Extracting prog: 6m35.63508319s
Minimizing prog: 1h33m50.977072752s
Simplifying prog options: 0s
Extracting C: 56.913676677s
Simplifying C: 15m48.01844606s


extracting reproducer from 30 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$DRM_IOCTL_GET_CLIENT-syz_mount_image$fuse-creat-write$binfmt_elf64-pwritev2-truncate-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {<r4=>0xee01}, 0x1, 0x24})
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$binfmt_elf64(r5, &(0x7f0000000080)=ANY=[], 0xfd14)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000001c0)="85", 0x1}], 0x1, 0x0, 0x0, 0x0)
truncate(&(0x7f0000000140)='./bus\x00', 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 11, 14, 27, 21, 1, 25, 30, 21, 11, 22, 15, 25, 27, 20, 15, 16, 14, 1, 21, 29, 30, 21, 25, 29, 11, 23, 25, 22, 16]
detailed listing:
executing program 2:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/consoles\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$PPPIOCDISCONN(r0, 0x7439)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
fcntl$dupfd(r0, 0x406, r5)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}}, 0x40)
readv(0xffffffffffffffff, &(0x7f0000001500)=[{&(0x7f0000000100)=""/51, 0x33}], 0x1)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8)
r6 = socket$kcm(0x10, 0x2, 0x10)
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r7, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r7, 0x7b1, &(0x7f0000000080)={0x0, 0x1, 0xc00, 0x8})
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x9aea7ec9, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f00f90224fc6010c2080000000200053582c137143e37000c0680050002000300", 0x33fe0}], 0x1}, 0x4000840)
prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffffe1)
futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4d014}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x1f, 0x7fffffff}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x9}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22004002}, 0x0)
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(0x0, 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x38, 0x0, 0x0)
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="5402"], 0x69)
close(0xffffffffffffffff)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
executing program 2:
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0600000004000000fc0f00000a00000000000000", @ANYRES32, @ANYBLOB="9ad25184b0c70f6f00"/20, @ANYBLOB="00000000000000000100"/28], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0)
close(r4)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
close(r3)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001500)={&(0x7f00000004c0)=ANY=[@ANYBLOB], 0x0, 0x3e, 0x0, 0x0, 0x0, 0x10000, @value=r0}, 0x28)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
statx(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
preadv2(r5, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)
executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
prctl$PR_GET_KEEPCAPS(0x7)
socket$inet6_udp(0xa, 0x2, 0x0)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg$can_raw(r0, &(0x7f00000003c0)={&(0x7f0000000300)=@alg, 0x80, &(0x7f0000000640)=[{&(0x7f0000000280)=""/53, 0x35}, {&(0x7f0000000700)=""/164, 0xa4}, {0x0}], 0x3}, 0x10000)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x28, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x7a680000)
executing program 4:
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
executing program 2:
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
syz_io_uring_setup(0x3f9f, &(0x7f0000000140)={0x0, 0x2, 0x2, 0x2, 0xdb}, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$igmp(0x2, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid()
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r2 = io_uring_setup(0xefe, &(0x7f0000000080)={0x0, 0xd9d8, 0x8})
io_uring_register$IORING_REGISTER_FILES(r2, 0x1e, 0x0, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$inet6(r4, &(0x7f0000003080)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, 0x1c, &(0x7f0000001b40)=[{&(0x7f00000007c0)="451fb88ae975f58b82298dca2a6ee73f3cb4da03d559c14582e34297893c5f4fee2bf9d29330a460441f8cf14b0db1f32807d00c8ebdd96da9b1f10d67bb1302d966b57255173f30cbca9833", 0x4c}, {&(0x7f00000008c0)}, {&(0x7f0000000a40)="13ab3eeee593968811a98ce0eb08018efc054c8faeba6abd27c981fdbba854db371d3ef85fff0c5a815bce21f63166c801401f654ac3fd484338b4ccb726d2eb2e87f4a952aab9c6ab538365407a9b5b3f5d19b4d7d9afc8072d1d259130729a6745080c9db7398d70da7c1db8bc139e937a2a41f903526d5e15b06b01a068396389ed6dde3749593c274c153ecfa407e7aeb7f20f2eb436898fac9f0724b1894b286db08902dee46666f3af3c6a667eefa37e7eba83b8ddf74f0127ef456502cb08b0dcd36ff606a82b01910f", 0xcd}, {&(0x7f0000000b40)}, {&(0x7f0000000440)}, {0x0}], 0x6}}, {{&(0x7f0000002e40)={0xa, 0x0, 0x6, @mcast2, 0x2}, 0x1c, &(0x7f0000002f40)=[{&(0x7f0000002e80)}], 0x1, &(0x7f0000000680)=ANY=[], 0x18}}], 0x3, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='mountinfo\x00')
r5 = socket$igmp(0x2, 0x3, 0x2)
bind$inet(r5, &(0x7f0000000100)={0x2, 0x4e22, @broadcast}, 0x10)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, 0x0)
syz_io_uring_setup(0x2642, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xf0f071, 0x19})
executing program 0:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/consoles\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$PPPIOCDISCONN(r0, 0x7439)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
fcntl$dupfd(r0, 0x406, r5)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14000000150001030000000000"], 0x14}}, 0x40)
readv(0xffffffffffffffff, &(0x7f0000001500)=[{&(0x7f0000000100)=""/51, 0x33}], 0x1)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8)
r6 = socket$kcm(0x10, 0x2, 0x10)
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r7, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r7, 0x7b1, &(0x7f0000000080)={0x0, 0x1, 0xc00, 0x8})
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x9aea7ec9, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f00f90224fc6010c2080000000200053582c137143e37000c0680050002000300", 0x33fe0}], 0x1}, 0x4000840)
prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffffe1)
futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4d014}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x1f, 0x7fffffff}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x9}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22004002}, 0x0)
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = inotify_init()
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000580)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r5}, 0x10)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc028aa05, &(0x7f00000000c0)={{&(0x7f0000cfe000/0x1000)=nil, 0x1000}, 0x1000000})
inotify_add_watch(r4, &(0x7f0000000340)='.\x00', 0xa50003d1)
tkill(r1, 0x31)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(0x0, 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x38, 0x0, 0x0)
executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket(0x11, 0x800000003, 0x0)
r2 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000d40)=@newqdisc={0x88, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffe], [0x0, 0x4]}}}}]}, 0x88}}, 0x0)
socket$unix(0x1, 0x2, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r4, 0x114, 0x1, &(0x7f0000000240)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10)
r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x40000000000000f9, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
r6 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
preadv(r6, &(0x7f0000002240), 0x0, 0x0, 0x0)
pread64(r6, &(0x7f00000000c0)=""/73, 0x49, 0x7)
ioctl$RTC_SET_TIME(r6, 0x4024700a, &(0x7f0000000300)={0x3c, 0x18, 0x10, 0x17, 0x5, 0x9, 0x4, 0x8f})
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r7, 0x5761, &(0x7f0000000140)={0x1, 0x0, [{0x4001ff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x100]}]})
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000180))
executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_sctp(0xa, 0x801, 0x84)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
executing program 3:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000340)='.\x00', 0xa50003d1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r6, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x1a, 0x109, 0x2}, 0x1c}}, 0x0)
socket$inet(0x2, 0x3, 0x2)
connect$can_bcm(r0, &(0x7f0000000080), 0x10)
executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004c, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @value}, 0x90)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r0, &(0x7f0000000000)="c5", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x15}, 0x1c)
setsockopt$inet6_int(r0, 0x84, 0x0, 0x0, 0x0)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0)
setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000040)=@ccm_128={{0x303}, "6231278708e5fcab", "7599bf3ab2530451bd5e465161b98770", "3118ad5c", "d7922f11b9b449f6"}, 0x28)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder-control\x00', 0x0, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
getsockopt$bt_hci(r2, 0x0, 0x1, &(0x7f0000002700)=""/4096, &(0x7f0000000200)=0x1000)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0400112000"], 0x7)
socket(0x0, 0x3, 0x0)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = syz_open_procfs(0x0, &(0x7f00000021c0)='maps\x00')
read$char_usb(r6, &(0x7f0000000040)=""/4122, 0x101a)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000100)={'veth1_vlan\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x2c, 0x2}})
r7 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
close(r7)
socket$inet_dccp(0x2, 0x6, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000640), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB="2c7780648e6f3d", @ANYRESHEX, @ANYBLOB=',\x00'])
executing program 0:
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
clock_gettime(0x0, &(0x7f0000000280)={<r1=>0x0, <r2=>0x0})
pselect6(0x40, &(0x7f0000000000)={0x7, 0x7, 0x4, 0x80, 0xffffffff80000000, 0x8, 0x8, 0x81}, &(0x7f0000000180)={0x7, 0x7, 0xffff, 0x2, 0x80000000, 0x2, 0xfe1, 0x3}, &(0x7f00000001c0)={0x9, 0x7, 0x7, 0xd, 0x3876, 0x5, 0x5, 0x38}, &(0x7f0000002340)={r1, r2+10000000}, &(0x7f00000023c0)={&(0x7f0000002380)={[0x9]}, 0x8})
recvfrom$inet_nvme(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$smc(&(0x7f00000000c0), 0xffffffffffffffff)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000000300)={0x2020}, 0x2020)
executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_sctp(0xa, 0x801, 0x84)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, 0x0)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @loopback}, 0xc)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0xb9)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x400080, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=@newlink={0x48, 0x10, 0x503, 0x0, 0x4, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x2000}}}}}}]}, 0x48}}, 0x0)
executing program 0:
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000080)='./file1\x00', 0x1000004, &(0x7f0000000d40)=ANY=[@ANYRES16=0x0, @ANYRES32], 0x4, 0x7c1, &(0x7f0000001a00)="$eJzs3U1sHOUZAOB3HIcEI6WIVimKQpgEKgUpmPUaTF0OsKzH9sB619pdV4mqikbEQVYcoFDUkgtElaCtWlU99Ui5cuuNqlIr9dD2VKkceukNiVNFpf6JqkJyNbPrxH9rh+D8QJ7H8n6zs+983zvr9bw7a++3AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+qVMaSaOTfXjiZDlafarfmtrl9tb/frmvWeWLduBFJ8R3798dH/+qt+9Llmw8WF8ficO/a4dhfNPvjwh0H73zsi8NDq9tvk9DVOnqFcUnE60VS504vLy++dA0SuY5+9OtPvMl/V4rLmayZd1r5XG0mS/NOK52cmKg8NDvdSafzRtY51elmc2m9ndW6rXZ6vP5AOjY5OZ5mo6daC82ZqVojW1356IPVSmUifWp0Pqu1O63mQ09Fpz6bNxp5c6aMqVa+G0XMo8UD8em8m3az2lyanl1aXhzfKdUiaGyrG/b0Hj+H77/zg1fe/+fSYvGAHNRJ0n9gVsfGqtWxiUcmH3m0UhmuVqrrV1Q2iEsRMRRRRFyTBy2fIbt7AIdPYahf/6MReTRjIU5GuuFrb0TsjXpMRTtaMVes+8veTVF9q/X/Kw/9/U/bjbu2/q9W+bsv33woyvp/pHftyKD6vymL6/31crwaF+JcnI7lWI7FeGl3+9+36xkPfdoeknXXZiKLZuTRiVbkMRe1ck3aX5PGZEzERFTimZiN6ehEGtORRyOy6MSp6EQ3svIRVY92ZFGLbrSiHWkcj3o8EGmMxWRMxnikkcVonIpWLEQzZuLBqJW9nI2l8n4f35DlwdvjV8/9+YO3iuVLQWPb7VbxZK4I+sc2QZvK/bb1f2WleL6wMUL9v9Vdg6M4XJ2V1foPAAAAfG4l5avvSfkS/z3l0nTeyL5xo9MCAAAAdlH5l//DRbO3WLonkuL8v7JF5HvXPTcAAABgdyTle+ySiBiJe3tLZ2MpXo/F2OpFAAAAAOAzqPz7/5GiGYl4rVyxOl2K838AAAD4nPjBoDn231+dY7czvy/5TTkHcHJx/uT9yflaEVc7v6e3Xb/5+qUeu9OHkgP9TspmYvjCHUlEDNezw8nq7Jcf7+u1H5aXh4YvbT5orv+k3d42gdg+gfJa/DiO9mKOnum1Z/q3JL1RRqbzRjZabzUeK6dELL67rzy/9L2IYvQfNucOJHF2aXlx9NkXls+UuVwserl4vj+B4rp5FFe+sG0uK/17IO7Zeo/3lm/E6I870hu3snb/h8qt/7dSzjM7cP+TtWO+Ecd6McdGeu3I6i29MfcXY46NPjYWtdqBoW52svvKypq972cxttOe7/BTeCPu68Xcd/y+XrNFFtV1WTy/OYvq2ix690UM7VIWbx197eR/ft9KsvGdshj/BFms7InYmAXAjXK2nPXnchW6vaxCRVEpFPV/Q929fXXLKzjW/vvyKL1nGR/3u42INbVuODZW98t9X1l1X4neEf14L+Z47/nE8KEt6kpliyP6i0sv/qF/RH/4nZ//4ptH/vjLctyrqm7vxAO9mH4Td/1uQI0t9vknG6rq28UWb285bvEcrNOoJnExYs93zr8YB19+9cKDS+dPP7f43OLz1er4ROXhSuWRauwtnyr0m20yBeDWtfNn7AyMuK3fRfLwoLPqfsW769K/FIzGs/FCLMeZOFG+2yAi7t087rvFmfiaf0M4scNZ68iaT3g5scO55eXY6ubYJAbEjq+5x778s7L56Jr8OADguji2TR3eof5femX+xA7n3etr+Yaz4xhcy7fy1Wt6bwDArSFrf5iMdN9M2u18/pmxycmxWnc2S9ut+tNpO5+aydK82c3a9dlacyZL59utbqu++sLxVNZJOwvz8612N51utdMY6uQny09+T/sf/d7J5mrNbl7vzDeyWidL661mt1bvplN5p57OLzzZyDuzWbvcuDOf1fPpvF7r5q1m2mkttOvZaJp2smxNYD6VNbv5dF4sNtP5dj5Xa1+MiMbCXJZOZZ16O5/vtnodro6VN6db7bmy29HNu/+3631/A8DN4OVXL5w7vby8+NLVLfz1SoJv9D4CAOup0gAAAAAAAAAAAAAAcPPb/Ha9Yu2neEfgJ1vYF9d8iFto4Wv9KRl7a4qlmySxG7fwrccfPzco5snX7p69sn62/k3Z6q2ubx6IuO3dn/bWPDE4+Pv937/d2dP3IuIqNl9JtolZd5i47ToflgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgS/8PAAD//9u2aZI=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c00)={0x18, 0x24, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000026ce0000000000000900000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000950000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000008000000850000000600000018190000", @ANYRES32, @ANYBLOB="000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7030000000000008500", @ANYRES32, @ANYBLOB="000000f2ff000000b703000000000000850000000c000000b7"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x1000, &(0x7f0000002200)=""/4096, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000640)={0x0, 0x5, 0x5, 0x2ab}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000b00)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000b40)=[{0x4, 0x3, 0xa, 0x6}, {0x1, 0x1, 0xb, 0x6}, {0x5, 0x1, 0xf, 0x8}, {0x4, 0x3, 0xd, 0x1}, {0x2, 0x1, 0x6, 0x6}, {0x4, 0x1, 0x0, 0x2}, {0x0, 0x5, 0x9, 0xb}, {0x1, 0x1, 0xe, 0x5}, {0x0, 0x3, 0xb, 0x1}], 0x10, 0x5, @void, @value}, 0x94)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
executing program 4:
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, 0x0, 0x0, 0x2, 0x0)
r4 = inotify_init()
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000580)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r5}, 0x10)
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc028aa05, &(0x7f00000000c0)={{&(0x7f0000cfe000/0x1000)=nil, 0x1000}, 0x1000000})
inotify_add_watch(r4, &(0x7f0000000340)='.\x00', 0xa50003d1)
tkill(r1, 0x31)
executing program 3:
socket$inet6_sctp(0xa, 0x1, 0x84)
socket(0x2a, 0x2, 0x1ff)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
socket$key(0xf, 0x3, 0x2)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xe2c84000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500", @ANYRES8], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x3}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000002)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc)
mount$9p_fd(0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[])
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x20040814)
r5 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsmount(r5, 0x0, 0x0)
tkill(0x0, 0xb)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f0000"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0)
executing program 4:
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/consoles\x00', 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$PPPIOCDISCONN(r0, 0x7439)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
fcntl$dupfd(r0, 0x406, r5)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001500010300000000000000000a"], 0x14}}, 0x40)
readv(0xffffffffffffffff, &(0x7f0000001500)=[{&(0x7f0000000100)=""/51, 0x33}], 0x1)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8)
r6 = socket$kcm(0x10, 0x2, 0x10)
r7 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r7, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x80000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r7, 0x7b1, &(0x7f0000000080)={0x0, 0x1, 0xc00, 0x8})
sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x9aea7ec9, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f00f90224fc6010c2080000000200053582c137143e37000c0680050002000300", 0x33fe0}], 0x1}, 0x4000840)
prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffffe1)
futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x581, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x4d014}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x1f, 0x7fffffff}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x9}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22004002}, 0x0)
executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
prctl$PR_GET_KEEPCAPS(0x7)
socket$inet6_udp(0xa, 0x2, 0x0)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg$can_raw(r0, &(0x7f00000003c0)={&(0x7f0000000300)=@alg, 0x80, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000280)=""/53, 0x35}, {&(0x7f0000000700)=""/164, 0xa4}, {0x0}], 0x4}, 0x10000)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x28, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)
sendfile(r0, r0, 0x0, 0x7a680000)
executing program 1:
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
rt_sigprocmask(0x0, 0x0, 0x0, 0x8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, 0x0, 0xa50003d1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
syz_open_dev$MSR(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r6, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newroute={0x1c, 0x1a, 0x109, 0x2}, 0x1c}}, 0x0)
socket$inet(0x2, 0x3, 0x2)
connect$can_bcm(r0, &(0x7f0000000080), 0x10)
executing program 1:
socket$inet6_sctp(0xa, 0x1, 0x84)
socket(0x2a, 0x2, 0x1ff)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
socket$key(0xf, 0x3, 0x2)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xe2c84000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500", @ANYRES8], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x3}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000002)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc)
mount$9p_fd(0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[])
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x20040814)
r5 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsmount(r5, 0x0, 0x0)
tkill(0x0, 0xb)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f0000"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4000801}, 0x0)
executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x38, 0x0, 0x0)
executing program 0:
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x10, 0x2, 0x4)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b00"], 0x10}}, 0x0)
sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
close(r1)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x10}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0)
bind$can_j1939(r3, &(0x7f0000000100), 0x18)
connect$can_j1939(r3, 0x0, 0x0)
sendmsg$can_j1939(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
executing program 2:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {<r4=>0xee01}, 0x1, 0x24})
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$binfmt_elf64(r5, &(0x7f0000000080)=ANY=[], 0xfd14)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000001c0)="85", 0x1}], 0x1, 0x0, 0x0, 0x0)
truncate(&(0x7f0000000140)='./bus\x00', 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})
executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$TCFLSH(0xffffffffffffffff, 0x541b, 0xe9de07c7497efffe)
dup(0xffffffffffffffff)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r5 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, r4)
r6 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f00000001c0)={r6, r5, r6}, &(0x7f0000000240)=""/249, 0xf9, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCBRDELBR(r7, 0x89a1, &(0x7f0000000a80)='hsr0\x00')
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TCSETS(r8, 0x40045431, 0x0)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @loopback}, 0xc)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0xb9)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x400080, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000200)=@newlink={0x48, 0x10, 0x503, 0x0, 0x4, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x2000}}}}}}]}, 0x48}}, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$DRM_IOCTL_GET_CLIENT-syz_mount_image$fuse-creat-write$binfmt_elf64-pwritev2-truncate-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {<r4=>0xee01}, 0x1, 0x24})
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$binfmt_elf64(r5, &(0x7f0000000080)=ANY=[], 0xfd14)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000001c0)="85", 0x1}], 0x1, 0x0, 0x0, 0x0)
truncate(&(0x7f0000000140)='./bus\x00', 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
single: successfully extracted reproducer
found reproducer with 25 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$DRM_IOCTL_GET_CLIENT-syz_mount_image$fuse-creat-write$binfmt_elf64-pwritev2-truncate
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {<r4=>0xee01}, 0x1, 0x24})
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$binfmt_elf64(r5, &(0x7f0000000080)=ANY=[], 0xfd14)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000001c0)="85", 0x1}], 0x1, 0x0, 0x0, 0x0)
truncate(&(0x7f0000000140)='./bus\x00', 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$DRM_IOCTL_GET_CLIENT-syz_mount_image$fuse-creat-write$binfmt_elf64-pwritev2-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {<r4=>0xee01}, 0x1, 0x24})
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$binfmt_elf64(r5, &(0x7f0000000080)=ANY=[], 0xfd14)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f00000001c0)="85", 0x1}], 0x1, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$DRM_IOCTL_GET_CLIENT-syz_mount_image$fuse-creat-write$binfmt_elf64-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {<r4=>0xee01}, 0x1, 0x24})
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$binfmt_elf64(r5, &(0x7f0000000080)=ANY=[], 0xfd14)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$DRM_IOCTL_GET_CLIENT-syz_mount_image$fuse-creat-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {<r4=>0xee01}, 0x1, 0x24})
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
creat(&(0x7f0000000100)='./bus\x00', 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$DRM_IOCTL_GET_CLIENT-syz_mount_image$fuse-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$TCFLSH(r3, 0x400455c8, 0x2)
ioctl$TIOCSETD(r3, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {<r4=>0xee01}, 0x1, 0x24})
syz_mount_image$fuse(&(0x7f0000000340), &(0x7f00000003c0)='./bus\x00', 0x8, &(0x7f00000005c0)={{'fd', 0x3d, r1}, 0x2c, {}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}, {@default_permissions}], [{@fsname={'fsname', 0x3d, '//'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\''}}, {@euid_eq={'euid', 0x3d, r4}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@seclabel}]}}, 0x7, 0x0, &(0x7f00000006c0)="3cbf250f84e387d73aa5dec83369633ab9b107b49c98bf8ea9a58cb6cc92d021dcfb775b92cf1bd2bd25738979f23eb7a393da52ab10cb98a6b66d7608ca4cf95924b77fc1804a2be0142cbe553e3cd073bc9bf474c5e7745d0b17b04e97194553c76cfae27170e4a533bf0a76ce13af1c3b56d1d3cd7a64a6b10f18b366caced63c2f")
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$DRM_IOCTL_GET_CLIENT-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000380)=0xff)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x7f, 0x261, {}, {0xee01}, 0x1, 0x24})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000380)=0xff)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000280)=0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSETD-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSETD(r2, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-ioctl$TIOCSETD-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-openat$ptmx-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$cuse-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$TCFLSH(r1, 0x400455c8, 0x2)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-syz_io_uring_submit-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x348}, 0x0, 0x800, 0x1})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-syz_open_dev$sndmidi-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x2)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-openat$sequencer-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x2)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-sched_setscheduler-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prctl$PR_SCHED_CORE-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet_udp-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0x11, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x4, 0x100})

program crashed: general protection fault in h5_recv
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
detailed listing:
executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCFLSH(r2, 0x400455c8, 0x2)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)

program crashed: general protection fault in h5_recv
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
program crashed: general protection fault in h5_recv
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
program did not crash
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
program did not crash
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
program crashed: general protection fault in h5_recv
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
program crashed: general protection fault in h5_recv
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
program crashed: general protection fault in h5_recv
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
program crashed: general protection fault in h5_recv
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prctl$PR_SCHED_CORE-prlimit64-openat$sequencer-syz_open_dev$sndmidi-writev-openat$ptmx-ioctl$TIOCSETD-fcntl$dupfd-ioctl$TCFLSH-ioctl$TIOCSTI-ioctl$TIOCSTI-syz_io_uring_submit
program crashed: general protection fault in h5_recv
reproducing took 1h57m11.54430014s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc000000005f: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000002f8-0x00000000000002ff]
CPU: 1 UID: 0 PID: 5834 Comm: syz-executor200 Not tainted 6.14.0-rc2-next-20250210-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:h5_recv+0x153/0x940 drivers/bluetooth/hci_h5.c:572
Code: 08 01 44 8b 64 24 04 48 8b 5c 24 08 4c 8b 74 24 18 49 ff c7 41 ff cc 45 85 e4 0f 8e 55 06 00 00 e8 a2 58 f5 f8 48 8b 44 24 30 <42> 80 3c 28 00 74 08 48 89 df e8 ce 53 5c f9 48 8b 1b 31 ff 48 89
RSP: 0018:ffffc90003e8fc60 EFLAGS: 00010202
RAX: 000000000000005f RBX: 00000000000002f8 RCX: 0000000000000061
RDX: ffff8880350dda00 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90003e8fd70 R08: ffffffff88ca308e R09: 1ffff110062cdb03
R10: dffffc0000000000 R11: ffffffff88ca2fd0 R12: 0000000000000001
R13: dffffc0000000000 R14: ffff88803166d800 R15: ffffc90003e8fe00
FS:  00007f38f1dd06c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f38f1d8ed58 CR3: 000000007b704000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hci_uart_tty_receive+0x141/0x1c0 drivers/bluetooth/hci_ldisc.c:622
 tiocsti+0x24d/0x300 drivers/tty/tty_io.c:2299
 tty_ioctl+0x518/0xdc0 drivers/tty/tty_io.c:2716
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38f1e183d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f38f1dd0218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f38f1e9f328 RCX: 00007f38f1e183d9
RDX: 0000400000000040 RSI: 0000000000005412 RDI: 0000000000000006
RBP: 00007f38f1e9f320 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38f1e6c074
R13: 0000400000000300 R14: 00004000000000c0 R15: 0000400000000040
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:h5_recv+0x153/0x940 drivers/bluetooth/hci_h5.c:572
Code: 08 01 44 8b 64 24 04 48 8b 5c 24 08 4c 8b 74 24 18 49 ff c7 41 ff cc 45 85 e4 0f 8e 55 06 00 00 e8 a2 58 f5 f8 48 8b 44 24 30 <42> 80 3c 28 00 74 08 48 89 df e8 ce 53 5c f9 48 8b 1b 31 ff 48 89
RSP: 0018:ffffc90003e8fc60 EFLAGS: 00010202
RAX: 000000000000005f RBX: 00000000000002f8 RCX: 0000000000000061
RDX: ffff8880350dda00 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90003e8fd70 R08: ffffffff88ca308e R09: 1ffff110062cdb03
R10: dffffc0000000000 R11: ffffffff88ca2fd0 R12: 0000000000000001
R13: dffffc0000000000 R14: ffff88803166d800 R15: ffffc90003e8fe00
FS:  00007f38f1dd06c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000040000000f000 CR3: 000000007b704000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	08 01                	or     %al,(%rcx)
   2:	44 8b 64 24 04       	mov    0x4(%rsp),%r12d
   7:	48 8b 5c 24 08       	mov    0x8(%rsp),%rbx
   c:	4c 8b 74 24 18       	mov    0x18(%rsp),%r14
  11:	49 ff c7             	inc    %r15
  14:	41 ff cc             	dec    %r12d
  17:	45 85 e4             	test   %r12d,%r12d
  1a:	0f 8e 55 06 00 00    	jle    0x675
  20:	e8 a2 58 f5 f8       	call   0xf8f558c7
  25:	48 8b 44 24 30       	mov    0x30(%rsp),%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 ce 53 5c f9       	call   0xf95c5407
  39:	48 8b 1b             	mov    (%rbx),%rbx
  3c:	31 ff                	xor    %edi,%edi
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc000000005f: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000002f8-0x00000000000002ff]
CPU: 1 UID: 0 PID: 5834 Comm: syz-executor200 Not tainted 6.14.0-rc2-next-20250210-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:h5_recv+0x153/0x940 drivers/bluetooth/hci_h5.c:572
Code: 08 01 44 8b 64 24 04 48 8b 5c 24 08 4c 8b 74 24 18 49 ff c7 41 ff cc 45 85 e4 0f 8e 55 06 00 00 e8 a2 58 f5 f8 48 8b 44 24 30 <42> 80 3c 28 00 74 08 48 89 df e8 ce 53 5c f9 48 8b 1b 31 ff 48 89
RSP: 0018:ffffc90003e8fc60 EFLAGS: 00010202
RAX: 000000000000005f RBX: 00000000000002f8 RCX: 0000000000000061
RDX: ffff8880350dda00 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90003e8fd70 R08: ffffffff88ca308e R09: 1ffff110062cdb03
R10: dffffc0000000000 R11: ffffffff88ca2fd0 R12: 0000000000000001
R13: dffffc0000000000 R14: ffff88803166d800 R15: ffffc90003e8fe00
FS:  00007f38f1dd06c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f38f1d8ed58 CR3: 000000007b704000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 hci_uart_tty_receive+0x141/0x1c0 drivers/bluetooth/hci_ldisc.c:622
 tiocsti+0x24d/0x300 drivers/tty/tty_io.c:2299
 tty_ioctl+0x518/0xdc0 drivers/tty/tty_io.c:2716
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f38f1e183d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f38f1dd0218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f38f1e9f328 RCX: 00007f38f1e183d9
RDX: 0000400000000040 RSI: 0000000000005412 RDI: 0000000000000006
RBP: 00007f38f1e9f320 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f38f1e6c074
R13: 0000400000000300 R14: 00004000000000c0 R15: 0000400000000040
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:h5_recv+0x153/0x940 drivers/bluetooth/hci_h5.c:572
Code: 08 01 44 8b 64 24 04 48 8b 5c 24 08 4c 8b 74 24 18 49 ff c7 41 ff cc 45 85 e4 0f 8e 55 06 00 00 e8 a2 58 f5 f8 48 8b 44 24 30 <42> 80 3c 28 00 74 08 48 89 df e8 ce 53 5c f9 48 8b 1b 31 ff 48 89
RSP: 0018:ffffc90003e8fc60 EFLAGS: 00010202
RAX: 000000000000005f RBX: 00000000000002f8 RCX: 0000000000000061
RDX: ffff8880350dda00 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90003e8fd70 R08: ffffffff88ca308e R09: 1ffff110062cdb03
R10: dffffc0000000000 R11: ffffffff88ca2fd0 R12: 0000000000000001
R13: dffffc0000000000 R14: ffff88803166d800 R15: ffffc90003e8fe00
FS:  00007f38f1dd06c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000040000000f000 CR3: 000000007b704000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	08 01                	or     %al,(%rcx)
   2:	44 8b 64 24 04       	mov    0x4(%rsp),%r12d
   7:	48 8b 5c 24 08       	mov    0x8(%rsp),%rbx
   c:	4c 8b 74 24 18       	mov    0x18(%rsp),%r14
  11:	49 ff c7             	inc    %r15
  14:	41 ff cc             	dec    %r12d
  17:	45 85 e4             	test   %r12d,%r12d
  1a:	0f 8e 55 06 00 00    	jle    0x675
  20:	e8 a2 58 f5 f8       	call   0xf8f558c7
  25:	48 8b 44 24 30       	mov    0x30(%rsp),%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 ce 53 5c f9       	call   0xf95c5407
  39:	48 8b 1b             	mov    (%rbx),%rbx
  3c:	31 ff                	xor    %edi,%edi
  3e:	48                   	rex.W
  3f:	89                   	.byte 0x89