Extracting prog: 6m45.019633334s
Minimizing prog: 30m5.865483222s
Simplifying prog options: 6m16.124929043s
Extracting C: 1m49.90277269s
Simplifying C: 0s


extracting reproducer from 30 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING-syz_clone-io_uring_enter-rt_sigqueueinfo-setresuid-ioprio_set$pid-syz_genetlink_get_family_id$batadv-close
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
r1 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7082, 0x4e1e, 0x5, 0x0, 0x0)
rt_sigqueueinfo(r1, 0x13, &(0x7f0000000000)={0x21, 0xfe81, 0xffffffff})
setresuid(0x0, 0xee00, 0xffffffffffffffff)
ioprio_set$pid(0x2, 0x0, 0x2004)
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r0)
close(0xffffffffffffffff)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [1, 9, 12, 8, 10, 12, 1, 12, 9, 19, 6, 13, 6, 10, 16, 9, 7, 8, 3, 13, 19, 5, 1, 4, 3, 1, 9, 9, 6, 3]
detailed listing:
executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, 0x0, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @sched_cls=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdffffffc}, 0x94)
executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000000100)=0x80000002, 0x4)
sendto$inet(r0, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9025a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x8031, 0xffffffffffffffff, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
executing program 1:
munmap(&(0x7f0000004000/0x2000)=nil, 0x2000)
socket$inet6_sctp(0xa, 0x5, 0x84)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x1cb842, 0x0)
getrusage(0xffffffffffffffff, 0x0)
executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000340)={@in={{0x2, 0x4e22, @local}}, 0x0, 0x0, 0x33, 0x0, "cebd7ceedb7b0ad952e966bbe242b92b746b023df2cb59e32e10366456deac64e782206bd4aee372005a52a40b7161161a8b2749fe184fb0d08bc63f90010a1ed2bf603d2c3fcc250c30136f9ef2ef8b"}, 0xd8)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="12", 0x1}], 0x1}, 0x1)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000440)={@in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, 0x0, 0x0, 0x4, 0x0, "7acc432185564a2e78a9318905dcf529d37b85bcaf97ce6fd25f2b2d914ceaee25ac21974c0793bea23a64deca9df5055cfbf446dd453e7f4728fa6fbaaf1466aa7651c087989e4a3465ac8a93737d96"}, 0xd8)
recvfrom$inet(r0, 0x0, 0x0, 0x700, 0x0, 0x0)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x5, 0x10, 0xf1, 0x50, 0x12, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x43102})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x8080000, 0xeeee0000, 0x8, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x6, 0x15, 0x3, 0x2, 0x87}, {0x6000, 0x1, 0xe, 0x5, 0x3, 0x7, 0x0, 0x7, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xf000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x1000, 0x3909e40c33606d9c, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0xeeef0000, 0xeeef0000, 0x4, 0x5, 0x7, 0x15, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0x4, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x9}, {0x3000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x0, 0x2024, 0x0, 0x1500, 0x3000, [0x6800000000000000, 0x204, 0x5b, 0x8]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x1f)
socket$inet_udp(0x2, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000400)={&(0x7f00000001c0)=@ipmr_delroute={0x1c, 0x19, 0x300, 0x70bd25, 0x25dfdbfd, {0x80, 0x20, 0x14, 0x5, 0xfe, 0x2, 0xfd, 0x8, 0x1400}}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x4801)
getpeername(r0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r2 = socket$inet(0x2, 0x3, 0x4)
sendmmsg$inet(r2, &(0x7f0000000280)=[{{&(0x7f0000000240)={0x2, 0x4e01, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='4\x00'/12, @ANYRES64=r2], 0x38}}], 0x1, 0x46000)
executing program 1:
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
executing program 2:
setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x6, 0x9, 0x0, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000040)={0x26e8})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000340)={0x5, 0x0, [{0x9a7, 0x0, 0x100}, {0xb65, 0x0, 0x2}, {0x37d, 0x0, 0x3}, {0x3f6, 0x0, 0x6}, {0x4b564d01, 0x0, 0x200}]})
ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000180)={0x300000000000000, 0x0, 0x4, 0x2, 0x8})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xf3b8, 0x0, 0x8000001000, 0x400, 0x4002004c4, 0x1000, 0x0, 0x97, 0x10, 0x0, 0x3, 0x4], 0xeeee8000, 0x140640})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xf1}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200047f9, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x1194}, 0x1, 0x0, 0x0, 0x24040045}, 0x4048800)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x34, r2, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_SEQ={0x5, 0x4, '\"'}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "39042148aa"}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4044000}, 0x44808)
executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0xa, &(0x7f0000000280)=[{0x40, 0x7, 0x9, 0x4}, {0xe, 0x90, 0xff, 0x4}, {0x9, 0x8f, 0x3, 0x9}, {0x8, 0x80, 0x7, 0x10000}, {0x6, 0x4, 0xc, 0x80}, {0x9cf, 0x5, 0x5, 0x400}, {0x4, 0x1, 0x5, 0x8}, {0x5, 0xb, 0x5, 0xe8}, {0x9, 0x4, 0x7}, {0x7f, 0xb, 0x7f, 0x3}]})
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r1, r2, 0x4}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x4, 0x8, 0x8}, 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r3, r4, 0x26}, 0x10)
r5 = socket(0x1, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={r3, &(0x7f0000000240), &(0x7f00000000c0)=@tcp=r5}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r1, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r5}, 0x20)
r6 = socket$inet(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x8d}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}], {0x95, 0x0, 0x1200}}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94)
setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r6, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025", 0x1d}], 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 1:
move_pages(0x0, 0x200000000000019a, &(0x7f0000000000)=[&(0x7f0000002000/0x1000)=nil], 0x0, &(0x7f0000000040), 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000a40)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xefff}}}}}}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x11, 0x0, 0x2, {[@window={0x3, 0x3, 0x8}]}}}}}}}}, 0x0)
executing program 2:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
r1 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7082, 0x4e1e, 0x5, 0x0, 0x0)
rt_sigqueueinfo(r1, 0x13, &(0x7f0000000000)={0x21, 0xfe81, 0xffffffff})
setresuid(0x0, 0xee00, 0xffffffffffffffff)
ioprio_set$pid(0x2, 0x0, 0x2004)
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r0)
close(0xffffffffffffffff)
executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100"], 0x128}, 0x4004000)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, &(0x7f0000000080))
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x5, 0x10, 0xf1, 0x50, 0x12, 0x5, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x43102})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x8080000, 0xeeee0000, 0x8, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x6, 0x15, 0x3, 0x2, 0x87}, {0x6000, 0x1, 0xe, 0x5, 0x3, 0x7, 0x0, 0x7, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xf000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x1000, 0x3909e40c33606d9c, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0xeeef0000, 0xeeef0000, 0x4, 0x5, 0x7, 0x15, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0x4, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x9}, {0x3000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x0, 0x2024, 0x0, 0x1500, 0x3000, [0x6800000000000000, 0x204, 0x5b, 0x8]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000bbdffc))
signalfd4(0xffffffffffffffff, &(0x7f0000000400)={[0xfffffffffffffff5]}, 0x8, 0x80000)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x32, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xf1}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200047f9, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x1194}, 0x1, 0x0, 0x0, 0x24040045}, 0x4048800)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x2c, r2, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_SEQ={0x5, 0x4, '\"'}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "39042148aa"}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044000}, 0x44808)
executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
r1 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x111, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000100)={0x4, 0x8}, 0x10)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0xffcc)
executing program 3:
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0x1804014, &(0x7f00000002c0)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677eef7536f8115edae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYBLOB="5490f41e89db5c6987bb89944e3ce8a9d74aa557beeb12bf7bf4a19bec956b719f048f1e043475577b7adb3114dbb00a614a03808dfe14f5f5c2dd1b71c4d5a6a09435057b932b0b"], 0x3, 0x240, &(0x7f0000000500)="$eJzs2s9rHGUYB/Bn0tbGlHQj/qIF8UUP6mVocvbQIC2IAUW7QhWkUzPRZcfdsLMsrIjJqV79EzyLR2+C9OglF/8CD14klxx7EEe6u5pG4iGI3ZJ+Ppd94N0vzzPMy8t7mP3Xv/6su1XnW8UwFrIsFq7GbtzLYiUW4i+78dorN3964b2bH7y1vrFx7d2Urq/fWF1LKV188ccPv/jupbvDC+9/f/GH87G38tH+wdqve8/tXdr/48annTp16tTrD1ORbvf7w+J2VabNTt3NU3qnKou6TJ1eXQ6OrG9V/e3tcSp6m8tL24OyrlPRG6duOU7DfhoOxqn4pOj0Up7naXkp+C/a395rmjhozt2Kpmme/CYu3I3lX6IV2VMpe/pq9uyt7Pnd7NJB07TmPSr/C+//8fbAob4YUX01ao/a09/p+vpWdKKKMq5EK36P+9tkZlpff3Pj2pU0sRJ3qp1ZfmfUPnM0vxqtWDk+vzrNp7hT/fbEtO3OqH0+liLORczya9GKZ47Prx3mJ/3PTPovxqsvP9A/j1b8/HH0o4rNuJ89zH+5mtIbb2+ko/NfnvwPAOC0ydPfjr2/5fm/rU/zJ7gf/uN+dTYun53vsxNRjz/vFlVVDhRVOVh8NMY4DUVENtlg2WyjzXsexQmLuR5LPCSHL33ekwAAAAAAAAAAAHASD+Nzwnk/IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Gj7MwAA//+3Ycw+")
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0xc004, &(0x7f0000000080)=ANY=[@ANYBLOB="666c7573682c757466383d312c6e6f6e756d7461696c3d302c726f6469722c757466383d312c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c756e695f786c6174653d302c757466383d312c756e695f786c6174653d302c757466383d312c756e695f786c6174653d312c6e6f6e756d7461696c3d302c646f733178666c6f7070792c726f6469722c756e695f786c6174653d312c71756965742c00c8702cc583177e7c953d2b6c6e43b73645f2acb80cc28520c3cd61e54370886d9caa3a1ec165ec59309153922716cb0f95f435e2af"], 0xf5, 0x2f0, &(0x7f0000000f80)="$eJzs3U1rE0EYwPEn70lrTQ8iIgpDBVGkSxPw5sEiLYgBpW0EKwhbu9WQbVKyoRAR24Pg1bOHHjyKIII3LyJee/ET+HbrpTcLFkc2m6RpsqZppa/+f5ed7jzPzuzObJtOm83Kleez+RnH+KXD0qxfghKqlRfl4qelr2fHPx7zvlZqdHgilVYqKCJ3H78e+FDuvf3u+PuYLPffW1lN/1g+MyHye+KhBFXOUQWttVZTxWI54CZP55y8odQt2zIdS+UKjlUqK7Nab07Zlpqxi3NzFWUWpvt65kqW4yizUFF5q6LKRVUuVZT5wMwVlGEYqq9HUB2sumBbXaBTYvbVmtay6g5QbFG01j7Ri/VCpLaN/VtncZC0jH/H2LbJEdrNnmEvrOlwY/yjW4w/jh7v/v/2opv7H0fP+J3JG8OZzMiYUnGR2Wfz2fmst/Xqv/RKTmyxZGns0uS6uHOkyn216G5Hr2dGhlRVv5yfXajlL8xnvR8OwzO1/JQk3dcpumEjP+Xlq835Eelpzk9LUk7456fr+RJsyo/KhXNN+YYk5fN9KYot09W+b+Q/SSl17Wampf1ENQ4AAAAAAAAAgMPIUA0b6/eBxp96E4YRq/7HR6M+4e5247yAxvr6kCRl3X99fsh3fT8sp8P7eOIAAAAAAPxHnMqjvGnbVml3CqGXiQ5NRETELYg8HXA70/GAJ2s97q71qIi0V4U6N7GpkLjstfdmrNYx2c0LtcNCUESa93hv1nBP3n5bj0mIX3pwWxNgMOp75eN7esrSTbDEdzaxY11PrdZCYL2+55RvjA5sfRxt2hFvT/3G3Kr1q9u6Hf5aiLdeqMHv3nHtDt80fjaW+AAAAAAcIk2/OAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH2yo4eH1Z/bv7lKah8R3/5IttbPiee5/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOoD8BAAD//whtri0=")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x8000, 0x0)
executing program 0:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket(0x11, 0x3, 0x0)
setsockopt(r0, 0x107, 0x18, &(0x7f0000000000)="1000", 0x2)
executing program 4:
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000340)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='net_prio.prioidx\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
executing program 0:
mbind(&(0x7f0000bdc000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000140)=0x3ff, 0x3, 0x0)
mbind(&(0x7f0000bdb000/0x3000)=nil, 0x3000, 0x1, &(0x7f0000000080)=0x103e, 0x5, 0x0)
socket$inet6(0xa, 0x3, 0xff)
socket(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0)
listen(r0, 0x10040)
syz_emit_ethernet(0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa32080045000028006700000206907864010001ac1414aa4e204e22", @ANYRES32=0x41424344, @ANYBLOB="5c80"], 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ae0000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005b7000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r1 = io_uring_setup(0x1bc2, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f9})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x501, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)
r2 = socket$inet(0x2, 0x80001, 0x84)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x10}], 0x1}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r1, 0x2219, 0x7722, 0x16, 0x0, 0x0)
executing program 3:
r0 = creat(&(0x7f0000000200)='./file1\x00', 0x12e)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48)
r1 = socket$unix(0x1, 0x5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x200000, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
executing program 4:
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
executing program 0:
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
r0 = socket$unix(0x1, 0x2, 0x0)
writev(r0, &(0x7f00000008c0)=[{0x0}], 0x1)
executing program 4:
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
syz_emit_ethernet(0x4e, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60000000001806"], 0x0)
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x5)
executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xf1}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200047f9, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x1194}, 0x1, 0x0, 0x0, 0x24040045}, 0x4048800)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x2c, r2, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_KEY={0x18, 0x50, 0x0, 0x1, [@NL80211_KEY_SEQ={0x5, 0x4, '\"'}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "39042148aa"}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4044000}, 0x44808)
executing program 3:
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x1000)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x40000073, 0x0, 0x81}]})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x75, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100"], 0x128}, 0x4004000)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
getsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, 0x0, &(0x7f0000000080))
executing program 3:
r0 = socket(0x2, 0x80805, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@gettaction={0x14, 0x32, 0x605, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x8004000}, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7d, &(0x7f0000000280)=@assoc_value, &(0x7f0000000240)=0x8)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING-syz_clone-io_uring_enter-rt_sigqueueinfo-setresuid-ioprio_set$pid-syz_genetlink_get_family_id$batadv-close
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
r1 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7082, 0x4e1e, 0x5, 0x0, 0x0)
rt_sigqueueinfo(r1, 0x13, &(0x7f0000000000)={0x21, 0xfe81, 0xffffffff})
setresuid(0x0, 0xee00, 0xffffffffffffffff)
ioprio_set$pid(0x2, 0x0, 0x2004)
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r0)
close(0xffffffffffffffff)

program crashed: WARNING in do_notify_parent
single: successfully extracted reproducer
found reproducer with 13 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING-syz_clone-io_uring_enter-rt_sigqueueinfo-setresuid-ioprio_set$pid-syz_genetlink_get_family_id$batadv
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
r1 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7082, 0x4e1e, 0x5, 0x0, 0x0)
rt_sigqueueinfo(r1, 0x13, &(0x7f0000000000)={0x21, 0xfe81, 0xffffffff})
setresuid(0x0, 0xee00, 0xffffffffffffffff)
ioprio_set$pid(0x2, 0x0, 0x2004)
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r0)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING-syz_clone-io_uring_enter-rt_sigqueueinfo-setresuid-ioprio_set$pid
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
r1 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7082, 0x4e1e, 0x5, 0x0, 0x0)
rt_sigqueueinfo(r1, 0x13, &(0x7f0000000000)={0x21, 0xfe81, 0xffffffff})
setresuid(0x0, 0xee00, 0xffffffffffffffff)
ioprio_set$pid(0x2, 0x0, 0x2004)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING-syz_clone-io_uring_enter-rt_sigqueueinfo-setresuid
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
r1 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7082, 0x4e1e, 0x5, 0x0, 0x0)
rt_sigqueueinfo(r1, 0x13, &(0x7f0000000000)={0x21, 0xfe81, 0xffffffff})
setresuid(0x0, 0xee00, 0xffffffffffffffff)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING-syz_clone-io_uring_enter-rt_sigqueueinfo
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
r1 = syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7082, 0x4e1e, 0x5, 0x0, 0x0)
rt_sigqueueinfo(r1, 0x13, &(0x7f0000000000)={0x21, 0xfe81, 0xffffffff})

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING-syz_clone-io_uring_enter
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7082, 0x4e1e, 0x5, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-mmap$IORING_OFF_CQ_RING
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc, 0x31, 0xffffffffffffffff, 0x8000000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-setsockopt$netlink_NETLINK_CAP_ACK-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, 0x0, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-socket$netlink-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-bpf$PROG_LOAD-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_settime-syz_clone
detailed listing:
executing program 0:
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, 0x0, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
program did not crash
simplifying guilty program options
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
program did not crash
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): timer_create-timer_settime-syz_clone
detailed listing:
executing program 0:
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_clone(0x2280, 0x0, 0x0, 0x0, 0x0, 0x0)

program crashed: WARNING in do_notify_parent
validation run: crashed=true
reproducing took 1h2m43.197858953s
repro crashed as (corrupted=false):
------------[ cut here ]------------
!valid_signal(sig)
WARNING: kernel/signal.c:2174 at do_notify_parent+0xc7e/0xd70 kernel/signal.c:2174, CPU#0: syz.2.108/6240
Modules linked in:
CPU: 0 UID: 0 PID: 6240 Comm: syz.2.108 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:do_notify_parent+0xc7e/0xd70 kernel/signal.c:2174
Code: c6 05 ac 3f 71 0e 01 48 c7 c7 c0 46 cb 8b be a3 08 00 00 48 c7 c2 40 48 cb 8b e8 6d 53 17 00 e9 c6 fa ff ff e8 a3 00 3b 00 90 <0f> 0b 90 45 31 e4 e9 1c ff ff ff e8 92 00 3b 00 90 0f 0b 90 e9 75
RSP: 0018:ffffc90003057c40 EFLAGS: 00010093
RAX: ffffffff818aad2d RBX: dffffc0000000000 RCX: ffff888029b83d00
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000040
RBP: ffffc90003057d90 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff5200060afa4 R12: ffff88802983cfd0
R13: ffff888029b83d00 R14: 0000000000000080 R15: 1ffff9200060af90
FS:  0000000000000000(0000) GS:ffff88812544c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2d1d9578b0 CR3: 000000007eac2000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 exit_notify kernel/exit.c:756 [inline]
 do_exit+0x15b3/0x2580 kernel/exit.c:986
 __do_sys_exit kernel/exit.c:1083 [inline]
 __se_sys_exit kernel/exit.c:1081 [inline]
 __x64_sys_exit+0x40/0x40 kernel/exit.c:1081
 x64_sys_call+0x2231/0x2240 arch/x86/include/generated/asm/syscalls_64.h:61
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2d1d99c799
Code: Unable to access opcode bytes at 0x7f2d1d99c76f.
RSP: 002b:00007ffe80a4d6f8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 00007f2d1dc15fa0 RCX: 00007f2d1d99c799
RDX: 000055557e992808 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f2d1da32bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2d1dc15fac R14: 00007f2d1dc15fa0 R15: 00007f2d1dc15fa0
 </TASK>

final repro crashed as (corrupted=false):
------------[ cut here ]------------
!valid_signal(sig)
WARNING: kernel/signal.c:2174 at do_notify_parent+0xc7e/0xd70 kernel/signal.c:2174, CPU#0: syz.2.108/6240
Modules linked in:
CPU: 0 UID: 0 PID: 6240 Comm: syz.2.108 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
RIP: 0010:do_notify_parent+0xc7e/0xd70 kernel/signal.c:2174
Code: c6 05 ac 3f 71 0e 01 48 c7 c7 c0 46 cb 8b be a3 08 00 00 48 c7 c2 40 48 cb 8b e8 6d 53 17 00 e9 c6 fa ff ff e8 a3 00 3b 00 90 <0f> 0b 90 45 31 e4 e9 1c ff ff ff e8 92 00 3b 00 90 0f 0b 90 e9 75
RSP: 0018:ffffc90003057c40 EFLAGS: 00010093
RAX: ffffffff818aad2d RBX: dffffc0000000000 RCX: ffff888029b83d00
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000040
RBP: ffffc90003057d90 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffff5200060afa4 R12: ffff88802983cfd0
R13: ffff888029b83d00 R14: 0000000000000080 R15: 1ffff9200060af90
FS:  0000000000000000(0000) GS:ffff88812544c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2d1d9578b0 CR3: 000000007eac2000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 exit_notify kernel/exit.c:756 [inline]
 do_exit+0x15b3/0x2580 kernel/exit.c:986
 __do_sys_exit kernel/exit.c:1083 [inline]
 __se_sys_exit kernel/exit.c:1081 [inline]
 __x64_sys_exit+0x40/0x40 kernel/exit.c:1081
 x64_sys_call+0x2231/0x2240 arch/x86/include/generated/asm/syscalls_64.h:61
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2d1d99c799
Code: Unable to access opcode bytes at 0x7f2d1d99c76f.
RSP: 002b:00007ffe80a4d6f8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c
RAX: ffffffffffffffda RBX: 00007f2d1dc15fa0 RCX: 00007f2d1d99c799
RDX: 000055557e992808 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f2d1da32bd9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2d1dc15fac R14: 00007f2d1dc15fa0 R15: 00007f2d1dc15fa0
 </TASK>