb8db4195fb7e96b19408606358ecc47663e819fa3eac7f97bdfe0047993352b3e46ecebf87b32760bd6ce3d49968289945632afb5bab6cd0572a35a3310de0d4f5af07c16d3e27c6e1a194d8ee0f65dfc35762203d428c2a8ca104b77b46da04be3f62249189c6c9caaaeaaed8b0cca03e77549c87c745e883c8ecf69f999c51b48a78d82d69f3ff7345472d9fa862bae5cd3c9698c36f28b554331bed72960024b761a7a3e3d997c6bf37ce0f02617aec379665df22bec814ae14470a9f0f1b16a2cf14fb095b82f9c466e117a97023883585bdd4da624599f958df08bf7a6e2bdfab57663ed83cc8c0294195394f2161ed1373d90c4447a573a7a0c595f6afaac13c9975e886417bb56462fc05b3b2381ebbb49319d99629e1e6651df07b69eda145254730926f721e156ac37092025b06320e96f0e3d130870c8ddde1c22484900d2af30991afb74cc82b62640c743b58b38c5bbf12b1400decc8bb46bf91c4a94937dfc4b5d3d3d927ffacdf555247c70f59c0118aa9f7c632fb9764e55e978db25efa68c8aac37921702a3fca2ae380d88f7779be190aa6c2e0c4ede7c83f2db7aff301227556083e571cd42f1c0dfd89e1c961cd82ca5d8f3a8f38b50c728e2fe25bbd7bdd693bd1cf1f947a85fc4d2302d78245bc149e63ea80c80971b196c448ae960951de0acf3910c23894538e1ceacbfb1e5dad460a54487cf84f5f542be7b5795fdb9f9a56dc41c0e6965fd29f633b97918fb5959f86edece2987d192b3a73cfd47533dd63478749d67561e737ebea0f213dd4ea9c23254ef0903ba52383409389404478d8c23d08fd8cf6acfcbae0b102ee0ea0c11177fb23c54f7cfeaefae260b6b9a07145a57fcd1389de9377d44f6c63c1d410c132ff8339b11676970cf7723816eb9adc63c00e3ac1b2890e0a67392fc5091c627e0b14cfc9eb4235bd9f409fca9f8fb0f03abdbb1fa15de4e27f3bbf265acfa9adf6d8ed4b60121b6b803b982db50c57eb5be8e383d72ab7b991a60fa656227158bbe63f107515506cdb71b8f16bcc0382e372ff3efe3d5d0c1dcebeb60126bcbba6d26d5bb525c0ce9592e50ce5041966b9f7e476e5c9fb1a64416489a3e1517b50ebfd491ef78a7c871a8b542c76b7305e007addf2d70004e6056e6e9cac6bf701b802550d4e9e2ab24bea0e0e3c216c7470528d5f28fc9f84db3ec3fc19ae5833a8985e2346629376f28ea37313cd272bbd5bd40b2181b8d4889aa8a0058f3610e9aac4df03eaa876beee81d73ed441c501de4ff3150d87f0c8a2cf137978be35e482daceed7c07ac16f07c9d248ec68a8f40288d679df4d04080ada7683b07afdc725458e92db998430f884e5a6c88f34910a45ab9e23cf63a335e60b0a3ccc0aa707136361510823c7988d7d65ca122e6d9bfe9049cda1af47c5fc44c80e17abbb22cf69e206e2e8314b6e4684390eab2d05ad596ff229c286d428c1f93421bc66a72a6d825b89631baa06b7300e5e5e6e84a7c11cf0cb2433f29c807078f39cfc201924b75960e37d3792dd5cd2e2f960b8071e80a99390ff930086284ae64b3cfb6a936ee65ef507ac91ac86b6f4eda086aed8671fa3506b81432f9f1aa19c42a750f35a5419d49bc780be79cd91c964b91fcbaedf9d9b493d92e0a642332653d83637655a111311d1ba7d5a671abb2db3fc789de2d1a8a15a13daeac79ea4fcebd172c627065870a311efd0dbac4b35650f7d0cd7d260c04d3990f8d6c0c3d0a272ae1c6e9af2e412ef94d1463cb0b7c32fa44407c59a20172a53a4467b5e2b0c5022ec23c1ababf1bdf853cbbaf25cb637aeb80af99eda97f869e163a69c80e407cf0f28f5e2446124ee3faef3b0f4a419d5e81c75e95e810c2dccbccdc25075d6fcc8e9a7e6b449af5cb99fb02390eb04eff579364ccede49fea8164009cf1b0b632b6a02c1e1cde4411d93e96592ab580944142a753ea2eba7c43cc5b4c13275267f30914c06ad49afa2a4fba84a22d5c0f4a8b56fba8492467de9e811efb48d08ad59045c3b2a2055f76d89394e28cbc5015da8c4ff50935463dea2a44110e763a2d552fa92d98b50ad5d8274623c9ee98e53708f02fba46ae232e947f783554d279343c048dec127d41426dea7cfd4c3879b7b251fd549861fb4a585dd64b20664bec834a2e9ea723f0cee7060b3e3c9023928cab5866741a9cdc88118a244ca89518e29965f7c9e31709838a7c590a6f2de8b99182b6d2f2b0cb99bb808077a27f0403c82ebfe72f7deea3a5d4f061fca6a98efacb08e776bd04a6b456055e6f6d76267983d25cd37b6c16d0e7c757a56542c88950a8edd763f4f500cbd18da65cd78451f445a1cb5229b333869f392174a54c43fa22eb9279641f8c964468c1a548b33a74d61ee1960e349caf7d30eb241ea03ef3bb1489fddb8c635b8bc39ac5f53b07191fd1a0b57cc432aefe84f824625be7cd6082b6a4efac51cb230f83da7280b5783b91d3774fc4d00164e032dc52e8cfddbbe6769083a7ab7de07391d98af8cf7d953a4ee3a70d339d9dc4fe936676a8fb6c4d439deb1eb5c3225a9f10892986dc775381c5619fee6271f50a15bb14f77cff07574f23368db1973ac148dd16fab08bf3f7668bc705ee7ac4c82ec8b6054ac3ea2b8733d1546ae71f2428b1544e069a9e14325c3a6217c0e0df0ef753cff90a60631de534152154b84a34b3771eabaf8cd8b6aef44f4259200f6dab7d6c72c7226d882e5eba90e66bc7bbf31080deeffe758d7b9d2e4cd543c0650a15a12f04c0a045969b264d65afe78b402cbd0d37dcedc89424a728ec2014dd7d591535d38c156d00b8d75a016688014922b6cc585abcf66f744e8f17224a0f217e390e9c937072086ec028e1ffc5d312169b71e30b6d4f24288a382a40897c65dafdd8b2eb78291deb1e3213c7f243b30f9431a067131bc521328fa1bb4fd619895931131586a069d10813c7547e4e51cfa2e38f6c5899bd1db38afdcfb488fb3f145f48edff41bee99d511ee110a4b202d4a3e1e7eafa7e39ec82a77742c6a55cbca47ab52af0ba7dc496647975f7f180c9c7c2ed877ca16fa07e2bb3e632ee4509c58e924da4505a74dfca0b9f137173ac2c59e6a05c3bd433aaf2e302614aeddb99c666ab7a243fe3239b44a1468b8399737be83c1c6c7782fd950b053a53d98d55eb1f40d2cd94f088a6927cfc61df4d6ad7aede4f20444f768322db3d4d8d2ce9a7fac41115ec0a82f7e8c792c26be30f2d8e397eb6a50e3d59dd13d473411a56867d0938db978405fbb5068ea77ce40daa5390f4ed409a1cc70bfc54afaadd04c4671c02b826fc558f3585b256def184d2f69cc67539e26d03fa20d12721ad6ed9f5fcec41588b93fe9fa93f71caaca99987d1a65ef2773b160d74871b5b0e30e12585c609240d0eed3697cbf03c292407fc7a8c80a8e0369b6e8f311cf8fdb8cf1a3caaa32f2147b8fd0cb359e8f585c975f8c96b5648ff9", 0xa8c}], 0x1}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
listen(0xffffffffffffffff, 0x0)
shutdown(r0, 0x0)
executing program 2:
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
executing program 1:
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x1000840, &(0x7f0000000c00)=ANY=[@ANYBLOB='shortname=mixed,sys_immutable,nfs,iocharset=cp936,shortname=lower,rodir,nocase,codepage=860,shortname=lower,shortname=lower,shortname=win95,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c646973636172642c73686f72746e616d653d77696e39352c756e695f786c6174653d302c0061a98eed20cb46078e5a4a40eed4c77e7462b84482aa7061236bf6bf5f48d7580feb45e35df449cbc10bccc2d8eb7a405ecd33c7efe0552ac1485c1dc47fec07062af97740e17f7fed7c51b26811fd16e28ca3f29cfad88fc4c5504243392e01cbdde7b5c763979598f95f09b95d2c45628665902b30ddfbf9bbd38185eabec1312bac0ff85a1ffbe2a612f453253bf5fcac7dd1e683bf671e2c5362e5a7"], 0x43, 0x350, &(0x7f0000000580)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=")
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4000000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x38, r3, 0x10ada85e65c25359, 0x0, 0x8000000, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x5, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}]}]}]}, 0x38}}, 0x0)
executing program 2:
unshare(0x6060400)
r0 = socket(0x10, 0x2, 0x0)
getpeername$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000003c0)=0xffffff54)
executing program 4:
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', <r6=>0x0})
sendto$packet(r4, &(0x7f0000000180)="0b03feff6d12020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r6}, 0x14)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x28000)
io_setup(0x7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000380)='./file0\x00', 0x8000, &(0x7f0000000440)=ANY=[@ANYBLOB='\x00', @ANYRES64, @ANYRESOCT], 0xfd, 0x277, &(0x7f0000000000)="$eJzs3cFqE10UB/CTNm3zdZPA50pcDLhxFZq+wSAVxIAQyaKuGmwL0oTCFAK6sN35Lj6Oj+ETRBAizQSTqaMgto4mvx8Mc8jNH+5kkXsX5yZHD0Znx+cXp4f/f4pGI4l6xFV8jojYiM0oqs2u7cJrVwEA/Gt6vUFa9Ry4W1mWDrYiYue7kf6HSiYEAAAAAAAAAADAbyvt/59EtJb6/2vz+4b+fwBYCfr/V1+WpYPd+f6tSP8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUJ3JdNqc/uSqen4AwO2z/gPA+rH+A8D6mRTW+lpY/wFg9b04fPks7XYPeknSiBi9H/fH/fyej6en8TqGcRJ70Ywvcb0/mMvrJ0+7B3vJTCuORpfz/OW4v1nMd6IZrfJ8J88nxfxW7C7n96MZ98rz+6X57Xj0cCnfjmZ8fBXnMYzjuM4u8u86SfL4efdGfmf2PgAAAAAAAAAAAAAAAAAAAPgT2sk3pef32+0fjef5X/h9gBvn6+txv17tswMAAAAAAAAAAAAAAAAAAMDf4uLN27PBcHiSKW6h+M+nqliRouIvJgAAAAAAAAAAAAAAAAAAWEOLQ79VzwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqrP4//+7K6p+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA9fA0AAP//C4boJw==")
executing program 2:
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file3\x00', 0x40, &(0x7f00000003c0)=ANY=[], 0x1, 0x1e9, &(0x7f00000004c0)="$eJzslb2O00AUhc+Mg+NFPAESomAllgLHdgDRrLTbbEWBxM+KAomIOFHAAZS4IJEQ4gno6Sh4CoQELQ+BAg00oYJ60PzYHiw7ICtRir1fcXM8nrm+c+2cAUEQJ5ZvX38vxK/97x6AM9hF24z/cIo53Jr/xfv54tONo+PX9999bi/8naqcQvz/81sAPh46SIu19uOwa35vg+f6DjguGX0MBt/oB+C4a3QMhntGP8r0KRkYfN8fjJLYf/g06UsRyBDKEMnQLde3fMXQz+sTgln3p7P5416SxJPpbC7TK5GPrEf8q3/LQ459qz6ut6nwjQis/oXgCI3uguGW0dfRznqjW2Lt/2yryO/U7F8LF2vd/2ADDc2FC6DZctngDRa2AeFVfZ0OlMjeaGkVW++rbCLk9yYra5oHre13vlrIP1TploeGCT8c6PeXjYiX+nrVqvdH5ZGDmsnuyjy1nc/9SbxluGj5k7aSN+qo6aTjZ53pbH55NO4N42H8JIq614IrQXA16igj0vFv0+O2/+0ofzpd5K88kyQuc/G8l6aTUMf8OtKxynG58j+OvQvZ6QG4pbxeIc9lc7j6lWrPqauHIAhim5wHU56sfDkT5jTJbwgR3dxynQRBEARBEARBEARBNOdPAAAA///5alfg")
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file3\x00', 0x0, 0x0)
executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
dup(r0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
unshare(0x22020600)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x7})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
executing program 1:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000280)={[{@usrquota}, {}, {@nobh}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x1001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xcddc, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c07, 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x6, "00009200000000000000000000000058b200"})
syz_open_pts(0xffffffffffffffff, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x20000850)
executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222800000096030094"], 0x0}, 0x0)
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@errors_remount}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x22}}, {@noauto_da_alloc}, {@jqfmt_vfsv1}, {@oldalloc}, {@init_itable}]}, 0x2, 0x460, &(0x7f0000000200)="$eJzs289vFFUcAPDvzLZFfrYi/gBRq8TY+KOlBZWDF40mHjCa6AGPtS2EUKihNRFCpBqDFxNDomfj0cS/wJsXo55MvOrdkBDlAnqqmdmZul12uyxsd4H9fJJp39t5u/O+O+/NvnlvN4C+NZr9SSK2RcTvETFcza4tMFr9d+3KuZl/rpybSWJl5e2/krzc1SvnZsqi5fO2FpmxNCL9NCkOstbimbMnpufn504X+Ymlk+9PLJ45+9zxk9PH5o7NnZo6dOjggckXX5h6viNxZnFd3fPRwt7dr7978Y2ZIxff+/m7rL7biv21cXTKaBb43yu5+n1PdvpgPba9Jp0M9LAitKUSEdnpGsz7/3BU4v+TNxyvfdLTygEbKvts2tR89/IKcBdLotc1AHqj/KDP7n/LrUtDj9vC5ZerN0BZ3NeKrbpnINKizGDd/W0njUbEkeV/v8622KB5CACAWp/PfHU4nm00/kvjgZpyO4o1lJGIuDcidkbEfRGxKyLuj8jLPhgRD7V5/PqloevHP+mlmwrsBmXjv5eKta21479y9BcjlSK3PY9/MDl6fH5uf/GejMXgpiw/uc4xfnj1ty+a7asd/2VbdvxyLFjU49JAOUFXVGl2emk6H5R2wOWPI/YMNIo/WV0JSCJid0Tsae+ld5SJ409/u7dZodbxr6MD60wr30Q8VT3/y1EXfylZf31y4p6Yn9s/UbaK6/3y64W3mh3/luLvgOz8b1nb/uuLjCS167WL7R/jwh+fNb2naav9F7L2P5S8k1+PhorHPpxeWjo9GTGUHI5YqayWzR+fiuvyZfks/rF9jfv/zuI5WfwPR0TWiB+JiEcj4rGi7o9HxBMRsW+d+H96pfm+lvFvXueFOyCLf7bh9W+1/ded//YTlRM/fn/T8efn/2CeGiseya9/LdxoBW/lvQMAAIA7RZp/Bz5Jx1fTaTo+Xv0O/67Yks4vLC49c3Thg1Oz1e/Kj8RgWs50DdfMh04my8UrVvNTxVxxuf9AMW/8ZWVznh+fWZif7XHs0O+2Nun/mT8rLZ++wbOTwIZrtI42NdSDigBdV9//07XZ8292szJAV/m9NvSvFv0/7VY9gO67sc9/c31wN2rU/8/X5VuvBQB3Ivf/0L/0f+hf+j/0L/0f+tKt/K5fop8Tkd4W1WiV0MJvMtHrKxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBn/BcAAP//UUjvgw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000600)={0xcc, 0x0, 0x1})

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
bisect: bisecting 30 programs
bisect: split chunks (needed=false): <30>
bisect: split chunk #0 of len 30 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=35s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 5, 13, 4, 7, 3, 9, 18, 10, 8, 21, 3, 19, 2, 7, 16, 9, 3, 4, 3]
detailed listing:
executing program 3:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x200, 0x101000)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000007200)=0x800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1c}}, 0x200}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x18, 0x0, &(0x7f00000001c0))
executing program 0:
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000280), 0x5, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2042, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file1'}, 0x5e)
unlink(&(0x7f0000000000)='./file1\x00')
close(r0)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
r2 = syz_io_uring_setup(0x7a6e, &(0x7f0000000040)={0x0, 0x2000}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_register$IORING_REGISTER_BUFFERS2(r2, 0x2, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[r2]}, 0x1)
executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000080)={0xa, 0x4e22, 0x1000000080000, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@rthdrdstopts={{0x12, 0x29, 0x32, {0x3a}}}], 0x18}, 0x0)
executing program 3:
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x18502, &(0x7f0000001b80)=ANY=[], 0x1, 0x11f3, &(0x7f0000000980)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fcntl$setstatus(r1, 0x4, 0x4400)
dup3(r1, r0, 0x0)
io_setup(0x6, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}])
executing program 0:
syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x58b9, &(0x7f0000000000)={0x0, 0x3d63, 0x2, 0x1, 0x161}, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_enter(r0, 0x10de, 0x5bfc, 0x3, 0x0, 0x0)
executing program 1:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x16, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000640)="a6dd10154eae5588333a0309e91cc5e16af5c44251b238d99a74e4f558447fa635c685f062d42da23f0e6bc75fdd8c28021bde9a93296cff2c129a29b07a1f85be5ee592ea12733bac889db86e1268033b2973c5091a4af73afa050019e1e8ec2f0c12eef8870d5e041c98919e5523d4f6494df85607d4a2b06e7cef02df24ed431a0539757f4d324a10b509fb037ce369211b9097419da127af0ece4bae11c7ecf3cca9b9db37151223be609f8098696b4b7e09b75687e1dca8b700e395a1d41320c986c733851c5bf3b0bbad2285cbdc5be094c5ef984495c98cfb8db4195fb7e96b19408606358ecc47663e819fa3eac7f97bdfe0047993352b3e46ecebf87b32760bd6ce3d49968289945632afb5bab6cd0572a35a3310de0d4f5af07c16d3e27c6e1a194d8ee0f65dfc35762203d428c2a8ca104b77b46da04be3f62249189c6c9caaaeaaed8b0cca03e77549c87c745e883c8ecf69f999c51b48a78d82d69f3ff7345472d9fa862bae5cd3c9698c36f28b554331bed72960024b761a7a3e3d997c6bf37ce0f02617aec379665df22bec814ae14470a9f0f1b16a2cf14fb095b82f9c466e117a97023883585bdd4da624599f958df08bf7a6e2bdfab57663ed83cc8c0294195394f2161ed1373d90c4447a573a7a0c595f6afaac13c9975e886417bb56462fc05b3b2381ebbb49319d99629e1e6651df07b69eda145254730926f721e156ac37092025b06320e96f0e3d130870c8ddde1c22484900d2af30991afb74cc82b62640c743b58b38c5bbf12b1400decc8bb46bf91c4a94937dfc4b5d3d3d927ffacdf555247c70f59c0118aa9f7c632fb9764e55e978db25efa68c8aac37921702a3fca2ae380d88f7779be190aa6c2e0c4ede7c83f2db7aff301227556083e571cd42f1c0dfd89e1c961cd82ca5d8f3a8f38b50c728e2fe25bbd7bdd693bd1cf1f947a85fc4d2302d78245bc149e63ea80c80971b196c448ae960951de0acf3910c23894538e1ceacbfb1e5dad460a54487cf84f5f542be7b5795fdb9f9a56dc41c0e6965fd29f633b97918fb5959f86edece2987d192b3a73cfd47533dd63478749d67561e737ebea0f213dd4ea9c23254ef0903ba52383409389404478d8c23d08fd8cf6acfcbae0b102ee0ea0c11177fb23c54f7cfeaefae260b6b9a07145a57fcd1389de9377d44f6c63c1d410c132ff8339b11676970cf7723816eb9adc63c00e3ac1b2890e0a67392fc5091c627e0b14cfc9eb4235bd9f409fca9f8fb0f03abdbb1fa15de4e27f3bbf265acfa9adf6d8ed4b60121b6b803b982db50c57eb5be8e383d72ab7b991a60fa656227158bbe63f107515506cdb71b8f16bcc0382e372ff3efe3d5d0c1dcebeb60126bcbba6d26d5bb525c0ce9592e50ce5041966b9f7e476e5c9fb1a64416489a3e1517b50ebfd491ef78a7c871a8b542c76b7305e007addf2d70004e6056e6e9cac6bf701b802550d4e9e2ab24bea0e0e3c216c7470528d5f28fc9f84db3ec3fc19ae5833a8985e2346629376f28ea37313cd272bbd5bd40b2181b8d4889aa8a0058f3610e9aac4df03eaa876beee81d73ed441c501de4ff3150d87f0c8a2cf137978be35e482daceed7c07ac16f07c9d248ec68a8f40288d679df4d04080ada7683b07afdc725458e92db998430f884e5a6c88f34910a45ab9e23cf63a335e60b0a3ccc0aa707136361510823c7988d7d65ca122e6d9bfe9049cda1af47c5fc44c80e17abbb22cf69e206e2e8314b6e4684390eab2d05ad596ff229c286d428c1f93421bc66a72a6d825b89631baa06b7300e5e5e6e84a7c11cf0cb2433f29c807078f39cfc201924b75960e37d3792dd5cd2e2f960b8071e80a99390ff930086284ae64b3cfb6a936ee65ef507ac91ac86b6f4eda086aed8671fa3506b81432f9f1aa19c42a750f35a5419d49bc780be79cd91c964b91fcbaedf9d9b493d92e0a642332653d83637655a111311d1ba7d5a671abb2db3fc789de2d1a8a15a13daeac79ea4fcebd172c627065870a311efd0dbac4b35650f7d0cd7d260c04d3990f8d6c0c3d0a272ae1c6e9af2e412ef94d1463cb0b7c32fa44407c59a20172a53a4467b5e2b0c5022ec23c1ababf1bdf853cbbaf25cb637aeb80af99eda97f869e163a69c80e407cf0f28f5e2446124ee3faef3b0f4a419d5e81c75e95e810c2dccbccdc25075d6fcc8e9a7e6b449af5cb99fb02390eb04eff579364ccede49fea8164009cf1b0b632b6a02c1e1cde4411d93e96592ab580944142a753ea2eba7c43cc5b4c13275267f30914c06ad49afa2a4fba84a22d5c0f4a8b56fba8492467de9e811efb48d08ad59045c3b2a2055f76d89394e28cbc5015da8c4ff50935463dea2a44110e763a2d552fa92d98b50ad5d8274623c9ee98e53708f02fba46ae232e947f783554d279343c048dec127d41426dea7cfd4c3879b7b251fd549861fb4a585dd64b20664bec834a2e9ea723f0cee7060b3e3c9023928cab5866741a9cdc88118a244ca89518e29965f7c9e31709838a7c590a6f2de8b99182b6d2f2b0cb99bb808077a27f0403c82ebfe72f7deea3a5d4f061fca6a98efacb08e776bd04a6b456055e6f6d76267983d25cd37b6c16d0e7c757a56542c88950a8edd763f4f500cbd18da65cd78451f445a1cb5229b333869f392174a54c43fa22eb9279641f8c964468c1a548b33a74d61ee1960e349caf7d30eb241ea03ef3bb1489fddb8c635b8bc39ac5f53b07191fd1a0b57cc432aefe84f824625be7cd6082b6a4efac51cb230f83da7280b5783b91d3774fc4d00164e032dc52e8cfddbbe6769083a7ab7de07391d98af8cf7d953a4ee3a70d339d9dc4fe936676a8fb6c4d439deb1eb5c3225a9f10892986dc775381c5619fee6271f50a15bb14f77cff07574f23368db1973ac148dd16fab08bf3f7668bc705ee7ac4c82ec8b6054ac3ea2b8733d1546ae71f2428b1544e069a9e14325c3a6217c0e0df0ef753cff90a60631de534152154b84a34b3771eabaf8cd8b6aef44f4259200f6dab7d6c72c7226d882e5eba90e66bc7bbf31080deeffe758d7b9d2e4cd543c0650a15a12f04c0a045969b264d65afe78b402cbd0d37dcedc89424a728ec2014dd7d591535d38c156d00b8d75a016688014922b6cc585abcf66f744e8f17224a0f217e390e9c937072086ec028e1ffc5d312169b71e30b6d4f24288a382a40897c65dafdd8b2eb78291deb1e3213c7f243b30f9431a067131bc521328fa1bb4fd619895931131586a069d10813c7547e4e51cfa2e38f6c5899bd1db38afdcfb488fb3f145f48edff41bee99d511ee110a4b202d4a3e1e7eafa7e39ec82a77742c6a55cbca47ab52af0ba7dc496647975f7f180c9c7c2ed877ca16fa07e2bb3e632ee4509c58e924da4505a74dfca0b9f137173ac2c59e6a05c3bd433aaf2e302614aeddb99c666ab7a243fe3239b44a1468b8399737be83c1c6c7782fd950b053a53d98d55eb1f40d2cd94f088a6927cfc61df4d6ad7aede4f20444f768322db3d4d8d2ce9a7fac41115ec0a82f7e8c792c26be30f2d8e397eb6a50e3d59dd13d473411a56867d0938db978405fbb5068ea77ce40daa5390f4ed409a1cc70bfc54afaadd04c4671c02b826fc558f3585b256def184d2f69cc67539e26d03fa20d12721ad6ed9f5fcec41588b93fe9fa93f71caaca99987d1a65ef2773b160d74871b5b0e30e12585c609240d0eed3697cbf03c292407fc7a8c80a8e0369b6e8f311cf8fdb8cf1a3caaa32f2147b8fd0cb359e8f585c975f8c96b5648ff9", 0xa8c}], 0x1}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
listen(0xffffffffffffffff, 0x0)
shutdown(r0, 0x0)
executing program 2:
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)
executing program 1:
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x1000840, &(0x7f0000000c00)=ANY=[@ANYBLOB='shortname=mixed,sys_immutable,nfs,iocharset=cp936,shortname=lower,rodir,nocase,codepage=860,shortname=lower,shortname=lower,shortname=win95,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c646973636172642c73686f72746e616d653d77696e39352c756e695f786c6174653d302c0061a98eed20cb46078e5a4a40eed4c77e7462b84482aa7061236bf6bf5f48d7580feb45e35df449cbc10bccc2d8eb7a405ecd33c7efe0552ac1485c1dc47fec07062af97740e17f7fed7c51b26811fd16e28ca3f29cfad88fc4c5504243392e01cbdde7b5c763979598f95f09b95d2c45628665902b30ddfbf9bbd38185eabec1312bac0ff85a1ffbe2a612f453253bf5fcac7dd1e683bf671e2c5362e5a7"], 0x43, 0x350, &(0x7f0000000580)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=")
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4000000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x38, r3, 0x10ada85e65c25359, 0x0, 0x8000000, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x5, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}]}]}]}, 0x38}}, 0x0)
executing program 2:
unshare(0x6060400)
r0 = socket(0x10, 0x2, 0x0)
getpeername$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000003c0)=0xffffff54)
executing program 4:
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', <r6=>0x0})
sendto$packet(r4, &(0x7f0000000180)="0b03feff6d12020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r6}, 0x14)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x28000)
io_setup(0x7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000380)='./file0\x00', 0x8000, &(0x7f0000000440)=ANY=[@ANYBLOB='\x00', @ANYRES64, @ANYRESOCT], 0xfd, 0x277, &(0x7f0000000000)="$eJzs3cFqE10UB/CTNm3zdZPA50pcDLhxFZq+wSAVxIAQyaKuGmwL0oTCFAK6sN35Lj6Oj+ETRBAizQSTqaMgto4mvx8Mc8jNH+5kkXsX5yZHD0Znx+cXp4f/f4pGI4l6xFV8jojYiM0oqs2u7cJrVwEA/Gt6vUFa9Ry4W1mWDrYiYue7kf6HSiYEAAAAAAAAAADAbyvt/59EtJb6/2vz+4b+fwBYCfr/V1+WpYPd+f6tSP8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUJ3JdNqc/uSqen4AwO2z/gPA+rH+A8D6mRTW+lpY/wFg9b04fPks7XYPeknSiBi9H/fH/fyej6en8TqGcRJ70Ywvcb0/mMvrJ0+7B3vJTCuORpfz/OW4v1nMd6IZrfJ8J88nxfxW7C7n96MZ98rz+6X57Xj0cCnfjmZ8fBXnMYzjuM4u8u86SfL4efdGfmf2PgAAAAAAAAAAAAAAAAAAAPgT2sk3pef32+0fjef5X/h9gBvn6+txv17tswMAAAAAAAAAAAAAAAAAAMDf4uLN27PBcHiSKW6h+M+nqliRouIvJgAAAAAAAAAAAAAAAAAAWEOLQ79VzwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqrP4//+7K6p+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA9fA0AAP//C4boJw==")
executing program 2:
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file3\x00', 0x40, &(0x7f00000003c0)=ANY=[], 0x1, 0x1e9, &(0x7f00000004c0)="$eJzslb2O00AUhc+Mg+NFPAESomAllgLHdgDRrLTbbEWBxM+KAomIOFHAAZS4IJEQ4gno6Sh4CoQELQ+BAg00oYJ60PzYHiw7ICtRir1fcXM8nrm+c+2cAUEQJ5ZvX38vxK/97x6AM9hF24z/cIo53Jr/xfv54tONo+PX9999bi/8naqcQvz/81sAPh46SIu19uOwa35vg+f6DjguGX0MBt/oB+C4a3QMhntGP8r0KRkYfN8fjJLYf/g06UsRyBDKEMnQLde3fMXQz+sTgln3p7P5416SxJPpbC7TK5GPrEf8q3/LQ459qz6ut6nwjQis/oXgCI3uguGW0dfRznqjW2Lt/2yryO/U7F8LF2vd/2ADDc2FC6DZctngDRa2AeFVfZ0OlMjeaGkVW++rbCLk9yYra5oHre13vlrIP1TploeGCT8c6PeXjYiX+nrVqvdH5ZGDmsnuyjy1nc/9SbxluGj5k7aSN+qo6aTjZ53pbH55NO4N42H8JIq614IrQXA16igj0vFv0+O2/+0ofzpd5K88kyQuc/G8l6aTUMf8OtKxynG58j+OvQvZ6QG4pbxeIc9lc7j6lWrPqauHIAhim5wHU56sfDkT5jTJbwgR3dxynQRBEARBEARBEARBNOdPAAAA///5alfg")
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file3\x00', 0x0, 0x0)
executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
dup(r0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
unshare(0x22020600)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x7})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
executing program 1:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000280)={[{@usrquota}, {}, {@nobh}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x1001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xcddc, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c07, 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x6, "00009200000000000000000000000058b200"})
syz_open_pts(0xffffffffffffffff, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x20000850)
executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222800000096030094"], 0x0}, 0x0)
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@errors_remount}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x22}}, {@noauto_da_alloc}, {@jqfmt_vfsv1}, {@oldalloc}, {@init_itable}]}, 0x2, 0x460, &(0x7f0000000200)="$eJzs289vFFUcAPDvzLZFfrYi/gBRq8TY+KOlBZWDF40mHjCa6AGPtS2EUKihNRFCpBqDFxNDomfj0cS/wJsXo55MvOrdkBDlAnqqmdmZul12uyxsd4H9fJJp39t5u/O+O+/NvnlvN4C+NZr9SSK2RcTvETFcza4tMFr9d+3KuZl/rpybSWJl5e2/krzc1SvnZsqi5fO2FpmxNCL9NCkOstbimbMnpufn504X+Ymlk+9PLJ45+9zxk9PH5o7NnZo6dOjggckXX5h6viNxZnFd3fPRwt7dr7978Y2ZIxff+/m7rL7biv21cXTKaBb43yu5+n1PdvpgPba9Jp0M9LAitKUSEdnpGsz7/3BU4v+TNxyvfdLTygEbKvts2tR89/IKcBdLotc1AHqj/KDP7n/LrUtDj9vC5ZerN0BZ3NeKrbpnINKizGDd/W0njUbEkeV/v8622KB5CACAWp/PfHU4nm00/kvjgZpyO4o1lJGIuDcidkbEfRGxKyLuj8jLPhgRD7V5/PqloevHP+mlmwrsBmXjv5eKta21479y9BcjlSK3PY9/MDl6fH5uf/GejMXgpiw/uc4xfnj1ty+a7asd/2VbdvxyLFjU49JAOUFXVGl2emk6H5R2wOWPI/YMNIo/WV0JSCJid0Tsae+ld5SJ409/u7dZodbxr6MD60wr30Q8VT3/y1EXfylZf31y4p6Yn9s/UbaK6/3y64W3mh3/luLvgOz8b1nb/uuLjCS167WL7R/jwh+fNb2naav9F7L2P5S8k1+PhorHPpxeWjo9GTGUHI5YqayWzR+fiuvyZfks/rF9jfv/zuI5WfwPR0TWiB+JiEcj4rGi7o9HxBMRsW+d+H96pfm+lvFvXueFOyCLf7bh9W+1/ded//YTlRM/fn/T8efn/2CeGiseya9/LdxoBW/lvQMAAIA7RZp/Bz5Jx1fTaTo+Xv0O/67Yks4vLC49c3Thg1Oz1e/Kj8RgWs50DdfMh04my8UrVvNTxVxxuf9AMW/8ZWVznh+fWZif7XHs0O+2Nun/mT8rLZ++wbOTwIZrtI42NdSDigBdV9//07XZ8292szJAV/m9NvSvFv0/7VY9gO67sc9/c31wN2rU/8/X5VuvBQB3Ivf/0L/0f+hf+j/0L/0f+tKt/K5fop8Tkd4W1WiV0MJvMtHrKxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBn/BcAAP//UUjvgw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000600)={0xcc, 0x0, 0x1})

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [21, 3, 19, 2, 7, 16, 9, 3, 4, 3]
detailed listing:
executing program 1:
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x1000840, &(0x7f0000000c00)=ANY=[@ANYBLOB='shortname=mixed,sys_immutable,nfs,iocharset=cp936,shortname=lower,rodir,nocase,codepage=860,shortname=lower,shortname=lower,shortname=win95,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c646973636172642c73686f72746e616d653d77696e39352c756e695f786c6174653d302c0061a98eed20cb46078e5a4a40eed4c77e7462b84482aa7061236bf6bf5f48d7580feb45e35df449cbc10bccc2d8eb7a405ecd33c7efe0552ac1485c1dc47fec07062af97740e17f7fed7c51b26811fd16e28ca3f29cfad88fc4c5504243392e01cbdde7b5c763979598f95f09b95d2c45628665902b30ddfbf9bbd38185eabec1312bac0ff85a1ffbe2a612f453253bf5fcac7dd1e683bf671e2c5362e5a7"], 0x43, 0x350, &(0x7f0000000580)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=")
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4000000)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x38, r3, 0x10ada85e65c25359, 0x0, 0x8000000, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x5, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5}]}]}]}, 0x38}}, 0x0)
executing program 2:
unshare(0x6060400)
r0 = socket(0x10, 0x2, 0x0)
getpeername$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000003c0)=0xffffff54)
executing program 4:
r0 = socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = dup(0xffffffffffffffff)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', <r6=>0x0})
sendto$packet(r4, &(0x7f0000000180)="0b03feff6d12020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r6}, 0x14)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x28000)
io_setup(0x7, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f0000000380)='./file0\x00', 0x8000, &(0x7f0000000440)=ANY=[@ANYBLOB='\x00', @ANYRES64, @ANYRESOCT], 0xfd, 0x277, &(0x7f0000000000)="$eJzs3cFqE10UB/CTNm3zdZPA50pcDLhxFZq+wSAVxIAQyaKuGmwL0oTCFAK6sN35Lj6Oj+ETRBAizQSTqaMgto4mvx8Mc8jNH+5kkXsX5yZHD0Znx+cXp4f/f4pGI4l6xFV8jojYiM0oqs2u7cJrVwEA/Gt6vUFa9Ry4W1mWDrYiYue7kf6HSiYEAAAAAAAAAADAbyvt/59EtJb6/2vz+4b+fwBYCfr/V1+WpYPd+f6tSP8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUJ3JdNqc/uSqen4AwO2z/gPA+rH+A8D6mRTW+lpY/wFg9b04fPks7XYPeknSiBi9H/fH/fyej6en8TqGcRJ70Ywvcb0/mMvrJ0+7B3vJTCuORpfz/OW4v1nMd6IZrfJ8J88nxfxW7C7n96MZ98rz+6X57Xj0cCnfjmZ8fBXnMYzjuM4u8u86SfL4efdGfmf2PgAAAAAAAAAAAAAAAAAAAPgT2sk3pef32+0fjef5X/h9gBvn6+txv17tswMAAAAAAAAAAAAAAAAAAMDf4uLN27PBcHiSKW6h+M+nqliRouIvJgAAAAAAAAAAAAAAAAAAWEOLQ79VzwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqrP4//+7K6p+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA9fA0AAP//C4boJw==")
executing program 2:
syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000400)='./file3\x00', 0x40, &(0x7f00000003c0)=ANY=[], 0x1, 0x1e9, &(0x7f00000004c0)="$eJzslb2O00AUhc+Mg+NFPAESomAllgLHdgDRrLTbbEWBxM+KAomIOFHAAZS4IJEQ4gno6Sh4CoQELQ+BAg00oYJ60PzYHiw7ICtRir1fcXM8nrm+c+2cAUEQJ5ZvX38vxK/97x6AM9hF24z/cIo53Jr/xfv54tONo+PX9999bi/8naqcQvz/81sAPh46SIu19uOwa35vg+f6DjguGX0MBt/oB+C4a3QMhntGP8r0KRkYfN8fjJLYf/g06UsRyBDKEMnQLde3fMXQz+sTgln3p7P5416SxJPpbC7TK5GPrEf8q3/LQ459qz6ut6nwjQis/oXgCI3uguGW0dfRznqjW2Lt/2yryO/U7F8LF2vd/2ADDc2FC6DZctngDRa2AeFVfZ0OlMjeaGkVW++rbCLk9yYra5oHre13vlrIP1TploeGCT8c6PeXjYiX+nrVqvdH5ZGDmsnuyjy1nc/9SbxluGj5k7aSN+qo6aTjZ53pbH55NO4N42H8JIq614IrQXA16igj0vFv0+O2/+0ofzpd5K88kyQuc/G8l6aTUMf8OtKxynG58j+OvQvZ6QG4pbxeIc9lc7j6lWrPqauHIAhim5wHU56sfDkT5jTJbwgR3dxynQRBEARBEARBEARBNOdPAAAA///5alfg")
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file3\x00', 0x0, 0x0)
executing program 3:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
dup(r0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
unshare(0x22020600)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x7})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
executing program 1:
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x50, &(0x7f0000000280)={[{@usrquota}, {}, {@nobh}, {@mblk_io_submit}, {@dioread_nolock}]}, 0x1, 0x3eb, &(0x7f0000000880)="$eJzs3M1uG0UcAPD/br5I+uEgcUCFQwQIgoCkDgQoQqJw5eMCPICVpKXCbarGSLTkUBAnThwQNw59AQ48QFUhJCRegRdAlSqU5gC3oLV3HTe2Qyw7der8ftLIM+txZv7ezWpmvTsBHFtzEXE+IsYiYikiSvn2NE9xs5Gyeve3Nle2tzZXktjZ+fjvJJJ8W/G3kvz1RF6YTyPSbyOeutne7sb1G59XqtW1a3l5sXb56uLG9RuvXLpcubh2ce1K+Y1z5fLy0pvl1wYW64/PvXhu7L3zZ376s3RneXJyOuvvyfy91jgGZS7mmt/JXsuDbmzIJofdAQAADiTNx/7j9fF/KcbquYZSLG4OtXMAAADAQOy8k78CAAAAIywx9wcAAIARV9wHcH9rc6VIB7pxoHRotyQ8VPfejYjZ3Webt5vxj8djeZ2JQ3y+dS4irj6flLIUh/QcMgBAqzvZ+Odsp/FfGk+21JuKqI+Hpgfc/tyecvv4J7074CYfkI3/3o6I7bbxX1pUmR3LS6fqQ8WJ5MKl6trZiDgdEfMxMZWVy/u08f4/P3/U7b0s/t+SU6eLlLWfve7WSO+OTz34mdVKrdJPzK3ufR1xZrxT/Elz/JtExEwfbYx9deutbu/9f/yHa+dWxAsd9//uyj3J/usTLdaPh8XiqGj37ze/fNit/WHHn+3/mf3jn01a12va6L2N25/98XQ90yGq1vlPL8f/ZPJJPV/My76s1GrXyhGTyQft25d2P1uUi/pZ/PPPdv7/L85/Sb6m1cn8HNCr777/9eX9azTiz1LWfjEXfBiy+Fd72v+9Z16//fun3dpv3f+d48/2f2MNsPl8y0HOfwftYD/fHQAAADwq0vp1jSRdaObTdGGhcb3jiZhJq+sbtZcurH9xZbVx/WM2JtLiSlep5XpoufEzerO8tKf8akQ8HhE/lKbr5YWV9erqsIMHAACAY+JEl/l/5q8RuccfAAAAyH+oBwAAAEab+T8AAACMtH7W9Tu+meybOwLdOPKZZ45GN4aQmYgj0Y0+MsM+MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADza/gsAAP//Bdqy/A==")
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x1001)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0xcddc, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c07, 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x6, "00009200000000000000000000000058b200"})
syz_open_pts(0xffffffffffffffff, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x20000850)
executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="00222800000096030094"], 0x0}, 0x0)
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@errors_remount}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x22}}, {@noauto_da_alloc}, {@jqfmt_vfsv1}, {@oldalloc}, {@init_itable}]}, 0x2, 0x460, &(0x7f0000000200)="$eJzs289vFFUcAPDvzLZFfrYi/gBRq8TY+KOlBZWDF40mHjCa6AGPtS2EUKihNRFCpBqDFxNDomfj0cS/wJsXo55MvOrdkBDlAnqqmdmZul12uyxsd4H9fJJp39t5u/O+O+/NvnlvN4C+NZr9SSK2RcTvETFcza4tMFr9d+3KuZl/rpybSWJl5e2/krzc1SvnZsqi5fO2FpmxNCL9NCkOstbimbMnpufn504X+Ymlk+9PLJ45+9zxk9PH5o7NnZo6dOjggckXX5h6viNxZnFd3fPRwt7dr7978Y2ZIxff+/m7rL7biv21cXTKaBb43yu5+n1PdvpgPba9Jp0M9LAitKUSEdnpGsz7/3BU4v+TNxyvfdLTygEbKvts2tR89/IKcBdLotc1AHqj/KDP7n/LrUtDj9vC5ZerN0BZ3NeKrbpnINKizGDd/W0njUbEkeV/v8622KB5CACAWp/PfHU4nm00/kvjgZpyO4o1lJGIuDcidkbEfRGxKyLuj8jLPhgRD7V5/PqloevHP+mlmwrsBmXjv5eKta21479y9BcjlSK3PY9/MDl6fH5uf/GejMXgpiw/uc4xfnj1ty+a7asd/2VbdvxyLFjU49JAOUFXVGl2emk6H5R2wOWPI/YMNIo/WV0JSCJid0Tsae+ld5SJ409/u7dZodbxr6MD60wr30Q8VT3/y1EXfylZf31y4p6Yn9s/UbaK6/3y64W3mh3/luLvgOz8b1nb/uuLjCS167WL7R/jwh+fNb2naav9F7L2P5S8k1+PhorHPpxeWjo9GTGUHI5YqayWzR+fiuvyZfks/rF9jfv/zuI5WfwPR0TWiB+JiEcj4rGi7o9HxBMRsW+d+H96pfm+lvFvXueFOyCLf7bh9W+1/ded//YTlRM/fn/T8efn/2CeGiseya9/LdxoBW/lvQMAAIA7RZp/Bz5Jx1fTaTo+Xv0O/67Yks4vLC49c3Thg1Oz1e/Kj8RgWs50DdfMh04my8UrVvNTxVxxuf9AMW/8ZWVznh+fWZif7XHs0O+2Nun/mT8rLZ++wbOTwIZrtI42NdSDigBdV9//07XZ8292szJAV/m9NvSvFv0/7VY9gO67sc9/c31wN2rU/8/X5VuvBQB3Ivf/0L/0f+hf+j/0L/0f+tKt/K5fop8Tkd4W1WiV0MJvMtHrKxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBn/BcAAP//UUjvgw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
lseek(r0, 0xfffffffffffffffc, 0x2)
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000600)={0xcc, 0x0, 0x1})

program did not crash
bisect: testing without sub-chunk 3/3
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 5, 13, 4, 7, 3, 9, 18, 10, 8]
detailed listing:
executing program 3:
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x200, 0x101000)
ioctl$EVIOCREVOKE(r1, 0x40044591, &(0x7f0000007200)=0x800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x53cb1000)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1c}}, 0x200}, 0x1c)
getsockopt$inet6_int(r0, 0x29, 0x18, 0x0, &(0x7f00000001c0))
executing program 0:
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000280), 0x5, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2042, 0x0)
write$binfmt_script(r0, &(0x7f0000000180)={'#! ', './file1'}, 0x5e)
unlink(&(0x7f0000000000)='./file1\x00')
close(r0)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
r2 = syz_io_uring_setup(0x7a6e, &(0x7f0000000040)={0x0, 0x2000}, &(0x7f00000000c0), &(0x7f0000000100))
io_uring_register$IORING_REGISTER_BUFFERS2(r2, 0x2, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[r2]}, 0x1)
executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000080)={0xa, 0x4e22, 0x1000000080000, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=[@rthdrdstopts={{0x12, 0x29, 0x32, {0x3a}}}], 0x18}, 0x0)
executing program 3:
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file2\x00', 0x18502, &(0x7f0000001b80)=ANY=[], 0x1, 0x11f3, &(0x7f0000000980)="$eJzs3E+LW1UYB+C3cWrHqfNHrdV2oQfduLo0s3AlSJApyASU2gitINw6NxpyTUJuGIiI1ZVbP4e4dCeIX2A2fgZ3s3HZhXiFpLVNTdUuOpH6PJv7kvf8cu8hEDjhnBy/8c2n/W6VdfNJNE6disYoIt1KkaIRd7y0P79eu77farf3rqR0uXW1+XpKaevlHz/4/LtXfpqcff/7rR/OxNHOh8e/7v5ydP7owvHvVz/pValXpcFwkvJ0Yzic5DfKIh30qn6W0rtlkVdF6g2qYrzQ75bD0Wia8sHB5sZoXFRVygfT1C+maTJMk/E05R/nvUHKsixtbgQPdPqfh3S+vVXXdURdn44no67r+qnYiLPxdGzGVnwZEc/Es/FcnIvn43y8EC/Ghdmok3h8AAAAAAAAAAAAAAAAAAAA+P/4u/P/27Hj/D8AAAAAAAAAAAAAAAAAAACcgPeuXd9vtdt7V1Jajyi/PuwcdubXeb/VjV6UUcSl2I7fYnb6f25eX367vXcpzezEV+XN2/mbh50nFvPN2d8J3M6vzXp38s15Pi3mz8TGvfnd2I5zy++/uzS/Hq+9ek8+i+34+aMYRhkHs3vfzX/RTOmtd9r35S/OxgEAAMDjIEt/Wrp+z7IH9ef5h/h94L719VpcXFvt3Imopp/187IsxovF+l9eUfz7ovGI3rkR/5EJKh7/YtXfTJyEux/6qp8EAAAAAAAAAACAh/GIdxGuxZKdZW+uZqoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgqAAD//99CzUo=")
r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0)
fcntl$setstatus(r1, 0x4, 0x4400)
dup3(r1, r0, 0x0)
io_setup(0x6, &(0x7f0000000240)=<r2=>0x0)
io_submit(r2, 0x3f0a, &(0x7f0000000540)=[&(0x7f00000000c0)={0xf04aef, 0x3d8, 0x4, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}])
executing program 0:
syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x58b9, &(0x7f0000000000)={0x0, 0x3d63, 0x2, 0x1, 0x161}, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_enter(r0, 0x10de, 0x5bfc, 0x3, 0x0, 0x0)
executing program 1:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x16, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000640)="a6dd10154eae5588333a0309e91cc5e16af5c44251b238d99a74e4f558447fa635c685f062d42da23f0e6bc75fdd8c28021bde9a93296cff2c129a29b07a1f85be5ee592ea12733bac889db86e1268033b2973c5091a4af73afa050019e1e8ec2f0c12eef8870d5e041c98919e5523d4f6494df85607d4a2b06e7cef02df24ed431a0539757f4d324a10b509fb037ce369211b9097419da127af0ece4bae11c7ecf3cca9b9db37151223be609f8098696b4b7e09b75687e1dca8b700e395a1d41320c986c733851c5bf3b0bbad2285cbdc5be094c5ef984495c98cfb8db4195fb7e96b19408606358ecc47663e819fa3eac7f97bdfe0047993352b3e46ecebf87b32760bd6ce3d49968289945632afb5bab6cd0572a35a3310de0d4f5af07c16d3e27c6e1a194d8ee0f65dfc35762203d428c2a8ca104b77b46da04be3f62249189c6c9caaaeaaed8b0cca03e77549c87c745e883c8ecf69f999c51b48a78d82d69f3ff7345472d9fa862bae5cd3c9698c36f28b554331bed72960024b761a7a3e3d997c6bf37ce0f02617aec379665df22bec814ae14470a9f0f1b16a2cf14fb095b82f9c466e117a97023883585bdd4da624599f958df08bf7a6e2bdfab57663ed83cc8c0294195394f2161ed1373d90c4447a573a7a0c595f6afaac13c9975e886417bb56462fc05b3b2381ebbb49319d99629e1e6651df07b69eda145254730926f721e156ac37092025b06320e96f0e3d130870c8ddde1c22484900d2af30991afb74cc82b62640c743b58b38c5bbf12b1400decc8bb46bf91c4a94937dfc4b5d3d3d927ffacdf555247c70f59c0118aa9f7c632fb9764e55e978db25efa68c8aac37921702a3fca2ae380d88f7779be190aa6c2e0c4ede7c83f2db7aff301227556083e571cd42f1c0dfd89e1c961cd82ca5d8f3a8f38b50c728e2fe25bbd7bdd693bd1cf1f947a85fc4d2302d78245bc149e63ea80c80971b196c448ae960951de0acf3910c23894538e1ceacbfb1e5dad460a54487cf84f5f542be7b5795fdb9f9a56dc41c0e6965fd29f633b97918fb5959f86edece2987d192b3a73cfd47533dd63478749d67561e737ebea0f213dd4ea9c23254ef0903ba52383409389404478d8c23d08fd8cf6acfcbae0b102ee0ea0c11177fb23c54f7cfeaefae260b6b9a07145a57fcd1389de9377d44f6c63c1d410c132ff8339b11676970cf7723816eb9adc63c00e3ac1b2890e0a67392fc5091c627e0b14cfc9eb4235bd9f409fca9f8fb0f03abdbb1fa15de4e27f3bbf265acfa9adf6d8ed4b60121b6b803b982db50c57eb5be8e383d72ab7b991a60fa656227158bbe63f107515506cdb71b8f16bcc0382e372ff3efe3d5d0c1dcebeb60126bcbba6d26d5bb525c0ce9592e50ce5041966b9f7e476e5c9fb1a64416489a3e1517b50ebfd491ef78a7c871a8b542c76b7305e007addf2d70004e6056e6e9cac6bf701b802550d4e9e2ab24bea0e0e3c216c7470528d5f28fc9f84db3ec3fc19ae5833a8985e2346629376f28ea37313cd272bbd5bd40b2181b8d4889aa8a0058f3610e9aac4df03eaa876beee81d73ed441c501de4ff3150d87f0c8a2cf137978be35e482daceed7c07ac16f07c9d248ec68a8f40288d679df4d04080ada7683b07afdc725458e92db998430f884e5a6c88f34910a45ab9e23cf63a335e60b0a3ccc0aa707136361510823c7988d7d65ca122e6d9bfe9049cda1af47c5fc44c80e17abbb22cf69e206e2e8314b6e4684390eab2d05ad596ff229c286d428c1f93421bc66a72a6d825b89631baa06b7300e5e5e6e84a7c11cf0cb2433f29c807078f39cfc201924b75960e37d3792dd5cd2e2f960b8071e80a99390ff930086284ae64b3cfb6a936ee65ef507ac91ac86b6f4eda086aed8671fa3506b81432f9f1aa19c42a750f35a5419d49bc780be79cd91c964b91fcbaedf9d9b493d92e0a642332653d83637655a111311d1ba7d5a671abb2db3fc789de2d1a8a15a13daeac79ea4fcebd172c627065870a311efd0dbac4b35650f7d0cd7d260c04d3990f8d6c0c3d0a272ae1c6e9af2e412ef94d1463cb0b7c32fa44407c59a20172a53a4467b5e2b0c5022ec23c1ababf1bdf853cbbaf25cb637aeb80af99eda97f869e163a69c80e407cf0f28f5e2446124ee3faef3b0f4a419d5e81c75e95e810c2dccbccdc25075d6fcc8e9a7e6b449af5cb99fb02390eb04eff579364ccede49fea8164009cf1b0b632b6a02c1e1cde4411d93e96592ab580944142a753ea2eba7c43cc5b4c13275267f30914c06ad49afa2a4fba84a22d5c0f4a8b56fba8492467de9e811efb48d08ad59045c3b2a2055f76d89394e28cbc5015da8c4ff50935463dea2a44110e763a2d552fa92d98b50ad5d8274623c9ee98e53708f02fba46ae232e947f783554d279343c048dec127d41426dea7cfd4c3879b7b251fd549861fb4a585dd64b20664bec834a2e9ea723f0cee7060b3e3c9023928cab5866741a9cdc88118a244ca89518e29965f7c9e31709838a7c590a6f2de8b99182b6d2f2b0cb99bb808077a27f0403c82ebfe72f7deea3a5d4f061fca6a98efacb08e776bd04a6b456055e6f6d76267983d25cd37b6c16d0e7c757a56542c88950a8edd763f4f500cbd18da65cd78451f445a1cb5229b333869f392174a54c43fa22eb9279641f8c964468c1a548b33a74d61ee1960e349caf7d30eb241ea03ef3bb1489fddb8c635b8bc39ac5f53b07191fd1a0b57cc432aefe84f824625be7cd6082b6a4efac51cb230f83da7280b5783b91d3774fc4d00164e032dc52e8cfddbbe6769083a7ab7de07391d98af8cf7d953a4ee3a70d339d9dc4fe936676a8fb6c4d439deb1eb5c3225a9f10892986dc775381c5619fee6271f50a15bb14f77cff07574f23368db1973ac148dd16fab08bf3f7668bc705ee7ac4c82ec8b6054ac3ea2b8733d1546ae71f2428b1544e069a9e14325c3a6217c0e0df0ef753cff90a60631de534152154b84a34b3771eabaf8cd8b6aef44f4259200f6dab7d6c72c7226d882e5eba90e66bc7bbf31080deeffe758d7b9d2e4cd543c0650a15a12f04c0a045969b264d65afe78b402cbd0d37dcedc89424a728ec2014dd7d591535d38c156d00b8d75a016688014922b6cc585abcf66f744e8f17224a0f217e390e9c937072086ec028e1ffc5d312169b71e30b6d4f24288a382a40897c65dafdd8b2eb78291deb1e3213c7f243b30f9431a067131bc521328fa1bb4fd619895931131586a069d10813c7547e4e51cfa2e38f6c5899bd1db38afdcfb488fb3f145f48edff41bee99d511ee110a4b202d4a3e1e7eafa7e39ec82a77742c6a55cbca47ab52af0ba7dc496647975f7f180c9c7c2ed877ca16fa07e2bb3e632ee4509c58e924da4505a74dfca0b9f137173ac2c59e6a05c3bd433aaf2e302614aeddb99c666ab7a243fe3239b44a1468b8399737be83c1c6c7782fd950b053a53d98d55eb1f40d2cd94f088a6927cfc61df4d6ad7aede4f20444f768322db3d4d8d2ce9a7fac41115ec0a82f7e8c792c26be30f2d8e397eb6a50e3d59dd13d473411a56867d0938db978405fbb5068ea77ce40daa5390f4ed409a1cc70bfc54afaadd04c4671c02b826fc558f3585b256def184d2f69cc67539e26d03fa20d12721ad6ed9f5fcec41588b93fe9fa93f71caaca99987d1a65ef2773b160d74871b5b0e30e12585c609240d0eed3697cbf03c292407fc7a8c80a8e0369b6e8f311cf8fdb8cf1a3caaa32f2147b8fd0cb359e8f585c975f8c96b5648ff9", 0xa8c}], 0x1}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
listen(0xffffffffffffffff, 0x0)
shutdown(r0, 0x0)
executing program 2:
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <10>
bisect: split chunk #0 of len 10 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=31s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 9, 18, 10, 8]
detailed listing:
executing program 0:
syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x58b9, &(0x7f0000000000)={0x0, 0x3d63, 0x2, 0x1, 0x161}, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_enter(r0, 0x10de, 0x5bfc, 0x3, 0x0, 0x0)
executing program 1:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x16, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000640)="a6dd10154eae5588333a0309e91cc5e16af5c44251b238d99a74e4f558447fa635c685f062d42da23f0e6bc75fdd8c28021bde9a93296cff2c129a29b07a1f85be5ee592ea12733bac889db86e1268033b2973c5091a4af73afa050019e1e8ec2f0c12eef8870d5e041c98919e5523d4f6494df85607d4a2b06e7cef02df24ed431a0539757f4d324a10b509fb037ce369211b9097419da127af0ece4bae11c7ecf3cca9b9db37151223be609f8098696b4b7e09b75687e1dca8b700e395a1d41320c986c733851c5bf3b0bbad2285cbdc5be094c5ef984495c98cfb8db4195fb7e96b19408606358ecc47663e819fa3eac7f97bdfe0047993352b3e46ecebf87b32760bd6ce3d49968289945632afb5bab6cd0572a35a3310de0d4f5af07c16d3e27c6e1a194d8ee0f65dfc35762203d428c2a8ca104b77b46da04be3f62249189c6c9caaaeaaed8b0cca03e77549c87c745e883c8ecf69f999c51b48a78d82d69f3ff7345472d9fa862bae5cd3c9698c36f28b554331bed72960024b761a7a3e3d997c6bf37ce0f02617aec379665df22bec814ae14470a9f0f1b16a2cf14fb095b82f9c466e117a97023883585bdd4da624599f958df08bf7a6e2bdfab57663ed83cc8c0294195394f2161ed1373d90c4447a573a7a0c595f6afaac13c9975e886417bb56462fc05b3b2381ebbb49319d99629e1e6651df07b69eda145254730926f721e156ac37092025b06320e96f0e3d130870c8ddde1c22484900d2af30991afb74cc82b62640c743b58b38c5bbf12b1400decc8bb46bf91c4a94937dfc4b5d3d3d927ffacdf555247c70f59c0118aa9f7c632fb9764e55e978db25efa68c8aac37921702a3fca2ae380d88f7779be190aa6c2e0c4ede7c83f2db7aff301227556083e571cd42f1c0dfd89e1c961cd82ca5d8f3a8f38b50c728e2fe25bbd7bdd693bd1cf1f947a85fc4d2302d78245bc149e63ea80c80971b196c448ae960951de0acf3910c23894538e1ceacbfb1e5dad460a54487cf84f5f542be7b5795fdb9f9a56dc41c0e6965fd29f633b97918fb5959f86edece2987d192b3a73cfd47533dd63478749d67561e737ebea0f213dd4ea9c23254ef0903ba52383409389404478d8c23d08fd8cf6acfcbae0b102ee0ea0c11177fb23c54f7cfeaefae260b6b9a07145a57fcd1389de9377d44f6c63c1d410c132ff8339b11676970cf7723816eb9adc63c00e3ac1b2890e0a67392fc5091c627e0b14cfc9eb4235bd9f409fca9f8fb0f03abdbb1fa15de4e27f3bbf265acfa9adf6d8ed4b60121b6b803b982db50c57eb5be8e383d72ab7b991a60fa656227158bbe63f107515506cdb71b8f16bcc0382e372ff3efe3d5d0c1dcebeb60126bcbba6d26d5bb525c0ce9592e50ce5041966b9f7e476e5c9fb1a64416489a3e1517b50ebfd491ef78a7c871a8b542c76b7305e007addf2d70004e6056e6e9cac6bf701b802550d4e9e2ab24bea0e0e3c216c7470528d5f28fc9f84db3ec3fc19ae5833a8985e2346629376f28ea37313cd272bbd5bd40b2181b8d4889aa8a0058f3610e9aac4df03eaa876beee81d73ed441c501de4ff3150d87f0c8a2cf137978be35e482daceed7c07ac16f07c9d248ec68a8f40288d679df4d04080ada7683b07afdc725458e92db998430f884e5a6c88f34910a45ab9e23cf63a335e60b0a3ccc0aa707136361510823c7988d7d65ca122e6d9bfe9049cda1af47c5fc44c80e17abbb22cf69e206e2e8314b6e4684390eab2d05ad596ff229c286d428c1f93421bc66a72a6d825b89631baa06b7300e5e5e6e84a7c11cf0cb2433f29c807078f39cfc201924b75960e37d3792dd5cd2e2f960b8071e80a99390ff930086284ae64b3cfb6a936ee65ef507ac91ac86b6f4eda086aed8671fa3506b81432f9f1aa19c42a750f35a5419d49bc780be79cd91c964b91fcbaedf9d9b493d92e0a642332653d83637655a111311d1ba7d5a671abb2db3fc789de2d1a8a15a13daeac79ea4fcebd172c627065870a311efd0dbac4b35650f7d0cd7d260c04d3990f8d6c0c3d0a272ae1c6e9af2e412ef94d1463cb0b7c32fa44407c59a20172a53a4467b5e2b0c5022ec23c1ababf1bdf853cbbaf25cb637aeb80af99eda97f869e163a69c80e407cf0f28f5e2446124ee3faef3b0f4a419d5e81c75e95e810c2dccbccdc25075d6fcc8e9a7e6b449af5cb99fb02390eb04eff579364ccede49fea8164009cf1b0b632b6a02c1e1cde4411d93e96592ab580944142a753ea2eba7c43cc5b4c13275267f30914c06ad49afa2a4fba84a22d5c0f4a8b56fba8492467de9e811efb48d08ad59045c3b2a2055f76d89394e28cbc5015da8c4ff50935463dea2a44110e763a2d552fa92d98b50ad5d8274623c9ee98e53708f02fba46ae232e947f783554d279343c048dec127d41426dea7cfd4c3879b7b251fd549861fb4a585dd64b20664bec834a2e9ea723f0cee7060b3e3c9023928cab5866741a9cdc88118a244ca89518e29965f7c9e31709838a7c590a6f2de8b99182b6d2f2b0cb99bb808077a27f0403c82ebfe72f7deea3a5d4f061fca6a98efacb08e776bd04a6b456055e6f6d76267983d25cd37b6c16d0e7c757a56542c88950a8edd763f4f500cbd18da65cd78451f445a1cb5229b333869f392174a54c43fa22eb9279641f8c964468c1a548b33a74d61ee1960e349caf7d30eb241ea03ef3bb1489fddb8c635b8bc39ac5f53b07191fd1a0b57cc432aefe84f824625be7cd6082b6a4efac51cb230f83da7280b5783b91d3774fc4d00164e032dc52e8cfddbbe6769083a7ab7de07391d98af8cf7d953a4ee3a70d339d9dc4fe936676a8fb6c4d439deb1eb5c3225a9f10892986dc775381c5619fee6271f50a15bb14f77cff07574f23368db1973ac148dd16fab08bf3f7668bc705ee7ac4c82ec8b6054ac3ea2b8733d1546ae71f2428b1544e069a9e14325c3a6217c0e0df0ef753cff90a60631de534152154b84a34b3771eabaf8cd8b6aef44f4259200f6dab7d6c72c7226d882e5eba90e66bc7bbf31080deeffe758d7b9d2e4cd543c0650a15a12f04c0a045969b264d65afe78b402cbd0d37dcedc89424a728ec2014dd7d591535d38c156d00b8d75a016688014922b6cc585abcf66f744e8f17224a0f217e390e9c937072086ec028e1ffc5d312169b71e30b6d4f24288a382a40897c65dafdd8b2eb78291deb1e3213c7f243b30f9431a067131bc521328fa1bb4fd619895931131586a069d10813c7547e4e51cfa2e38f6c5899bd1db38afdcfb488fb3f145f48edff41bee99d511ee110a4b202d4a3e1e7eafa7e39ec82a77742c6a55cbca47ab52af0ba7dc496647975f7f180c9c7c2ed877ca16fa07e2bb3e632ee4509c58e924da4505a74dfca0b9f137173ac2c59e6a05c3bd433aaf2e302614aeddb99c666ab7a243fe3239b44a1468b8399737be83c1c6c7782fd950b053a53d98d55eb1f40d2cd94f088a6927cfc61df4d6ad7aede4f20444f768322db3d4d8d2ce9a7fac41115ec0a82f7e8c792c26be30f2d8e397eb6a50e3d59dd13d473411a56867d0938db978405fbb5068ea77ce40daa5390f4ed409a1cc70bfc54afaadd04c4671c02b826fc558f3585b256def184d2f69cc67539e26d03fa20d12721ad6ed9f5fcec41588b93fe9fa93f71caaca99987d1a65ef2773b160d74871b5b0e30e12585c609240d0eed3697cbf03c292407fc7a8c80a8e0369b6e8f311cf8fdb8cf1a3caaa32f2147b8fd0cb359e8f585c975f8c96b5648ff9", 0xa8c}], 0x1}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
listen(0xffffffffffffffff, 0x0)
shutdown(r0, 0x0)
executing program 2:
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <5>
bisect: split chunk #0 of len 5 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 8]
detailed listing:
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x5)
listen(0xffffffffffffffff, 0x0)
shutdown(r0, 0x0)
executing program 2:
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 9, 18]
detailed listing:
executing program 0:
syz_clone(0x140011, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0x58b9, &(0x7f0000000000)={0x0, 0x3d63, 0x2, 0x1, 0x161}, &(0x7f0000000080), &(0x7f00000000c0))
io_uring_enter(r0, 0x10de, 0x5bfc, 0x3, 0x0, 0x0)
executing program 1:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x16, 0x0, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000640)="a6dd10154eae5588333a0309e91cc5e16af5c44251b238d99a74e4f558447fa635c685f062d42da23f0e6bc75fdd8c28021bde9a93296cff2c129a29b07a1f85be5ee592ea12733bac889db86e1268033b2973c5091a4af73afa050019e1e8ec2f0c12eef8870d5e041c98919e5523d4f6494df85607d4a2b06e7cef02df24ed431a0539757f4d324a10b509fb037ce369211b9097419da127af0ece4bae11c7ecf3cca9b9db37151223be609f8098696b4b7e09b75687e1dca8b700e395a1d41320c986c733851c5bf3b0bbad2285cbdc5be094c5ef984495c98cfb8db4195fb7e96b19408606358ecc47663e819fa3eac7f97bdfe0047993352b3e46ecebf87b32760bd6ce3d49968289945632afb5bab6cd0572a35a3310de0d4f5af07c16d3e27c6e1a194d8ee0f65dfc35762203d428c2a8ca104b77b46da04be3f62249189c6c9caaaeaaed8b0cca03e77549c87c745e883c8ecf69f999c51b48a78d82d69f3ff7345472d9fa862bae5cd3c9698c36f28b554331bed72960024b761a7a3e3d997c6bf37ce0f02617aec379665df22bec814ae14470a9f0f1b16a2cf14fb095b82f9c466e117a97023883585bdd4da624599f958df08bf7a6e2bdfab57663ed83cc8c0294195394f2161ed1373d90c4447a573a7a0c595f6afaac13c9975e886417bb56462fc05b3b2381ebbb49319d99629e1e6651df07b69eda145254730926f721e156ac37092025b06320e96f0e3d130870c8ddde1c22484900d2af30991afb74cc82b62640c743b58b38c5bbf12b1400decc8bb46bf91c4a94937dfc4b5d3d3d927ffacdf555247c70f59c0118aa9f7c632fb9764e55e978db25efa68c8aac37921702a3fca2ae380d88f7779be190aa6c2e0c4ede7c83f2db7aff301227556083e571cd42f1c0dfd89e1c961cd82ca5d8f3a8f38b50c728e2fe25bbd7bdd693bd1cf1f947a85fc4d2302d78245bc149e63ea80c80971b196c448ae960951de0acf3910c23894538e1ceacbfb1e5dad460a54487cf84f5f542be7b5795fdb9f9a56dc41c0e6965fd29f633b97918fb5959f86edece2987d192b3a73cfd47533dd63478749d67561e737ebea0f213dd4ea9c23254ef0903ba52383409389404478d8c23d08fd8cf6acfcbae0b102ee0ea0c11177fb23c54f7cfeaefae260b6b9a07145a57fcd1389de9377d44f6c63c1d410c132ff8339b11676970cf7723816eb9adc63c00e3ac1b2890e0a67392fc5091c627e0b14cfc9eb4235bd9f409fca9f8fb0f03abdbb1fa15de4e27f3bbf265acfa9adf6d8ed4b60121b6b803b982db50c57eb5be8e383d72ab7b991a60fa656227158bbe63f107515506cdb71b8f16bcc0382e372ff3efe3d5d0c1dcebeb60126bcbba6d26d5bb525c0ce9592e50ce5041966b9f7e476e5c9fb1a64416489a3e1517b50ebfd491ef78a7c871a8b542c76b7305e007addf2d70004e6056e6e9cac6bf701b802550d4e9e2ab24bea0e0e3c216c7470528d5f28fc9f84db3ec3fc19ae5833a8985e2346629376f28ea37313cd272bbd5bd40b2181b8d4889aa8a0058f3610e9aac4df03eaa876beee81d73ed441c501de4ff3150d87f0c8a2cf137978be35e482daceed7c07ac16f07c9d248ec68a8f40288d679df4d04080ada7683b07afdc725458e92db998430f884e5a6c88f34910a45ab9e23cf63a335e60b0a3ccc0aa707136361510823c7988d7d65ca122e6d9bfe9049cda1af47c5fc44c80e17abbb22cf69e206e2e8314b6e4684390eab2d05ad596ff229c286d428c1f93421bc66a72a6d825b89631baa06b7300e5e5e6e84a7c11cf0cb2433f29c807078f39cfc201924b75960e37d3792dd5cd2e2f960b8071e80a99390ff930086284ae64b3cfb6a936ee65ef507ac91ac86b6f4eda086aed8671fa3506b81432f9f1aa19c42a750f35a5419d49bc780be79cd91c964b91fcbaedf9d9b493d92e0a642332653d83637655a111311d1ba7d5a671abb2db3fc789de2d1a8a15a13daeac79ea4fcebd172c627065870a311efd0dbac4b35650f7d0cd7d260c04d3990f8d6c0c3d0a272ae1c6e9af2e412ef94d1463cb0b7c32fa44407c59a20172a53a4467b5e2b0c5022ec23c1ababf1bdf853cbbaf25cb637aeb80af99eda97f869e163a69c80e407cf0f28f5e2446124ee3faef3b0f4a419d5e81c75e95e810c2dccbccdc25075d6fcc8e9a7e6b449af5cb99fb02390eb04eff579364ccede49fea8164009cf1b0b632b6a02c1e1cde4411d93e96592ab580944142a753ea2eba7c43cc5b4c13275267f30914c06ad49afa2a4fba84a22d5c0f4a8b56fba8492467de9e811efb48d08ad59045c3b2a2055f76d89394e28cbc5015da8c4ff50935463dea2a44110e763a2d552fa92d98b50ad5d8274623c9ee98e53708f02fba46ae232e947f783554d279343c048dec127d41426dea7cfd4c3879b7b251fd549861fb4a585dd64b20664bec834a2e9ea723f0cee7060b3e3c9023928cab5866741a9cdc88118a244ca89518e29965f7c9e31709838a7c590a6f2de8b99182b6d2f2b0cb99bb808077a27f0403c82ebfe72f7deea3a5d4f061fca6a98efacb08e776bd04a6b456055e6f6d76267983d25cd37b6c16d0e7c757a56542c88950a8edd763f4f500cbd18da65cd78451f445a1cb5229b333869f392174a54c43fa22eb9279641f8c964468c1a548b33a74d61ee1960e349caf7d30eb241ea03ef3bb1489fddb8c635b8bc39ac5f53b07191fd1a0b57cc432aefe84f824625be7cd6082b6a4efac51cb230f83da7280b5783b91d3774fc4d00164e032dc52e8cfddbbe6769083a7ab7de07391d98af8cf7d953a4ee3a70d339d9dc4fe936676a8fb6c4d439deb1eb5c3225a9f10892986dc775381c5619fee6271f50a15bb14f77cff07574f23368db1973ac148dd16fab08bf3f7668bc705ee7ac4c82ec8b6054ac3ea2b8733d1546ae71f2428b1544e069a9e14325c3a6217c0e0df0ef753cff90a60631de534152154b84a34b3771eabaf8cd8b6aef44f4259200f6dab7d6c72c7226d882e5eba90e66bc7bbf31080deeffe758d7b9d2e4cd543c0650a15a12f04c0a045969b264d65afe78b402cbd0d37dcedc89424a728ec2014dd7d591535d38c156d00b8d75a016688014922b6cc585abcf66f744e8f17224a0f217e390e9c937072086ec028e1ffc5d312169b71e30b6d4f24288a382a40897c65dafdd8b2eb78291deb1e3213c7f243b30f9431a067131bc521328fa1bb4fd619895931131586a069d10813c7547e4e51cfa2e38f6c5899bd1db38afdcfb488fb3f145f48edff41bee99d511ee110a4b202d4a3e1e7eafa7e39ec82a77742c6a55cbca47ab52af0ba7dc496647975f7f180c9c7c2ed877ca16fa07e2bb3e632ee4509c58e924da4505a74dfca0b9f137173ac2c59e6a05c3bd433aaf2e302614aeddb99c666ab7a243fe3239b44a1468b8399737be83c1c6c7782fd950b053a53d98d55eb1f40d2cd94f088a6927cfc61df4d6ad7aede4f20444f768322db3d4d8d2ce9a7fac41115ec0a82f7e8c792c26be30f2d8e397eb6a50e3d59dd13d473411a56867d0938db978405fbb5068ea77ce40daa5390f4ed409a1cc70bfc54afaadd04c4671c02b826fc558f3585b256def184d2f69cc67539e26d03fa20d12721ad6ed9f5fcec41588b93fe9fa93f71caaca99987d1a65ef2773b160d74871b5b0e30e12585c609240d0eed3697cbf03c292407fc7a8c80a8e0369b6e8f311cf8fdb8cf1a3caaa32f2147b8fd0cb359e8f585c975f8c96b5648ff9", 0xa8c}], 0x1}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <3>
bisect: split chunk #0 of len 3 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG-ioctl$KVM_RUN-madvise-inotify_init-syz_clone-mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs
detailed listing:
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG-ioctl$KVM_RUN-madvise-inotify_init-syz_clone-mkdirat$cgroup_root-openat$cgroup_root-openat$cgroup_procs
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
bisect: concatenation succeeded
found reproducer with 18 syscalls
minimizing guilty program
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG-ioctl$KVM_RUN-madvise-inotify_init-syz_clone-mkdirat$cgroup_root-openat$cgroup_root
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG-ioctl$KVM_RUN-madvise-inotify_init-syz_clone-mkdirat$cgroup_root
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG-ioctl$KVM_RUN-madvise-inotify_init-syz_clone
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG-ioctl$KVM_RUN-madvise-inotify_init
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
inotify_init()

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG-ioctl$KVM_RUN-madvise
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_GUEST_DEBUG
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0x0, 0x0, 0x0, 0x0, 0x1, 0x32, 0x0, 0x800000]})

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-openat$kvm-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-bind$inet6-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-socket$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-socket$inet6-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
socket$inet6(0xa, 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={0x0, r0, 0x0, 0x2}, 0x18)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-bpf$BPF_PROG_RAW_TRACEPOINT_LOAD-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x40f00, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB], 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
simplifying C reproducer
testing compiled C program (duration=45s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program did not crash
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
reproducing took 34m56.947287919s
repro crashed as (corrupted=true):
BUG: kernel NULL pointer dereference, address: 0000000000000086
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 1ef765067 P4D 1ef765067 PUD 1ef766067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 349 Comm: syz-executor198 Not tainted 5.4.289-syzkaller-00025-g49530c73f82d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:0x86
Code: Bad RIP value.
RSP: 0018:ffff8881db67f308 EFLAGS: 00010086
RAX: ffff8881db67f338 RBX: dffffc0000000000 RCX: ffff8881f31c4ec0
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000fd0 R08: ffffffff8231c921 R09: ffffffff811c8f95
R10: ffff8881f31c4ec0 R11: 0000000000000002 R12: ffffffff846015d0
R13: fffffe0000000fd8 R14: ffff8881eedb0000 R15: fffffe0000000fdb
FS:  0000555585639480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000005c CR3: 00000001ef1b0000 CR4: 00000000003426b0
Call Trace:
Modules linked in:
CR2: 0000000000000086
---[ end trace 0076c44996c46120 ]---
RIP: 0010:0x86
Code: Bad RIP value.
RSP: 0018:ffff8881db67f308 EFLAGS: 00010086
RAX: ffff8881db67f338 RBX: dffffc0000000000 RCX: ffff8881f31c4ec0
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000fd0 R08: ffffffff8231c921 R09: ffffffff811c8f95
R10: ffff8881f31c4ec0 R11: 0000000000000002 R12: ffffffff846015d0
R13: fffffe0000000fd8 R14: ffff8881eedb0000 R15: fffffe0000000fdb
FS:  0000555585639480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000005c CR3: 00000001ef1b0000 CR4: 00000000003426b0

report is corrupted, running repro again
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
report is corrupted, running repro again
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
report is corrupted, running repro again
testing compiled C program (duration=45s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-ioctl$KVM_RUN
program did not crash
final repro crashed as (corrupted=true):
BUG: kernel NULL pointer dereference, address: 0000000000000086
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 1ef24e067 P4D 1ef24e067 PUD 1eec61067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 350 Comm: syz-executor329 Not tainted 5.4.289-syzkaller-00025-g49530c73f82d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:0x86
Code: Bad RIP value.
RSP: 0018:ffff8881ef79f308 EFLAGS: 00010086
RAX: ffff8881ef79f338 RBX: dffffc0000000000 RCX: ffff8881ef110000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000ec0 R08: ffffffff8231c921 R09: ffffffff811c8f95
R10: ffff8881ef110000 R11: 0000000000000002 R12: ffffffff84601550
R13: fffffe0000000ec8 R14: ffff8881eedd8000 R15: fffffe0000000ecb
FS:  000055556d165480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000005c CR3: 00000001ef050000 CR4: 00000000003426a0
Call Trace:
Modules linked in:
CR2: 0000000000000086
---[ end trace a37df4817d6c2406 ]---
RIP: 0010:0x86
Code: Bad RIP value.
RSP: 0018:ffff8881ef79f308 EFLAGS: 00010086
RAX: ffff8881ef79f338 RBX: dffffc0000000000 RCX: ffff8881ef110000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000ec0 R08: ffffffff8231c921 R09: ffffffff811c8f95
R10: ffff8881ef110000 R11: 0000000000000002 R12: ffffffff84601550
R13: fffffe0000000ec8 R14: ffff8881eedd8000 R15: fffffe0000000ecb
FS:  000055556d165480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000005c CR3: 00000001ef050000 CR4: 00000000003426a0