Extracting prog: 4m41.65813348s
Minimizing prog: 31m4.374943987s
Simplifying prog options: 5m41.862979564s
Extracting C: 1m41.774481279s
Simplifying C: 27m30.786049517s


extracting reproducer from 45 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r0, 0x0, 0x0) (async)
fchdir(r1) (async)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program did not crash
single: failed to extract reproducer
bisect: bisecting 45 programs with base timeout 30s
testing program (duration=41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 2, 1, 13, 3, 2, 2, 9, 11, 8, 29, 7, 29, 29, 1, 3, 7, 7, 10, 4, 4, 8, 5, 4, 16, 14, 6, 9, 15, 17, 8, 6, 19, 8, 13, 5, 6, 4, 9, 15, 3, 13, 19, 15, 12]
detailed listing:
executing program 1:
r0 = epoll_create1(0x0)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x2002, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000180)={0xf0002030})
r2 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RNDADDENTROPY(r2, 0x40045201, &(0x7f0000000000)=ANY=[])
executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0xe7030000}, 0x20000000)
executing program 1:
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000b00"], 0x10b8}, 0x0)
executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x181097, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0\x00', 0x2002c2, 0x2)
r1 = open_tree(r0, &(0x7f0000000300)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r2, &(0x7f000001a240)=""/102400, 0x19000, 0x1000000000)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r2, 0x40505331, &(0x7f0000000000)={{0x4, 0x7}, {0x7, 0x7c}, 0x645f, 0x1, 0x1})
executing program 1:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x400c55cb, &(0x7f0000000080)={{}, 'syz1\x00'})
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d0009050303"], 0x0)
executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x2}]}, 0x1c}}, 0x20000000) (fail_nth: 87)
executing program 32:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x2}]}, 0x1c}}, 0x20000000) (fail_nth: 87)
executing program 0:
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x1080000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)
fstatfs(r0, &(0x7f0000000d00)=""/4096)
executing program 0:
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f00000000c0)="ad")
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000380)={0x20, 0x12, 0x4, "3f424799"}, 0x0, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x8d}, 0x0, &(0x7f00000004c0)={0x20, 0x0, 0x4, {0xe0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x121000, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001c0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000000000004"])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
userfaultfd(0x801)
executing program 0:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0)
write$UHID_INPUT(r0, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f91b50090987f70906d038e7ff7fc6e5539b0d3d0e8b089b33396d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4004000)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff})
close_range(r7, 0xffffffffffffffff, 0x2)
dup3(r5, r7, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
r9 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'tunl0\x00', <r10=>0x0})
sendto$packet(r8, &(0x7f0000000080)="33031600d1fd140000007ef52f555f2a3b9fe67025c1d97bfbf719143baa4b1f0f858c6632f47042195e", 0xfdef, 0x40008c1, &(0x7f00000000c0)={0x11, 0x86dd, r10, 0x1, 0x62}, 0x14)
clock_gettime(0x0, &(0x7f0000000000))
syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
clock_gettime(0x0, &(0x7f0000000100)={<r11=>0x0, <r12=>0x0})
setitimer(0x0, &(0x7f0000000040)={{}, {r11, r12/1000+60000}}, &(0x7f00000000c0))
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r13 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0)
ioctl$HIDIOCSFLAG(r13, 0x4004480f, &(0x7f0000000180)=0x2)
r14 = ioctl$KVM_CREATE_VM(r13, 0xae01, 0x33)
ioctl$KVM_CAP_DISABLE_QUIRKS2(r14, 0x4068aea3, &(0x7f0000000280)={0xd5, 0x0, 0x41})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
executing program 0:
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, 0x0, 0x29)
mount$tmpfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x820061, &(0x7f0000000000)={[{@huge_within_size}, {@nr_inodes={'nr_inodes', 0x3d, [0x0, 0x2d]}}, {@quota}]})
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r1, &(0x7f00000029c0)={0x2020}, 0x2020)
executing program 0:
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000480)=[@cpuid={0x14, 0x18, {0xff, 0xa}}, @in_dx={0x82, 0x20, {0x7b3d, 0x4}}, @uexit={0x0, 0x18, 0x800}, @wr_drn={0x6e, 0x20, {0x5, 0x2}}, @wrmsr={0x1e, 0x20, {0xa40, 0x4}}, @code={0xa, 0x62, {"c4a27924a10000000066baf80cb87a8a8885ef66bafc0c66b893d466ef430f21dbb8010000000f01c166baf80cb818213e81ef66bafc0cedc402899a2966b831008ed8400f32c482e198ce66b8e8008ed8"}}, @wr_crn={0x46, 0x20, {0x12, 0x9}}, @out_dx={0xaa, 0x28, {0xaba8, 0x3, 0x7}}, @out_dx={0xaa, 0x28, {0x1e6e, 0x0, 0x3}}, @code={0xa, 0x5f, {"b9eb0a0000b861010000ba000000000f306465440fa1420f79bf7cc8df7a66baf80cb8cee0788cef66bafc0c66eda9990000000f01c2b9bd0200000f320fc7af049a000067640f3266410fc7348f"}}, @wrmsr={0x1e, 0x20, {0x94a, 0x81}}, @code={0xa, 0x47, {"0f019fd693cbcd0fc77f008fa998973e0f01ca0f09673e64440f219df040830566ff1a5100470f32660f3882a16dd90000c4017d1103"}}, @rdmsr={0x32, 0x18, {0x24e}}, @cpuid={0x14, 0x18, {0x2, 0xa8c0}}, @wrmsr={0x1e, 0x20, {0x9f6, 0x100000001}}, @wr_drn={0x6e, 0x20, {0x6, 0xffffffff}}, @wrmsr={0x1e, 0x20, {0x9db}}, @cpuid={0x14, 0x18, {0x81, 0x6}}, @uexit={0x0, 0x18, 0x9}, @rdmsr={0x32, 0x18, {0xad0}}, @cpuid={0x14, 0x18, {0x1, 0xff}}, @wr_crn={0x46, 0x20, {0x8, 0x9}}], 0x338})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
r1 = fsopen(&(0x7f00000004c0)='ramfs\x00', 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r4=>r0, {0x5}}, './file0\x00'})
readlinkat(r4, &(0x7f0000000400)='./file0\x00', &(0x7f0000000840)=""/185, 0xb9)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = gettid()
clock_gettime(0x0, &(0x7f0000000100))
rt_sigtimedwait(&(0x7f00000000c0)={[0xffffffffffffffff]}, &(0x7f0000000180), 0x0, 0x8)
tkill(r6, 0x11)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x0, @multicast2}, 0x2}}, 0x25)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r8, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x8, 0x1, 0x400, 0x0, {0xa, 0x2000, 0xe38, @private0}}}, 0x32)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="2503000000000000000008"], 0x14}}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r11 = fsmount(r1, 0x0, 0x0)
readlinkat(r11, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
pipe2$9p(&(0x7f0000000240)={<r12=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300), 0x480, &(0x7f0000000a00)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r12, @ANYBLOB=',wfdno=', @ANYRESOCT=r2, @ANYBLOB=',aname=a'])
syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000900)=ANY=[@ANYBLOB="1203000300000010f003040040000102030109022400010140d0810904001001070102040905010240000740060905f09a32e8b1a69fc72f7aa92c58e18202200004fc0f"], &(0x7f00000007c0)={0xa, &(0x7f0000000240)={0x67, 0x6, 0x310, 0xf, 0x4, 0x6, 0x0, 0xff}, 0x119, &(0x7f0000000bc0)={0x5, 0xf, 0x119, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x18, 0x9, 0x8, 0x2}, @ptm_cap={0xffffffffffffffa3}, @generic={0x0, 0x10, 0x4, "69ad1764346349988ed20dfcef7069773b6b80878b38602c1a44b8f2c5d96ca66b3b27ab3feca4a86cbaa8b409e9697f6e63c1ebeed18b267ed84b386e140645ae270dbdfe628f1f642d955820ffb68caf4a2e714d9433fcbe6d1000b9c605496ba3c7d5ba71597d2c297035222c4457df7043558a1b9552fc7896653b9aa1efe98fa3aee7c7accc504d10213a7df528c2339db89c439de1af4fed38112cc06f4d911162c8c3584b30fbb61951f7d794f55b99f317876c514f1e7f6fb32217b5f60b01d8af71758ac7583453a64c"}, @generic={0xfc, 0x10, 0x2, "27c76373dac4264c7dd1e1ede4386f43763ba72fa50727018ae56daa34aaffb37004c6ea22b669ef4e919ce383cce304bae101ed357b147fe857db4e23a46768614e9155e792230cd338fa45bead3ffdc328d5c5091d6a92c23b5648f7fa348d5571efa23dc348a6e51e14e4c4f2680d4a6f2c973397a8932757e469316c31e94906980983f25a71894962a2a30f03df3418b05871ffffffffffffffff73e4f5f1b4208b01fe411528536ddc56f4d9a5f89dbaca96985d648939597baa93e63065ce067df365e0d5e6763991b5ff18416e1576408e4a983f2a5f10f27d2d40e7ca7f6ada3be5a9f4d1e490e2186f8aa2611a827344f432ae2cc1cd3038aedcc2"}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x9, 0x5, 0x3}]}, 0x3a, [{0x0, &(0x7f0000000280)=@lang_id={0x0, 0x3, 0x426}}, {0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0003e9c375b8959bb8127e48b8302d9d49b40eea25eb7df623c25cd6afdcc7947b934947ac6b8fbf3e7321f1fd99e3a5303c44c939ed747a309f1733e6ccc0b4d44a3adaacd74fec934621a2c354f73caf9dc1ef54965f1fd7a112db7f0064e60774a8093db95f4d4ad7df8512ea4829928011ec81aa3b0c3858b73bd462f776161c949412a1ead317f195c98f884068b15d4429b5d6687ab628890ff2"]}]})
sendmsg$kcm(r11, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="b6001c009c1400000000", 0xa}], 0x1}, 0xc00c)
executing program 33:
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000480)=[@cpuid={0x14, 0x18, {0xff, 0xa}}, @in_dx={0x82, 0x20, {0x7b3d, 0x4}}, @uexit={0x0, 0x18, 0x800}, @wr_drn={0x6e, 0x20, {0x5, 0x2}}, @wrmsr={0x1e, 0x20, {0xa40, 0x4}}, @code={0xa, 0x62, {"c4a27924a10000000066baf80cb87a8a8885ef66bafc0c66b893d466ef430f21dbb8010000000f01c166baf80cb818213e81ef66bafc0cedc402899a2966b831008ed8400f32c482e198ce66b8e8008ed8"}}, @wr_crn={0x46, 0x20, {0x12, 0x9}}, @out_dx={0xaa, 0x28, {0xaba8, 0x3, 0x7}}, @out_dx={0xaa, 0x28, {0x1e6e, 0x0, 0x3}}, @code={0xa, 0x5f, {"b9eb0a0000b861010000ba000000000f306465440fa1420f79bf7cc8df7a66baf80cb8cee0788cef66bafc0c66eda9990000000f01c2b9bd0200000f320fc7af049a000067640f3266410fc7348f"}}, @wrmsr={0x1e, 0x20, {0x94a, 0x81}}, @code={0xa, 0x47, {"0f019fd693cbcd0fc77f008fa998973e0f01ca0f09673e64440f219df040830566ff1a5100470f32660f3882a16dd90000c4017d1103"}}, @rdmsr={0x32, 0x18, {0x24e}}, @cpuid={0x14, 0x18, {0x2, 0xa8c0}}, @wrmsr={0x1e, 0x20, {0x9f6, 0x100000001}}, @wr_drn={0x6e, 0x20, {0x6, 0xffffffff}}, @wrmsr={0x1e, 0x20, {0x9db}}, @cpuid={0x14, 0x18, {0x81, 0x6}}, @uexit={0x0, 0x18, 0x9}, @rdmsr={0x32, 0x18, {0xad0}}, @cpuid={0x14, 0x18, {0x1, 0xff}}, @wr_crn={0x46, 0x20, {0x8, 0x9}}], 0x338})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
r1 = fsopen(&(0x7f00000004c0)='ramfs\x00', 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r4=>r0, {0x5}}, './file0\x00'})
readlinkat(r4, &(0x7f0000000400)='./file0\x00', &(0x7f0000000840)=""/185, 0xb9)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = gettid()
clock_gettime(0x0, &(0x7f0000000100))
rt_sigtimedwait(&(0x7f00000000c0)={[0xffffffffffffffff]}, &(0x7f0000000180), 0x0, 0x8)
tkill(r6, 0x11)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x0, @multicast2}, 0x2}}, 0x25)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r8, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x8, 0x1, 0x400, 0x0, {0xa, 0x2000, 0xe38, @private0}}}, 0x32)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="14000000", @ANYRES16=r10, @ANYBLOB="2503000000000000000008"], 0x14}}, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r11 = fsmount(r1, 0x0, 0x0)
readlinkat(r11, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
pipe2$9p(&(0x7f0000000240)={<r12=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000300), 0x480, &(0x7f0000000a00)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r12, @ANYBLOB=',wfdno=', @ANYRESOCT=r2, @ANYBLOB=',aname=a'])
syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000900)=ANY=[@ANYBLOB="1203000300000010f003040040000102030109022400010140d0810904001001070102040905010240000740060905f09a32e8b1a69fc72f7aa92c58e18202200004fc0f"], &(0x7f00000007c0)={0xa, &(0x7f0000000240)={0x67, 0x6, 0x310, 0xf, 0x4, 0x6, 0x0, 0xff}, 0x119, &(0x7f0000000bc0)={0x5, 0xf, 0x119, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x18, 0x9, 0x8, 0x2}, @ptm_cap={0xffffffffffffffa3}, @generic={0x0, 0x10, 0x4, "69ad1764346349988ed20dfcef7069773b6b80878b38602c1a44b8f2c5d96ca66b3b27ab3feca4a86cbaa8b409e9697f6e63c1ebeed18b267ed84b386e140645ae270dbdfe628f1f642d955820ffb68caf4a2e714d9433fcbe6d1000b9c605496ba3c7d5ba71597d2c297035222c4457df7043558a1b9552fc7896653b9aa1efe98fa3aee7c7accc504d10213a7df528c2339db89c439de1af4fed38112cc06f4d911162c8c3584b30fbb61951f7d794f55b99f317876c514f1e7f6fb32217b5f60b01d8af71758ac7583453a64c"}, @generic={0xfc, 0x10, 0x2, "27c76373dac4264c7dd1e1ede4386f43763ba72fa50727018ae56daa34aaffb37004c6ea22b669ef4e919ce383cce304bae101ed357b147fe857db4e23a46768614e9155e792230cd338fa45bead3ffdc328d5c5091d6a92c23b5648f7fa348d5571efa23dc348a6e51e14e4c4f2680d4a6f2c973397a8932757e469316c31e94906980983f25a71894962a2a30f03df3418b05871ffffffffffffffff73e4f5f1b4208b01fe411528536ddc56f4d9a5f89dbaca96985d648939597baa93e63065ce067df365e0d5e6763991b5ff18416e1576408e4a983f2a5f10f27d2d40e7ca7f6ada3be5a9f4d1e490e2186f8aa2611a827344f432ae2cc1cd3038aedcc2"}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x9, 0x5, 0x3}]}, 0x3a, [{0x0, &(0x7f0000000280)=@lang_id={0x0, 0x3, 0x426}}, {0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0003e9c375b8959bb8127e48b8302d9d49b40eea25eb7df623c25cd6afdcc7947b934947ac6b8fbf3e7321f1fd99e3a5303c44c939ed747a309f1733e6ccc0b4d44a3adaacd74fec934621a2c354f73caf9dc1ef54965f1fd7a112db7f0064e60774a8093db95f4d4ad7df8512ea4829928011ec81aa3b0c3858b73bd462f776161c949412a1ead317f195c98f884068b15d4429b5d6687ab628890ff2"]}]})
sendmsg$kcm(r11, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="b6001c009c1400000000", 0xa}], 0x1}, 0xc00c)
executing program 2:
prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000c00)="ad04ae77cae8d9643e0e6a9cbe41591e6de916d0ddfa701a0303bcaf81bb3ca2ea062d588781e0d37b0a2a80e3e47811f2a6ca9581ed50c8e41a953e1d1a6b9111bd974f59b18cb4337089752f30e0294590d37cb01e5e5c506e6093e87bf9a676ce3624f6a83006fe71a4d49f3ead5b87cdf53c76c8761f96dca1f8493bdb780bcc1222d2aee857c4e9c4e72cb726ef7b6054a0fb8246da88b877ee92e2aa19f5f57b7b7f0d824bed87faa6725bb96fcca240a823fa204babff55e8627fa16061c0395ededd50807860809cb6b8df3a18b4eeb1b29ae2b3afcbb74fef5f88d8778c8ae54765cdbb38045c0798ddbdae0f6b93d2f128a7fd65b055b5c92ab3c626fca4bb09e190afd189877224399b505f519a926006e1522f67fb4c77adcaf02206692d0f5872b9201b35989dd99b9b8c98966e996751c33c193a2b5015ce67df1727841a4efed3f5999a9c1ca71ec93d66e95b684e04c55c961e06ba92bd379437ac3b0669cca5b4b9648cb06f87fffec3d759b0e66d23c5db8caa7e6c756bbac63eec730ce1cfd73515573fd904708adec04ceeccb87716d4b97eb15c11f488", 0x1a1)
executing program 2:
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x37b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x25d11c32db5cec7f, 0x9, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xca0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x80}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000100)={0x40, 0x24, 0x37, {0x37, 0x7, "f66334b8502fcf6db2a4c664695d11742a0de43ffd8b4dcd835ad056b0f21df13a0e50f192fb38c1b6d06fdaae95c4ade1253ef2c4"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
write$binfmt_script(r1, &(0x7f0000000600), 0xfec8)
recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000140)=""/9, 0x9}, {&(0x7f0000000300)=""/225, 0xe1}], 0x2, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0)
executing program 2:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'erspan0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b041400e0ffe2ff02004788001ca13bb100000208007f604803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)
executing program 2:
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)
executing program 2:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000040)={0x1d, r1}, 0x10)
close(r0)
executing program 34:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000040)={0x1d, r1}, 0x10)
close(r0)
executing program 3:
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TLS_TX(r0, 0x11e, 0x1, 0x0, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x89b0, &(0x7f0000000040)={'vlan0\x00', 0x400})
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000180)={0xfa19, 0x10, '\x00', 0x0, &(0x7f0000000140)=[0x0, 0x0]})
executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r1, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc, 0x2d, {0x686694dfbd7d1305}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x80d0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="c01800002000010a00000000000000000a0000002c01018028014880ed00a90013466820cd76bb221fbb4acd690c6a8b9c760a61eeec7793b579aefdb936d00f403d3f04637cdb9ac70e28c5dd66ddedde2d0930650e6821f9a26a4a193c1d06a3e75523f901e44fe087ae32c836c6d6ddba3af8e9a2beae8936168f9fa38c395f5cf7408df69c60bf584bee86a6312e9ce866e456c3eda6f2924082d78a2f385bdbd0c9afb54758c102bf13094645fb6aa34d424ec776691fee3d25307f61fed2752babf7c686e8a3d9b59a8343bcf4121bf5cf400a0c1070855fac565cad8968a97ce0a12a1161054d82d0a240b7dedf9ba3cc63e9d1c3b9a8402f7d5b4cafcd48928a3d4a76498900000014007c00ff01000000000000000000000000000108003d00", @ANYRES32=0x0, @ANYBLOB="08001a"], 0x18c0}}, 0x0)
executing program 3:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000105804380100000000000109022400010000000009040002010300000009210000000122f80409058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000140)={0x20, 0x2, 0xc5, {0xc5, 0x1, "dfb546917f96c5d686608919c7fea2da59afac0c285b206fc6081de485ce99e324053eb92d3399afa4d43e01316edca08c1be3a29ce5df3eaccd704c6b28d3d5dec548fdca3ca9b0f5765408fff8fb6aa20f84b0e5cabce2b24f85ff1ee7b1417a1793af633a10ad04c88687ee33ed8b3362cc81f942c7a07d35926f3c380957c89dfbfdc6a003790dac1d27202a942722831b4addc148fcbe5d184657868e07e01d8eaa90ea751b4503435320ce6b90e599b830c583f81b77ae6dff1c49e647139e07"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xc04}}, &(0x7f0000000040)={0x0, 0x22, 0x11, {[@local=@item_4={0x3, 0x2, 0x8, '9k[7'}, @local=@item_012={0x2, 0x2, 0x3, "a298"}, @global=@item_012={0x1, 0x1, 0x2, "8c"}, @global=@item_012={0x1, 0x1, 0xa, '{'}, @global=@item_4={0x3, 0x1, 0x5, "687bd210"}]}}, &(0x7f0000000080)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0xfa, 0x1, {0x22, 0xc03}}}}, &(0x7f0000000500)={0x2c, &(0x7f0000000280)={0x20, 0x0, 0x55, "3612764f8f3bd85c3fe34d7c3200042136e8d0b5bdc2ccf22c839faa49d36d5ed2a295eee9c568b1205815863eeb8d04af950c84a7534daa37091c5a81907b37f61353113d9a06336d06a5e3fbc926b13633cebd59"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x93}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000003c0)={0x20, 0x1, 0xcb, "925f82908b5eea401d6d7182b6d40f0bea3bc73b21d1529dbf370a8c92f2f1c925f75f14932ac407f4f475a9d076eb659d7eebedd8248faeea93fed4d4513d59279fb485ff6d200055efb3b2006539bae06a31d486957e830f6e14c1e51b6b860bc971a1f5ef6c02aa7f227897774dc626f09195d5540c10e5367a16b99e6adcd959ca9a8d8541293dd0be0a7ec25ce18eeea1fbbc51bf6a81bb68e7aff86f8f40491cea7acb4f6b79adeb0cafb398ed4bc16d8f5a920667bb6468643721edaee1841eb061663dc79a3d76"}, &(0x7f00000004c0)={0x20, 0x3, 0x1}})
executing program 6:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000380)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x28bd, 0x935, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x8}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x5460, &(0x7f0000000540)={'veth0_macvtap\x00', @link_local})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r3 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
bind$packet(r3, &(0x7f0000000000)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14)
close_range(r2, 0xffffffffffffffff, 0x0)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r6, &(0x7f00000002c0)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r7, &(0x7f0000002440)={0x2020}, 0x1e0c)
syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f00000003c0)={0x0, 0x3b, 0x5, {0x5, 0xd, "4d8188"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000016c0)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001509000000092140000001220f00090581d7"], 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect(0x6, 0x24, &(0x7f0000000140)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r1, 0x40085503, &(0x7f00000008c0)=0x5c)
r2 = userfaultfd(0x801)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ppoll(&(0x7f0000000100)=[{r3, 0x1030}], 0x1, &(0x7f00000001c0)={0x0, 0x989680}, 0x0, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x1})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0xe, 0x2, 0x8, 0x5, "c5320120", "f8091004"}}, 0x0}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r1)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r3=>0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x3}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10}}, 0x74}}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r3, @ANYBLOB='4\x00.'], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040)
executing program 5:
syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001"], 0x0)
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a000001"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0)
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)
executing program 6:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0)
recvfrom(r1, &(0x7f0000000280)=""/228, 0xe4, 0x2000, 0x0, 0x0)
write$sndseq(r1, &(0x7f00000005c0)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4}, {}, @raw8={"3ad5e4aa05fd1f1646e53f27"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x0, 0x0, 0x2}}], 0x70)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota')
r2 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
quotactl_fd$Q_QUOTAOFF(r2, 0xffffffff80000300, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400030000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x0)
rt_sigpending(&(0x7f0000000200), 0x8)
ioctl$TCFLSH(r0, 0x400455c8, 0x8000000000000001)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000240)=0x1)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, &(0x7f0000000100)={0x10000, 0x0, {0x0, 0x2, 0x7, 0x2, 0x80}, 0x4})
executing program 5:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f0000000000)={0xffff, {{0x2, 0x4e21, @multicast2}}, {{0x2, 0x4e21, @broadcast}}}, 0x108)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000920000/0x2000)=nil, 0x2000, 0x13)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x28, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xaf}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000001}, 0x2400400c)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x27)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r6, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x8403], [0x0, 0x100000], [0x0, 0xfffffffd]], '\x00', [{0x0, 0x7fff}, {}, {}, {}, {}, {0x0, 0x10}], '\x00', 0x7})
sendmsg$nl_netfilter(r5, &(0x7f0000000180)={0x0, 0xfffffffffffffdf5, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES32=r5], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0)
ioctl$COMEDI_DEVINFO(0xffffffffffffffff, 0x80b06401, &(0x7f0000000440))
executing program 4:
syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0)
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)
executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'gre0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x7, 0x0, 0x20000000, 0x0, 0x9, 0x900}})
r1 = socket(0x2, 0x3, 0xff)
connect$inet(r1, &(0x7f0000000000)={0x2, 0xfffb, @remote}, 0x10)
sendmsg$IPSET_CMD_HEADER(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x814}, 0x48844)
setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f0000000000)={0x3a, @multicast1, 0x4e24, 0x0, 'sh\x00', 0x30, 0x6, 0x62}, 0x2c)
executing program 3:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff00010000fe880000000000000000000000000001fc0100000000000000000000000000010001071c4e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f00000100000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250800000000000200000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700004350000020001002000000000000000480003006465666c617465"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$key(0xf, 0x3, 0x2)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="380100001a"], 0x138}, 0x1, 0x0, 0x0, 0x48881}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r5=>r4}, './file0\x00'})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000001300)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
bind$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22, 0x100, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}, 0x3}, 0x1c)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7d1}, 0x1c)
bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r6, 0x6)
setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f00000000c0)=@req={0xffff0396, 0xb, 0x4}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 3:
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
sendmsg$nl_route_sched_retired(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=@newqdisc={0x54, 0x24, 0x4, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x10, 0xfff1}, {0xb, 0x7}, {0xfff3, 0xc}}, [@q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x1c}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0xc}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x6000c845}, 0x4008841)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$sock_rose_SIOCDELRT(r2, 0x890c, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4, @bcast, @bpq0, 0x6, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}) (async)
ioctl$sock_rose_SIOCDELRT(r2, 0x890c, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4, @bcast, @bpq0, 0x6, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]})
syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000100)=ANY=[], 0x0)
executing program 5:
mkdir(&(0x7f0000000140)='./file1\x00', 0x392)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') (async)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[], 0xfffffecc)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x0, 0x5, 0x1000, 0x476, 0x0, 0x7f, 0x3, 0xffffffffffffffff, 0x6}) (async)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x0, 0x5, 0x1000, 0x476, 0x0, 0x7f, 0x3, 0xffffffffffffffff, 0x6})
r1 = socket$l2tp(0x2, 0x2, 0x73)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040))
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000040)=""/68, &(0x7f00000000c0)=0x18)
fchown(r0, 0xee01, 0x0)
executing program 5:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, &(0x7f0000000080)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$cdc_ecm(0x4, 0x4d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010002020000ff2505a1a440000102030109023b000101e7000c09c30e1a45953fa5a805240600b98f442d30f5256c0005240003000d240f01b1000000b4ff018009090582020002ad070709050002000481b230ccdb69a22aaa714cec9643a6b716e5ec333265850200"], &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x9, [{0x0, 0x0}, {0x2, &(0x7f0000000540)=@string={0x2}}, {0x0, 0x0}, {0x1f, &(0x7f0000000700)=@string={0x1f, 0x3, "0e406293ce12baeb6b7f6190ad28e66ec5971b5cb504b8de5751f6d25e"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x40a}}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, {0xe9, &(0x7f00000008c0)=@string={0xe9, 0x3, "5968496309bd3717eeb8ce4f06ab08e5adf552dc691b4f6f8c9ae252e0e2c9fa557007c6c7369233db7356fc85d47bbfd2cfc44230068dd40d62d48d735089c37de1621aea1dfc80a6d0e51a492085f22efa74516ed2e8efb232b421d02928633fae8f001d3527083c5e56f44b41de3f24d3ed4aaf70b39bdcaf8cf73fe3ef2dcc6347de464efdf082a74323a6e030ec83ad4429d466f62bc438d988c0e91fdbb590e65cf33e69c89c62562c8b9d6c79c38e0543eb3751f1ba31467fd039581837051aec223dea03201a683f8276d743d19b931b84067b14f32ba4adb3d1cecf0714707c97f002"}}]}) (async)
syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084")
executing program 6:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r1)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r3=>0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x3}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10}}, 0x74}}, 0x0)
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r3, @ANYBLOB='4\x00.'], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040)
executing program 6:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fedbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="5d0033008000e100ffffffffffff0802110000005050505050500000000000000000000064"], 0x7c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
executing program 6:
syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001"], 0x0)
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a000001"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, 0x0)
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)
executing program 4:
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
pipe2$9p(&(0x7f0000000180)={<r2=>0xffffffffffffffff}, 0x0) (async)
r3 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x8000, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_L}]}}) (async)
ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f0000000040)={'caif0\x00', 0x4000}) (async)
r4 = accept4(r0, 0x0, 0x0, 0x0) (async, rerun: 64)
r5 = socket$unix(0x1, 0x5, 0x0) (rerun: 64)
recvmmsg$unix(r5, &(0x7f00000029c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000002a00)=""/4100, 0x1004}], 0x1}}], 0x1, 0x3, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000003a40)={0x1008, 0x0, 0x8, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_FUNC={0x10, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_PUBLISH_BCAST={0x4}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x6}]}, @NL80211_ATTR_NAN_FUNC={0x24, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa}, @NL80211_NAN_FUNC_TYPE={0x5}, @NL80211_NAN_FUNC_SRF={0x8, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}]}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}]}, @NL80211_ATTR_NAN_FUNC={0x3d0, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TYPE={0x5, 0x1, 0x2}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x22c, 0xe, 0x0, 0x1, [{0xa5, 0x0, "2f6ea88762ad43056ba0a5e27e2346a827e651414753fd53dbd6bfc517a45f94237b8ec29d0bf209f6d61e4cb9f2dc06442c2dc077b0f2dcbd13ed5dba41f05d69dd0401046aa10b249ecfbcda700d4b5adc155808455c9426e0351e186ac53777dfc3dd170ac71bc284b418800e1550502a2b2423b43fc0949f3d590c50c288af1b00e78e55644c2b368fe929e287dcdd797b4e3bd301674cf55247f49774139a"}, {0x3d, 0x0, "b3726940265c88903d775f9ed6552ba8c2a290ba493013fd3864d611d6ee8f1d12a075759d0b0bd8330bc5703dcddfcdfcad20cf7f6db637d0"}, {0x13d, 0x0, "b8f36927fa515249734024920f308b49ef379c72afe1901722da5dac223f418ac609870f61399d3b5ee63889ffa3ff078b629ed6e5502209f701953f44f4d6bbe24e4909a5686bd6cf3f2e51a10c92093167a188373bdef587821b66113093780b2a0ff7a7b4589c217cf4d58f79c7f96c752b2274238db71752ef70ddcc4ca3fb1698f37a2e97a5c3f2dba949e81f7ec129ea6d6a372d6079c6f30055773b8f336e920de0bc0cdf7265009b33f1707aa33cdfe7ae3818cdfca8a05bbc101fe251379a94b5a6a672de313beb5237a4ba6f732e32027b15a5739e7a347f089d3f259fa97306ce326dd16dbbdee50731b04ce16ede17f06f13c1075b6e203a0ff2b674f1062f85fb757332aab9940cc38a9332fa456b2592de563edfa6821581bb6785277ce1b3b490bbcdc8880bd1e2c57061cd8e6e56f09753"}]}, @NL80211_NAN_FUNC_PUBLISH_BCAST={0x4}, @NL80211_NAN_FUNC_SRF={0x114, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_BF_IDX={0x5, 0x3, 0x5}, @NL80211_NAN_SRF_BF={0x103, 0x2, "8edf95d0bd7df0fd291a57d8ec328262700ee907a4b964b9a4d561408fba4cd38649f7923d76e6ec8722f2d51cb291f5a6a917585ca65998986903bc943406b772f814354ab7616e723778bf48367c203b4959312203793ca87ad3965955f85d07c121d753b2bf6f2152c66d69c820e193ed11b588822be1c777a45a908621a19c9a1027623bc426c3ed57abe41b2a091e8db351bb966899f9107393124a5d17041035bc76a4febbd5805137eff494adf4dcdebe7326d6575a30fb78acc06ec13462e5536b604cf50a999f5256b7bad53913dcd340d0ca26ef419f90015c337f9808fda508c78f0e8dc55dbd1aeaf2d660b65aa363b70a827e95eca89a2717"}, @NL80211_NAN_SRF_INCLUDE={0x4}]}, @NL80211_NAN_FUNC_TYPE={0x5}, @NL80211_NAN_FUNC_SERVICE_INFO={0x69, 0xb, "25b65ad92f41e06d18c2c51143c417d65f392307bc0790a80dece518057c2c9bfa52a4128bf490fe0de67d79f8968a2366d60150a50eaa28a0d94d9efa99f57c71648d40452f8a34cff79057433f4b217b52ba4bd2c029abbd8cd218e2292d56a95e3e0d2f"}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "c5814e0f74c3"}]}, @NL80211_ATTR_NAN_FUNC={0xbf0, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x2}, @NL80211_NAN_FUNC_TTL={0x8, 0xa, 0x1}, @NL80211_NAN_FUNC_SERVICE_INFO={0xa5, 0xb, "446631b40f0c2e3b8bdf0d1ef4060a8a8317349b2d13324b7b5ffe94814e7f4c0d3ca5e598a331967842334a6dac0cf532b7ee7f001216b3839a5cb9182aa14e409af6c59189a3eaeec8900e6e6769f57544666f0a98b3ca16c0442061e65039089268c62f24e27f5666a6bb9d20f75d87d687199f32376dce1d55cdb49eceb2dcec2ed01187874a2b51b21c7ec5f17a7fd70b588d6748a056d42a6afde7965a22"}, @NL80211_NAN_FUNC_RX_MATCH_FILTER={0xb34, 0xd, 0x0, 0x1, [{0xb2d, 0x0, "7019ef1bca17a03bd28897623f426dc496455d4f8278c1f9818afc02f7d67733cd157ec9b4cee8f50035699564b82d0624bec462e34dfae56b16c8fa8bb8ee979e617040c8ee40b5d13977f5aec0bef66e0c8e7b5e409a1199d53eb7a09248124eb5fbc7e602cbc5376f6affb1a3fb769feb26b48d36c24f7ecec9b414590f081560caaa2540b61a551ad5953417b39ca49c0189e0abcb5dbf853d89dbf48db591d762bc02ce59aae4f50437e3d32aaec1be20b04b7e794cded983943caf85bff2e7ac6c882a70c4d42ca90f65f46b185b3ae2505e373e734296ef78509bebb95c38f6ca7042cc21c4d1966cc691e782f825906d5067708d4fe0c8c0d78c9eb467bdbcf17baf04aa5cc64f90af4d73f51489dcb42d0ddbb81132c1bb69fb49fd6da432436788f5ee957cdca11582cb0831dbfbfb43ad657219660c6ae50ac7d72ec5971201dee6ef62dd7b553bd0e779cc6e5900970c2e8cd74c8b31408081e7a22b9961934069c76842337cc5d0a3c95c11b157b7c6ccb6776b64aff53f08710486ae37661971b614ff1dd828d86117235dcbb129b93a9cde8b58740164185662ff19ad36df9018194a45085b49e8b12a371bc8eeb6de65d92080e44402c730b84c4138e5e7ab8d7e2955e393d130d43f3ef5e8126dc314f56ba5ec42b0611824506d993fde37508af61a89d40ab4155bab7990c035d455c4afbf5ffdd5004febee9bd4d3c071094019f68805f8ee8405a1c54e5942de298cdc1db6366aea94ed7211b23c47ad0ef07f00df1137b0e7cc1f801f7137997d75e0a82e54310190faab5ad2079c3accbababde0954f07ae6e89e8d3cfaec2878898b2998750775892bb892318384700146faecb74ae44172dff7a1bd9543aeb5165452b523c0370dfdbdb6626a0bccdece000c96822462c2fc9e8918560ffdccddcfaa99017700079939d939f6a6e0bd555800734bf5b8663f17b77edd0f129ed5701e59aa45b366626fe01cbb97c15d4432032874078671bdf00cf6ea736295c47dd6a3ca2d9463509e91a29c987192eca00d903f64d06b426da4d450a3bf7d5c780f57e61bf45edbd687c5f19e0b84bc9e6a2322783c10e0c9fe6534d0c4fe3c4ad32378bb8e06cb20e4e79ca06b35635eb82aba28246cfcfc26fe97abaefa5dff7507afcf00d20c2e9f0613e585d4e0c4c6fbf3cb4fab58a18ab3a78298aac837a946d33046f6b2a7a6382d4581e4dd82961e6fb468ce16e70b631f4f15832d62b18c6beacb1bb6043e2a4cf43cf672e065bae1d44344cdad61f138c12d533f84be5d32ffa75f1c7dbea706b5061ba4832357978903c6ed294359fcdf646586187c187b5a7feb2fd520eb857975a6c21d3c6b63d6eb847187db6c89870f38038f315728fb27dedc91667e8df5d4a297a2006439ebafca300ba13d3646566a4873f013e1c4db005ced3102dd52354411acfdb3e6613ea7c088656333d7eb9d9cbad2ba4f9583c0d504484cdfeda8b7938a84103685ff71f619a20bb3cdefb1efb222d330cbba7973c69014d21ca45e6bf69cb5b2e114cb89a52aa2635941d0d0e6b4a44bf8ba0e8515fec6bab816aa3a30c7f8c5bb809103178d4a661fde5fb6a8f5fccd19034fef220acfdde03e1d832b53c4f76a678d13c7fb41a3d4cb8af105c5a8cafae3fe0a7adddbb4e59cd8ff0d9e034dadd68fed99bab9932f3d9fa6ce1ba86f1d1177ebc3fad6ee6cd0bb5072cfb6fcccdd5fe2d182c63f242e9bfb24c2603b9ae4d93237fa45784655cd480015b38b8bce246d65b9cc7e7bc2a272423b11db39e339041935a7d426f3bbc248e73c19aa3b0a18046c1e01fff10ac43006a809a9c79107b0a5110af5253fdf9fe356c1d61731b0e1fb32c042837d357a2e4e3ddae9501087bc4ea43560dc61ed42624801370cd718aaf0c89189f0c66b4e72c1b74ff0a2116b1c406eedfe6f4b09d71c88199ac8837b33978fb652f51d5440b453b24bb1e7ff19ead14531be6ed3a024f175f04c0620a26b8cea8c0cf8330384083c63abb2de1f3729b9ac4fc7f1c9640a963caf952e755e4d806510a85461438494892793d1d80f25141b223cec7b5cc7db29167ae28a15f3f00e1e01ff2b91b7d8936410fbcfba6c1aa18c60dfa4448eefa286a4292316a5a99551f66d58a322dada922c1cb0718497772595a9d2aadef0c06247733277488c89c43e61629699855adf48ffe1978796c327f09b6a7ee53e4928e32d3e980a2d38cf10e70c41e9a4f3d32750793894e52b1f35de5829dda5295bc1b4f2850aafa94052013427130193ea182b88530de5abadc41f34e3f06f007907749ef43bfc7ab941f5597ca058feaf10d05b11403749dd792d9ad6b3c5a86563f3b2e7ca9334f3d142047bdf7ae9c6dc2b02cf0fdb4682a9adf5f4a8c3c608d6553178790a8a83047c4dc22e092b429e6bd93d74f7ba95d8a12a1cd425a790b4de47f7dd74cac41839b9946007ba5b214ac07a5401733971c6e695f934fc5b5f629fa475f71ba74209aa9f287cfa1d548fee18a37e98a2f009bb0689a2c8744ce5afefbf143e45413e08ffbd0e704fcd1e51af57f3ecfc93f55e2f63f9682c621f3f05b62391e7fa60d70563ce707123389584edd76548d4c47288000e02599ce3dee50b47576d5a57a9921d16a9329179992988b661f2379e2ade521d29a846363d785418a9dba46c28debb9166c12e288f84296bdc1a9c98b72f83d219e09a43909da4bd6cb40bc76b65c003e63011a297e84896f52236338a15a2dc520261dcf3944900a1a1c11c7fbd349975d763f2a5a0667779d59cdb98d5ebc8d1aecdc1f358e3c7ecc7ea19557dcf1fd78f9fdec9194d1f232997c86eab0a5043c07bc3a65d54d01e6b6c755afec26cd0af396e99c96e2246e3a91b7da535651c8f4bd9ee2b99088f30f7515d3fab02da5c5624e4c4f3da467b21cc9ac0dad614fb224734559f6611eeebbf9705f7f75d891831d99b2057bff2c79ea555e5164514aa464f3b2e83396ba63d779562ea903e765d65538c727cfd072cf27892dd78e0b5c3e0d1a6028aa0539a24b453acfc729837cdc51f1730aa771eeb0e1cf4ca59ee6cb089b1522aed01a8eaa0c477b53131038c3582cfdca28263e1490ae95fb7f514379297f1e757236a6a9d1736c66a2dea2ff189f4ae75c10600701c45127d5c02e6d1acd120bbcaf648392eda67e28f28e333902da555f584e0094377753b7342c683ac7202f47bac443e15e4172ffb7e82b628ab62b8196279f3b29875b7047ae712c3e8b54b6fe6dd9bbe50b7baeb15176323539e67d2216e216542a39f3aae2cc249be9e6ea4eb50fad885213635f2b18867129f83b5d255904af452acebb7e65f924c0f01fc623dddc2df23a9a4885ee2b9b72629655133f1483b6eed24163d2477bab7be2b102caf87031d35ff076348d5930f1ea5b1b998adcbd96e81c74d83f8a10f2b0b4e145ecc8d75ed8283e1ae61169b0fb17430faaed6d152251ff8878cda3d270a3bf5fe5fa42bf1218e3dc05909e41ef55e48bcba40df1ca06b62741a23d052e1e9d4bc11830640a5db87004d78fbcd548215dc1b38baf2262fc697e10ce1a11d50eab00d39a796ee1b3b1f2aa1a4493805b1f71a67f688fcef12dbb6da4d33d4891fae9d286fe9a9aa1b4d8a4dbe4226f8bcb9648fff858cee7dfb2b001b888137af3d313cc2337df3c769d16ce8362703865b4b1c55ad09dc401668758dfc0910c127fd2b939c1b85714471e93fa81d7a176342ef5e6f8382b3f7eb48f82d7ab290df042297c51208eb30febe35e97ac5d0f7859bfe4f8d236d02aee781fade3cb7b1800b44f1906b626deba893c6c9b0a3f96511a21033d1bf00219a72413d291993e54f1547af9a6374f9f9d74453fcb488dbd894d1c5126fe3d2d3aa47a91a02ac69b6b377447e20718b4ace4771dcf7f1a0dbdcf4ad666538526855fd664f22ea53d079fc05a2654957bdbf7d68b4ce87af272704c9b4804e75d3691876eca510e50ff82850029fbb4f2f876"}]}]}]}, 0x1008}, 0x1, 0x0, 0x0, 0x844}, 0x24044804) (async)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0xb3, 0x68, 0x9e, 0x40, 0x675, 0x1688, 0xd1c7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x2, 0x0, 0x0, [{{0x9, 0x4, 0xf1, 0x0, 0x1, 0x67, 0x74, 0xbb, 0x0, [], [{{0x9, 0x5, 0x4, 0x2}}]}}]}}]}}, 0x0)
executing program 4:
socket$l2tp6(0xa, 0x2, 0x73)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000040)={'nat\x00', 0x0, [0x5, 0x800, 0x7f, 0x6, 0x3]}, &(0x7f00000000c0)=0x54)
executing program 4:
set_mempolicy(0x4003, &(0x7f0000000200)=0x7, 0x3) (async, rerun: 64)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='freezer.self_freezing\x00', 0x275a, 0x0) (rerun: 64)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) (async, rerun: 64)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async, rerun: 64)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_mr_cache\x00')
pread64(r2, &(0x7f0000000140)=""/15, 0x63, 0x4)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) (async)
syz_usb_connect(0x0, 0x4f, &(0x7f0000000780)={{0x12, 0x1, 0x250, 0xa3, 0xfa, 0x14, 0x40, 0x12d1, 0x1ac6, 0x5cfb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x7f, 0x0, 0x3, 0xff, 0x3, 0x14, 0x0, [], [{{0x9, 0x5, 0x4, 0x4, 0x618, 0xd8, 0xff, 0x4, [@generic={0x9, 0x4, "4299d83e091515"}]}}, {{0x9, 0x5, 0x5, 0x4, 0x20, 0x83, 0x62, 0x82}}, {{0x9, 0x5, 0x12, 0x0, 0x20, 0x0, 0x0, 0xc, [@generic={0x7, 0xc3bb5a8edee221d1, "e6ea3588e4"}]}}]}}]}}]}}, 0x0)
executing program 4:
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000280)=@ethtool_drvinfo={0x3, "c428e4c47e162833da1d365a97f8ce8695fb3b6cd015a06ae700180a9835363f", "d1a316d0a02b136a7927e372ee720b73a53c5fad9264fb8966552367948139a6", "865d44e99aa34b3fa54d6e47670cccafb961636459133ab5e30fbcc30b838413", "680529e969986688e7b115c8e7d52f1e0697f976c1ac03a0dc661bf00863d1bd", "5fb854e085db122661d365714ddb293aa630fb100813bfd8602af9abb5d686d9", "ef776367d1348a5de963c8ff", 0x56, 0x1, 0x800, 0x5, 0x5}})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xc}, [@typed={0x8, 0x1, 0x0, 0x0, @fd}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x20000003}}}, 0x10)
bind$tipc(r3, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10)
bind$tipc(r2, 0x0, 0x0)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="28e304488b1ff1db187270c4af76008f0ef0096e1040000000001823292e00"], 0x14}, 0x1, 0x0, 0x0, 0x20020000}, 0x40880)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x94, 0x7, 0xa8, 0x20, 0x5ac, 0x262, 0x6ac3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x10, 0x7, 0x0, 0x5, [{{0x9, 0x4, 0x65, 0xfa, 0x0, 0x3, 0xe3, 0x2, 0xf7}}]}}]}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_MODIFY(r5, &(0x7f0000000380)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x28, r6, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x5}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x100000000}]}, 0x28}, 0x1, 0x0, 0x0, 0x4010}, 0x400c001)
syz_usb_connect(0x1, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010003b1fe9208151403005d65010203010902120001000000000904000000d3a53e004cc88f6a50f8cdf0e77fa000223e8481473cab8f6a89956d7eeb32cc8f240dfc43c05fa38c7138d3b63047720a2e08aad26e23f39eda72e8681a51272b30bcb6f3ae6f10c7d13692c8f3d8b05fc8f481bcf0edc5f42a4f1f9a75473a74e3d7ab5dc19ff6971b8a22242061a59c7c91012a799610bc535a907c7321f9a58e6b9063c70b80bcf6c8d81b7f8ea27da847223567d1566f0c32256013200203fbde6b219de033de390b7790300000000000000000"], &(0x7f0000000e80)={0x0, 0x0, 0xf, &(0x7f0000000b80)=ANY=[@ANYBLOB="050f0f00010c"], 0x1, [{0x0, 0x0}]})
executing program 5:
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB="021704000000abe763"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f00000001c0)={0x14, &(0x7f00000000c0)={0x40, 0x6, 0x7f, {0x7f, 0xa, "33bb6923e15e041e6ba69186133678713d61487a2fe24b72a7cef2eeecb526495f86bf8114b7d79a30f58bb7caebe43497110705e3521fad3dc6face31675f7c96e8d62ead2b04735e5cb2def0bd76f7d5c2c178cb38f0f9f8ce22d4d45a7022b286a94a0748c2c8dc4ed453926f4e1c430e2133cc2c2486ef4597db49"}}, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000500)={0x44, &(0x7f0000000200)={0x0, 0xd, 0xe2, "3b3f65737dea10bd9554fd45bee33091929d9cfd6b4355646f611a78a370f23622938c717da69420bb2771409617dcde26d918665b307d88b3bbd91e129fc9db1b2da651d94bddea8e827e1b056f46c612c5aab5a6c9128127756042f7f3dbebd1a0fa1d1f1b5485c0ecd52f454d628959098ad19d8bc820f60a0fe37fb3609e0c1b39311fdbe19253931ed68098c7131d2dc6bc6fcec813857c2ca6a2edb493f2fb1aae91c42669a79748c40a961692dd29e0b86648e11bbf78aabd61fb222eb975d1863a2beef4746569ad8ef0d5ff441ed5240153d3a25d752fa3993e1ba967fa"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000380)={0x20, 0x80, 0x1c, {0x1, 0x2, 0x8001, 0x0, 0x40, 0x2, 0x3, 0x10b, 0xff, 0x1, 0x406, 0x1}}, &(0x7f0000000400)={0x20, 0x85, 0x4, 0x5}, &(0x7f0000000440)={0x20, 0x83, 0x2}, &(0x7f0000000480)={0x20, 0x87, 0x2, 0xce9d}, &(0x7f00000004c0)={0x20, 0x89, 0x2}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x69, 0x17, 0x9d, 0x20, 0x1410, 0xb001, 0x81db, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x10, 0x0, 0x9, [{{0x9, 0x4, 0xb8, 0xb7, 0x0, 0x2, 0x6, 0x0, 0xa}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$lan78xx(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, &(0x7f0000000a40)={0x14, 0x0, &(0x7f0000000a80)={0x0, 0x3, 0x102, @lang_id={0x0, 0x3, 0x42c}}}, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003a80)=ANY=[@ANYBLOB="883800003f000701feffffff02000000017c00000400f6000c0001800600060086dd000064380280"], 0x3888}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
r3 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4)
syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB="0013fec9ec074c6612b8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 6:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r0, 0x0, 0x0) (async)
fchdir(r1) (async)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r0, 0x0, 0x0) (async)
fchdir(r1) (async)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program crashed: WARNING in hugetlb_vma_assert_locked
single: successfully extracted reproducer
found reproducer with 12 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r0, 0x0, 0x0) (async)
fchdir(r1) (async)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r0, 0x0, 0x0) (async)
fchdir(r1) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap-fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r0, 0x0, 0x0) (async)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program crashed: WARNING in hugetlb_vma_assert_locked
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap-fsopen-fsconfig$FSCONFIG_CMD_CREATE-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program crashed: WARNING in hugetlb_vma_assert_locked
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap-fsopen-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0) (async)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program crashed: WARNING in hugetlb_vma_assert_locked
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program crashed: WARNING in hugetlb_vma_assert_locked
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program crashed: WARNING in hugetlb_vma_assert_locked
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, 0xffffffffffffffff, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
r1 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fchdir(0xffffffffffffffff)
r1 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x0)
fchdir(r0)
r1 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r1, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(0x0, 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(0x0, 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0) (async)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)

program crashed: WARNING in hugetlb_vma_assert_locked
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING: bad unlock balance in hugetlb_vmdelete_list
a never seen crash title: WARNING: bad unlock balance in hugetlb_vmdelete_list, ignore
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)

program crashed: WARNING in hugetlb_vma_assert_locked
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program did not crash
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING: bad unlock balance in hugetlb_vmdelete_list
a never seen crash title: WARNING: bad unlock balance in hugetlb_vmdelete_list, ignore
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING: bad unlock balance in hugetlb_vmdelete_list
a never seen crash title: WARNING: bad unlock balance in hugetlb_vmdelete_list, ignore
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program did not crash
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING: bad unlock balance in hugetlb_vmdelete_list
a never seen crash title: WARNING: bad unlock balance in hugetlb_vmdelete_list, ignore
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program did not crash
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program did not crash
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
program crashed: WARNING in hugetlb_vma_assert_locked
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)

program crashed: WARNING in hugetlb_vma_assert_locked
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)

program crashed: WARNING: bad unlock balance in hugetlb_vmdelete_list
validation run: crashed=true
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_CMD_CREATE-fsmount-fchdir-open-open-mmap
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100)
open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x100) (async)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r2, 0x0)

program crashed: WARNING in hugetlb_vma_assert_locked
validation run: crashed=true
reproducing took 1h16m59.610166191s
repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: mm/hugetlb.c:368 at hugetlb_vma_assert_locked+0x1dd/0x250 mm/hugetlb.c:368, CPU#0: syz.0.366/7101
Modules linked in:
CPU: 0 UID: 0 PID: 7101 Comm: syz.0.366 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:hugetlb_vma_assert_locked+0x1dd/0x250 mm/hugetlb.c:368
Code: 2e e8 17 e8 a1 ff eb 0c e8 10 e8 a1 ff eb 05 e8 09 e8 a1 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f4 e7 a1 ff 90 <0f> 0b 90 eb e5 e8 e9 e7 a1 ff 90 0f 0b 90 eb da 48 c7 c1 70 0b e5
RSP: 0018:ffffc900036b7388 EFLAGS: 00010293
RAX: ffffffff821e312c RBX: 0000000000000000 RCX: ffff88807bc95ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520006d6e74 R12: ffff888033642a00
R13: 1ffff1100f12319c R14: dffffc0000000000 R15: 0000000000000080
FS:  00007fa9ba21d6c0(0000) GS:ffff8881257a2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa9ba21cf98 CR3: 0000000078830000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 huge_pmd_unshare+0x2c8/0x540 mm/hugetlb.c:7622
 __unmap_hugepage_range+0x6e3/0x1aa0 mm/hugetlb.c:5901
 unmap_hugepage_range+0x32e/0x410 mm/hugetlb.c:6089
 hugetlb_vmdelete_list+0x171/0x1c0 fs/hugetlbfs/inode.c:494
 hugetlb_vmtruncate fs/hugetlbfs/inode.c:641 [inline]
 hugetlbfs_setattr+0x4d1/0x6d0 fs/hugetlbfs/inode.c:879
 notify_change+0xc1a/0xf40 fs/attr.c:546
 do_truncate+0x1a4/0x220 fs/open.c:68
 handle_truncate fs/namei.c:3516 [inline]
 do_open fs/namei.c:3899 [inline]
 path_openat+0x306c/0x3830 fs/namei.c:4054
 do_filp_open+0x1fa/0x410 fs/namei.c:4081
 do_sys_openat2+0x121/0x1c0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_open fs/open.c:1458 [inline]
 __se_sys_open fs/open.c:1454 [inline]
 __x64_sys_open+0x11e/0x150 fs/open.c:1454
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa9b938eec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa9ba21d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fa9b95e5fa0 RCX: 00007fa9b938eec9
RDX: 0000000000000100 RSI: 000000000014927e RDI: 0000200000000340
RBP: 00007fa9b9411f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa9b95e6038 R14: 00007fa9b95e5fa0 R15: 00007ffdd776dfc8
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
WARNING: mm/hugetlb.c:368 at hugetlb_vma_assert_locked+0x1dd/0x250 mm/hugetlb.c:368, CPU#0: syz.0.366/7101
Modules linked in:
CPU: 0 UID: 0 PID: 7101 Comm: syz.0.366 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
RIP: 0010:hugetlb_vma_assert_locked+0x1dd/0x250 mm/hugetlb.c:368
Code: 2e e8 17 e8 a1 ff eb 0c e8 10 e8 a1 ff eb 05 e8 09 e8 a1 ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 f4 e7 a1 ff 90 <0f> 0b 90 eb e5 e8 e9 e7 a1 ff 90 0f 0b 90 eb da 48 c7 c1 70 0b e5
RSP: 0018:ffffc900036b7388 EFLAGS: 00010293
RAX: ffffffff821e312c RBX: 0000000000000000 RCX: ffff88807bc95ac0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff520006d6e74 R12: ffff888033642a00
R13: 1ffff1100f12319c R14: dffffc0000000000 R15: 0000000000000080
FS:  00007fa9ba21d6c0(0000) GS:ffff8881257a2000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa9ba21cf98 CR3: 0000000078830000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 huge_pmd_unshare+0x2c8/0x540 mm/hugetlb.c:7622
 __unmap_hugepage_range+0x6e3/0x1aa0 mm/hugetlb.c:5901
 unmap_hugepage_range+0x32e/0x410 mm/hugetlb.c:6089
 hugetlb_vmdelete_list+0x171/0x1c0 fs/hugetlbfs/inode.c:494
 hugetlb_vmtruncate fs/hugetlbfs/inode.c:641 [inline]
 hugetlbfs_setattr+0x4d1/0x6d0 fs/hugetlbfs/inode.c:879
 notify_change+0xc1a/0xf40 fs/attr.c:546
 do_truncate+0x1a4/0x220 fs/open.c:68
 handle_truncate fs/namei.c:3516 [inline]
 do_open fs/namei.c:3899 [inline]
 path_openat+0x306c/0x3830 fs/namei.c:4054
 do_filp_open+0x1fa/0x410 fs/namei.c:4081
 do_sys_openat2+0x121/0x1c0 fs/open.c:1435
 do_sys_open fs/open.c:1450 [inline]
 __do_sys_open fs/open.c:1458 [inline]
 __se_sys_open fs/open.c:1454 [inline]
 __x64_sys_open+0x11e/0x150 fs/open.c:1454
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa9b938eec9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa9ba21d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fa9b95e5fa0 RCX: 00007fa9b938eec9
RDX: 0000000000000100 RSI: 000000000014927e RDI: 0000200000000340
RBP: 00007fa9b9411f91 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa9b95e6038 R14: 00007fa9b95e5fa0 R15: 00007ffdd776dfc8
 </TASK>