Extracting prog: 47m52.038440342s
Minimizing prog: 1h2m23.410163872s
Simplifying prog options: 12m4.044895004s
Extracting C: 5m8.420031201s
Simplifying C: 0s


extracting reproducer from 37 programs
testing a last program of every proc
single: executing 7 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-mmap$KVM_VCPU-syz_memcpy_off$KVM_EXIT_HYPERCALL-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xa, 0x6, 0x4, 0x7, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0xfec00000, 0x3000, 0xf, 0x13, 0x1, 0x8, 0x7, 0x8, 0x3, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0xe7, 0x3, 0x6, 0x7, 0x3}, {0x2, 0x0, 0xe, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x40000, 0x8000000, 0xe, 0xd, 0x59, 0x5, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xfc}, {0x2, 0xeeef0000, 0x8, 0xbe, 0x6, 0x7, 0x10, 0x1, 0x0, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0xff, 0xf, 0x0, 0x3, 0x8, 0x4, 0x80, 0x2}, {0x2, 0x4, 0x10, 0x4, 0x8, 0x1, 0x0, 0xf9, 0x3, 0x7, 0x0, 0xfa}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x60050018, 0x0, 0x0, 0x222, 0x100000002, 0x0, 0xdddd1000, [0x6, 0x4, 0x4000000000000009, 0x7]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x8000000000000000, 0xf6, 0x0, 0x7, 0x2000000, 0x0, 0x2004cc, 0xfffffffffffffe8b, 0xffff, 0xfffffffffffffffb, 0x1, 0xffffffffffffffff, 0x7ffffffffffffffc, 0x200, 0x0, 0x2], 0x1, 0x72c2})
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x1, 0x41000, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_DEBUGREGS-ioctl$KVM_SET_PIT-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_HAS_DEVICE_ATTR_vcpu-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-ioctl$KVM_RUN-ioctl$KVM_SET_SREGS-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN
detailed listing:
executing program 0:
ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0x1000, 0xeeef0000, 0xdddd0000, 0xb000], 0x100, 0xc})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x3f680, 0x200, 0x0, 0x4f, 0x19, 0x7, 0xc0, 0x1, 0xff, 0x8, 0x9, 0x0, 0x9}, {0x8, 0xaef3, 0x6, 0x3, 0xd, 0xff, 0x8, 0x3, 0x4, 0x13, 0x1, 0x6, 0x10008}, {0x1fb, 0x1007, 0xd, 0x10, 0x25, 0x9, 0x7f, 0xfb, 0x4, 0x15, 0x1, 0x3, 0x840000000000000}], 0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x470f}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f0000000140)=@attr_other={0x0, 0x4, 0xd, &(0x7f0000000100)=0x8000})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x1000, 0x3000, 0xe, 0x13, 0x1, 0x8, 0x7, 0x8, 0x0, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0x6, 0x3, 0x6, 0x5, 0xb}, {0x2, 0x0, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x1, 0x8000000, 0xe, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x373ae001, 0x10, 0xbe, 0x6, 0x9, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x4, 0x80, 0xc}, {0xdddd0000, 0xeeee0000, 0x10, 0x4, 0x64, 0x8, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x40010, 0x0, 0x0, 0x202, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x4, 0x4000000000000009, 0x3]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x1000000000, 0x0, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffffb, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc], 0x1, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$x86-syz_kvm_add_vcpu$x86-ioctl$KVM_SET_NESTED_STATE
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000240))

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-ioctl$KVM_RUN-ioctl$KVM_SET_MSRS-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010002, 0x20000, 0x80ffffff}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0xc0010006}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$x86-syz_kvm_add_vcpu$x86-ioctl$KVM_SET_CPUID-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, &(0x7f00000000c0)=[@rdmsr={0x66, 0x18, {0xc0000104}}], 0x18})
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000001e00))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock-syz_genetlink_get_family_id$batadv-syz_init_net_socket$bt_l2cap-socket$nl_generic-socket$nl_route-pselect6
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$can_raw-openat$tun-ioctl$TUNSETIFF-openat$tun-close-socket$nl_generic-syz_genetlink_get_family_id$tipc-sendmsg$TIPC_CMD_ENABLE_BEARER-ioctl$SIOCSIFHWADDR-writev
detailed listing:
executing program 0:
socket$can_raw(0x1d, 0x3, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000540)="ff0f000000000000b47380c988cafb", 0xf}, {&(0x7f0000000000)="448b7cff030000000000008a15df09", 0xf}], 0x2)

program did not crash
single: failed to extract reproducer
bisect: bisecting 37 programs with base timeout 1m40s
testing program (duration=1m49s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [9, 17, 4, 12, 6, 16, 19, 6, 6, 8, 8, 6, 8, 11, 11, 10, 5, 10, 16, 7, 5, 7, 5, 4, 11, 14, 12, 10, 14, 10, 18, 6, 14, 11, 5, 19, 11]
detailed listing:
executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
close(r0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000"], 0x50)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000a80)=""/20, 0x14}], 0x1}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000480)={r3, &(0x7f0000000440)}, 0x20)
executing program 5:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x8b0, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0xfff2}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x87c, 0x2, [@TCA_MATCHALL_ACT={0x878, 0x2, [@m_police={0x874, 0x1, 0x0, 0x0, {{0xb}, {0x848, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0xffffffff, 0x10000, 0x81, 0x107f, 0xfffffffb, 0x4, 0x2, 0xffffffc0, 0x7, 0x2234, 0x7f, 0x81b, 0x800, 0x5, 0x0, 0x3, 0x7ed53619, 0x1, 0x2, 0x9644, 0x5, 0x58b, 0x2, 0x1003ff, 0x9, 0x2, 0x1, 0x0, 0x80000004, 0x10001, 0x790, 0x5, 0xab2, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x4, 0xfffffffb, 0x1, 0x5, 0x1, 0x5b1f, 0x7b0, 0x7, 0xfffffff9, 0x100006, 0xd, 0xff, 0x3, 0x10000, 0x6, 0x6b7, 0x1ff, 0x4, 0x4, 0x3, 0x3, 0xa14, 0x3, 0x2, 0x80000000, 0x81, 0x7, 0x8, 0x5, 0xffff, 0xf7, 0x1, 0xfffffff9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0x1, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x6, 0x4, 0x6, 0x5, 0x80000001, 0x8, 0x1d24, 0x2, 0x5, 0x1, 0x7f, 0x7, 0x863c, 0xff, 0x24, 0x5, 0x7, 0x6, 0x7a, 0x8, 0x0, 0x7, 0x470, 0x7f, 0x6, 0x0, 0x1, 0x0, 0x4, 0x9, 0x61, 0x200, 0x6, 0x2, 0x2, 0x6, 0x10001, 0x8, 0x7, 0xf, 0xda5a, 0x7ffffffe, 0x9, 0x2f0cb955, 0x7, 0xfed, 0xf, 0x6ae, 0x2, 0x3e, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0xfffffffb, 0x7, 0x8, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x4, 0x4, 0xb6b, 0x5, 0x0, 0xac, 0x9, 0x6, 0x10, 0x9, 0x8, 0x80000001, 0x3, 0x74, 0x2, 0x7fffffff, 0x0, 0xa, 0x6, 0xffffffff, 0x9, 0x10001, 0x7, 0x7f, 0x5, 0x3, 0x200000a, 0x1, 0x0, 0x9, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x5, 0x8, 0x3, 0x2, 0x5, 0xfca, 0x8000399d, 0x6, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x5, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x8, 0xde16, 0xc418, 0xffffffff, 0x4, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x5, 0x2, 0x1, 0x2007, 0x1, 0x177, 0x7, 0x0, 0x80, 0x5, 0x8, 0xfffffffb, 0x9, 0xe7b, 0x1, 0x7, 0x2, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x4, 0x5, 0x10001, 0x1]}], [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x200, 0x4, 0xec2, 0x6, 0x80000008, 0x400, 0x5, 0x1, 0x7, 0x470, 0x487, 0x100, 0xa99, 0x103, 0x5, 0x37f, 0x2f, 0x6, 0x3, 0x3, 0x800, 0xd2f5, 0x40, 0x4, 0x4, 0x5, 0x7, 0x46, 0x2, 0x8, 0x101, 0xffffffff, 0x2, 0x10000, 0xa6, 0x3, 0x10000, 0x5, 0x4, 0x0, 0x3, 0x0, 0xd, 0x40006, 0x98, 0x8, 0x6, 0x9, 0x4d, 0xb3000, 0xf, 0x3, 0x9, 0xfdc4, 0x94d, 0x9, 0x8, 0x6, 0x100, 0xec0, 0xffff, 0x4, 0x2, 0x3ff, 0x3e, 0xb828, 0x0, 0x2, 0x365, 0x8, 0x8, 0x4000000f, 0x8, 0xfffffffe, 0xfffffff6, 0x93, 0x7ff, 0x1000092, 0x0, 0x7, 0x1, 0x7ff, 0x9, 0x2, 0x0, 0x2, 0xb, 0x4, 0x3, 0x9, 0xc, 0x0, 0x3, 0x3, 0x400, 0x100000, 0x7f, 0x2, 0x8, 0x4, 0x7, 0x4, 0x7, 0xfffffffa, 0x200101, 0xadd9, 0x1, 0x4, 0x7, 0x7fffffff, 0x2, 0x4, 0x0, 0x9, 0x4, 0x3, 0x40008, 0x7, 0x6, 0x6, 0x2, 0xb, 0x3, 0x7f, 0xffff, 0x401, 0x1685, 0xa252, 0x8d7, 0x200, 0x3, 0x1, 0x3, 0xfffffffc, 0xfffffffc, 0x1000, 0x7ff, 0x1, 0x1f6, 0x9, 0x7, 0x40000000, 0x5, 0xffffdbb7, 0x50, 0xf, 0xf, 0xe, 0x5, 0x0, 0x81, 0xfff80000, 0x7a7, 0x1, 0x6, 0x3, 0x5, 0x7, 0x5, 0x2, 0x0, 0x4e8, 0x80, 0x3, 0x8, 0x5, 0x5, 0xfff, 0x7fff, 0x7, 0x8, 0x6a4941c5, 0x2ea567b4, 0x8, 0x80000000, 0x6, 0x40, 0x2, 0xfff, 0x8, 0x7, 0x1, 0x1, 0x0, 0x0, 0xd3bed341, 0x691f, 0x0, 0x2, 0x9, 0x6, 0x0, 0x1ff, 0x4000003, 0x3, 0x6, 0x5fc8462f, 0x7, 0x7, 0xffff, 0xffffffec, 0x5, 0x0, 0xb9a6, 0x522, 0x101, 0x2, 0x900, 0x6, 0xbb99, 0xb8000000, 0x8, 0xffffff01, 0xc0a1, 0x8, 0x8, 0x7, 0x59, 0x9, 0x2, 0x101, 0x5f502dca, 0x7, 0x0, 0x4, 0x6, 0x80000001, 0x3, 0xffffff97, 0x2, 0xffe, 0x1, 0x89d, 0x8, 0x3, 0x710, 0xe, 0x1, 0x0, 0x3, 0x8001, 0x1, 0x8001, 0x9, 0x8, 0xfffffffa, 0x8, 0x9, 0x3, 0xe, 0x10000, 0x9, 0x9, 0x7, 0xfffffff8]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0x8, 0x5, 0x1, 0xdbec, {0x8, 0x1, 0x8001, 0x5, 0x7, 0x9}, {0x6, 0x0, 0xd, 0x5, 0x1, 0x5d17}, 0x8, 0xffffffff, 0xf}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x8b0}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
r8 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmmsg$inet(r1, &(0x7f0000000b80)=[{{&(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @dev={0xac, 0x14, 0x14, 0x41}, @empty}}}], 0x20}}], 0x1, 0x0)
executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x30, r1, 0x105, 0xfffffbff, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4004050)
executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005c40)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r2, 0x800442d2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="3e003300d0000800ffffffffffff08021100000050505050505000400f007206030303030303751601ac49ed69cf1fa9ff0300000000fc27461b0965858f3f5acae27de86ec99fec1ef7e15e44ece74867ea68fb38d57f28013f76e3eac04efe10b5e618eb1224fb78e5d8bcbf67f9857c1aae6de1e15c38850dc08f46760f8933a156401561e4cbb4c7c55df6a9e20ab831b48b3adb3e857e229235a4fa9d51fb70874ce89c750336e756a5e0e4e844b5db8b39ef63bbb793b82144d553c400162bae912acae178ee81c61df7c2938f0c2f0812cc729861aa1ca814b300fbd3f4a41c76ab8e5c9f01df4797db0c224ddb7c91"], 0x5c}}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140))
executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)={0x64, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "c30d8568d3"}, @NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "cdf829613de05c780dd1b2b80c"}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x20040000)
executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x68}}, 0x40000)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d13"], 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x24004000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0xb, &(0x7f0000000100)=0x29c0, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[], 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
executing program 5:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close(0x3)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
socket$inet6_sctp(0xa, 0x1, 0x84)
close(r0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(r2, 0x0, 0x40040)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, 0x0, &(0x7f00000002c0))
sendto$inet6(r1, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x21}}, 0x4}, 0x1c)
socket$inet6_sctp(0xa, 0x1, 0x84)
recvmsg(r1, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=""/147, 0x93}, 0x31)
socket$inet_sctp(0x2, 0x5, 0x84)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303}, "ffffffdd00", "67b8825e3412c094fcd45c560968bcf3", "4807a1e6", "ee979d05f7ea4b9b"}, 0x28)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x8}}], 0x18}, 0x8000)
executing program 6:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000300)=[@in6={0xa, 0x4e20, 0x9, @loopback}], 0x1c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x2c, &(0x7f00000002c0)=[@in6={0xa, 0x4e20, 0x0, @loopback}, @in={0x2, 0x4e20, @loopback}]}, &(0x7f0000000000)=0x10)
executing program 4:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=@newqdisc={0x2c, 0x24, 0xd0f, 0x0, 0xfffffffd, {0x60, 0x0, 0x0, 0x0, {0x4, 0x2}, {0xffff, 0xffff}, {0xfff3, 0x1a}}, [@TCA_RATE={0x6, 0x5, {0x2d, 0x5}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004050}, 0x20008840)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040), 0x0, 0xffffffffffffffff, 0x4}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000ff070000000000000300000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000940)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0)
close(r0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r0, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="000500000020"})
executing program 0:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/uts\x00')
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket(0x8, 0x0, 0x8000)
ioctl$sock_netrom_SIOCADDRT(r0, 0x6180, 0x0)
ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000140))
executing program 1:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48)
syz_genetlink_get_family_id$wireguard(0x0, r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1685}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0)
executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x44014)
sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, 0x0, 0x4c011)
sendto$inet6(r1, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x401, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000, 0x3})
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x2000003, 0x2013, r3, 0x0)
r4 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0)
r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f0000007000/0x2000)=nil, r7, 0x3000003, 0x2011, r3, 0x0)
executing program 5:
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xd7, 0x80000001})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
r3 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r6 = mmap$KVM_VCPU(&(0x7f000000e000/0x4000)=nil, 0x930, 0x3, 0x11, r5, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f00000002c0)="fb0149dd033be3ac2cc4a29ea6ab8031d1dfd92f00000000010000005a9610fbff67521cd66f8f1f447d3570707cd24b7eebb20700000000000000000000000100", 0x0, 0xffffffffffffffa7)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x40305829, &(0x7f0000000040)=@attr_arm64={0x0, 0x0, 0x100000000000000, 0x0})
executing program 6:
mmap$KVM_VCPU(&(0x7f0000e98000/0x1000)=nil, 0x930, 0x2, 0x4003831, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff4000/0x4000)=nil, 0x930, 0x0, 0x13, r2, 0x0)
munmap(&(0x7f0000008000/0x1000)=nil, 0x200000)
openat$kvm(0x0, 0x0, 0x0, 0x0)
mmap$KVM_VCPU(&(0x7f0000ff9000/0x4000)=nil, 0x930, 0x0, 0x12, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000feb000/0x13000)=nil, 0x13000)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b6565d2f1, 0xffffffffffffffff, 0x0)
executing program 3:
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xc0901, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x7, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d1, 0x110c230000)
executing program 2:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000b, 0x11, r2, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac4e37c4005a9614fbff67521ce16f8f09449a7a836b73312954000000000000000000000000000000000000000000000000000000dc6900", 0x0, 0x2e)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0)
r4 = eventfd2(0x0, 0x0)
close(r4)
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x1f01)
write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3)
executing program 1:
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f832, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000647000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000fde000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e85000/0x4000)=nil, 0x4000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f3d000/0x4000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000ff5000/0x1000)=nil, 0x1000)
mmap$KVM_VCPU(&(0x7f0000eb2000/0x3000)=nil, 0x930, 0x0, 0x32e7851d6de9e532, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@rdmsr={0x66, 0x18, {0x4000009c}}], 0x18})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f00000002c0)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 3:
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)={0x64, r0, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "c30d8568d3"}, @NL80211_ATTR_KEY={0x30, 0x50, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "cdf829613de05c780dd1b2b80c"}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x20040000)
executing program 6:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x9, 0xf43, 0x3, 0xa2, 0x1000000000000005, 0x4, 0x1, 0x4, 0x8, 0xfffffffffffff9bf, 0x7, 0x8, 0x7, 0x1, 0x4, 0x101], 0xf000, 0x34680})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@x86={0x7, 0x8, 0xc5, 0x0, 0x6, 0x9, 0x4, 0x6, 0x1, 0xf8, 0x0, 0x1, 0x0, 0x3, 0x6, 0x6, 0x9, 0x4, 0xfe, '\x00', 0x4, 0x4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000500)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18}, @nested_load_code={0x12e, 0x74, {0x0, "48b800800000000000000f21f8350c0020000f23fadb0f20d835080000000f22d83266b864000f66baa100ec3dae000100006500650002000f006080000fc744240000800000c74424025a430000c7442406000000000f011c240f30"}}, @nested_vmlaunch={0x12f, 0x18}], 0xbc})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 0:
r0 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x10000, @loopback, 0x1}, 0x1c)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000780)=@nat={'nat\x00', 0x19, 0x2, 0x0, [0x200000000540, 0x0, 0x0, 0x20000000064e, 0x200000000734], 0x0, 0x0, 0x0}, 0x29c)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000100))
executing program 1:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6b3a6e7e216920a8}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@delchain={0x40, 0x2c, 0xf31, 0x1, 0x2000, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xffe0, 0xfff2}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008854}, 0x4010)
executing program 2:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_TCP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @local}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r4)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r3, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4)
executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x40004)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x9}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0x9, 0xfff1}, {0x0, 0x9}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
executing program 4:
socket$can_raw(0x1d, 0x3, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1342, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000540)="ff0f000000000000b47380c988cafb", 0xf}, {&(0x7f0000000000)="448b7cff030000000000008a15df09", 0xf}], 0x2)
executing program 5:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)
executing program 6:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xa, 0x6, 0x4, 0x7, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0xfec00000, 0x3000, 0x8, 0x13, 0x1, 0x8, 0x7, 0x0, 0x3, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0xe7, 0x3, 0x6, 0x7, 0x3}, {0x2, 0x0, 0xe, 0xc, 0x7f, 0x5, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x40000, 0x8000000, 0xe, 0xd, 0x59, 0x5, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xfc}, {0x2, 0xeeef0000, 0x8, 0xbe, 0x6, 0x7, 0x10, 0x1, 0x0, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0x2, 0xf, 0x0, 0x3, 0x8, 0x4, 0x88, 0x2}, {0x6000, 0x4, 0x10, 0x4, 0x8, 0x1, 0x0, 0xf9, 0x3, 0x7, 0x0, 0xfe}, {0x80a0000, 0xedd8}, {0xffff1000, 0x17}, 0x60050018, 0x0, 0x0, 0x222, 0x1000100000002, 0x0, 0xdddd1000, [0x6, 0x4, 0x4000000000000009, 0x7]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_MEMORY_ENCRYPT_REG_REGION(r1, 0x8010aebb, &(0x7f0000000040)={0x3000, 0x104000})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x8000000000000000, 0xf6, 0x0, 0x7, 0x2000002, 0x0, 0x2004cc, 0xfffffffffffffe8b, 0xffff, 0xfffffffffffffffb, 0x18b, 0xffffffffffffffff, 0x1, 0x200, 0x0, 0x2c00000], 0x1, 0x462c2})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x5, 0x41000, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 0:
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000580)=0x20e9)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000280)={0x1, 0x0, [{0x40000097, 0x0, 0x2}]})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xe01, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340))
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x3, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f00000003c0))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_GET_XCRS(r5, 0x8188aea6, &(0x7f0000000840))
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x8000, 0x180, 0x4, 0x0, 0xf1, 0x0, 0x7fffffffffffe, 0x9, 0x0, 0x9, 0x0, 0x5, 0x0, 0xbdb], 0x2000, 0x3c4210})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
executing program 1:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, &(0x7f00000000c0)=[@rdmsr={0x66, 0x18, {0xc0000104}}], 0x18})
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000001e00))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010002, 0x20000, 0x80ffffff}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0xc0010006}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@code={0x1, 0x49, {"0f01ca2e646740c159368266bad004b0bdee66baa100ed640f017c9993660f38816da4470f019d0d000000f3430fc776100f01c3460f013a"}}], 0x49})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000000180)={0x1, 0x0, [{0x80000019, 0xe, 0x3, 0x3ff, 0x3, 0x3}]})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000140)={0x6, 0x8})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x7, 0xfc, 0xe1, 0x0, 0x6, 0xd9, 0x40, 0x1, 0xfb, 0x8, 0xc, 0x0, 0x0, 0x40, 0x1, 0x5}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x3, 0x0, 0x106c, 0x80000001, 0x8000000000000, 0x80000004000080, 0x0, 0x8, 0x0, 0x4, 0x0, 0x8001], 0x1, 0x3c4210})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 6:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000240))
executing program 0:
ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0x1000, 0xeeef0000, 0xdddd0000, 0xb000], 0x100, 0xc})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x3f680, 0x200, 0x0, 0x4f, 0x19, 0x7, 0xc0, 0x1, 0xff, 0x8, 0x9, 0x0, 0x9}, {0x8, 0xaef3, 0x6, 0x3, 0xd, 0xff, 0x8, 0x3, 0x4, 0x13, 0x1, 0x6, 0x10008}, {0x1fb, 0x1007, 0xd, 0x10, 0x25, 0x9, 0x7f, 0xfb, 0x4, 0x15, 0x1, 0x3, 0x840000000000000}], 0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x470f}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f0000000140)=@attr_other={0x0, 0x4, 0xd, &(0x7f0000000100)=0x8000})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x1000, 0x3000, 0xe, 0x13, 0x1, 0x8, 0x7, 0x8, 0x0, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0x6, 0x3, 0x6, 0x5, 0xb}, {0x2, 0x0, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x1, 0x8000000, 0xe, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x373ae001, 0x10, 0xbe, 0x6, 0x9, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x4, 0x80, 0xc}, {0xdddd0000, 0xeeee0000, 0x10, 0x4, 0x64, 0x8, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x40010, 0x0, 0x0, 0x202, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x4, 0x4000000000000009, 0x3]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x1000000000, 0x0, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffffb, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc], 0x1, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xa, 0x6, 0x4, 0x7, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0xfec00000, 0x3000, 0xf, 0x13, 0x1, 0x8, 0x7, 0x8, 0x3, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0xe7, 0x3, 0x6, 0x7, 0x3}, {0x2, 0x0, 0xe, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x40000, 0x8000000, 0xe, 0xd, 0x59, 0x5, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xfc}, {0x2, 0xeeef0000, 0x8, 0xbe, 0x6, 0x7, 0x10, 0x1, 0x0, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0xff, 0xf, 0x0, 0x3, 0x8, 0x4, 0x80, 0x2}, {0x2, 0x4, 0x10, 0x4, 0x8, 0x1, 0x0, 0xf9, 0x3, 0x7, 0x0, 0xfa}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x60050018, 0x0, 0x0, 0x222, 0x100000002, 0x0, 0xdddd1000, [0x6, 0x4, 0x4000000000000009, 0x7]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x8000000000000000, 0xf6, 0x0, 0x7, 0x2000000, 0x0, 0x2004cc, 0xfffffffffffffe8b, 0xffff, 0xfffffffffffffffb, 0x1, 0xffffffffffffffff, 0x7ffffffffffffffc, 0x200, 0x0, 0x2], 0x1, 0x72c2})
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x1, 0x41000, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 7 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-mmap$KVM_VCPU-syz_memcpy_off$KVM_EXIT_HYPERCALL-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xa, 0x6, 0x4, 0x7, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0xfec00000, 0x3000, 0xf, 0x13, 0x1, 0x8, 0x7, 0x8, 0x3, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0xe7, 0x3, 0x6, 0x7, 0x3}, {0x2, 0x0, 0xe, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x40000, 0x8000000, 0xe, 0xd, 0x59, 0x5, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xfc}, {0x2, 0xeeef0000, 0x8, 0xbe, 0x6, 0x7, 0x10, 0x1, 0x0, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0xff, 0xf, 0x0, 0x3, 0x8, 0x4, 0x80, 0x2}, {0x2, 0x4, 0x10, 0x4, 0x8, 0x1, 0x0, 0xf9, 0x3, 0x7, 0x0, 0xfa}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x60050018, 0x0, 0x0, 0x222, 0x100000002, 0x0, 0xdddd1000, [0x6, 0x4, 0x4000000000000009, 0x7]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x8000000000000000, 0xf6, 0x0, 0x7, 0x2000000, 0x0, 0x2004cc, 0xfffffffffffffe8b, 0xffff, 0xfffffffffffffffb, 0x1, 0xffffffffffffffff, 0x7ffffffffffffffc, 0x200, 0x0, 0x2], 0x1, 0x72c2})
r3 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x1, 0x41000, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$KVM_SET_DEBUGREGS-ioctl$KVM_SET_PIT-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_HAS_DEVICE_ATTR_vcpu-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-ioctl$KVM_RUN-ioctl$KVM_SET_SREGS-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN
detailed listing:
executing program 0:
ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0x1000, 0xeeef0000, 0xdddd0000, 0xb000], 0x100, 0xc})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x3f680, 0x200, 0x0, 0x4f, 0x19, 0x7, 0xc0, 0x1, 0xff, 0x8, 0x9, 0x0, 0x9}, {0x8, 0xaef3, 0x6, 0x3, 0xd, 0xff, 0x8, 0x3, 0x4, 0x13, 0x1, 0x6, 0x10008}, {0x1fb, 0x1007, 0xd, 0x10, 0x25, 0x9, 0x7f, 0xfb, 0x4, 0x15, 0x1, 0x3, 0x840000000000000}], 0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x470f}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r5, 0x4018aee3, &(0x7f0000000140)=@attr_other={0x0, 0x4, 0xd, &(0x7f0000000100)=0x8000})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x1000, 0x3000, 0xe, 0x13, 0x1, 0x8, 0x7, 0x8, 0x0, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0x6, 0x3, 0x6, 0x5, 0xb}, {0x2, 0x0, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x1, 0x8000000, 0xe, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x373ae001, 0x10, 0xbe, 0x6, 0x9, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x4, 0x80, 0xc}, {0xdddd0000, 0xeeee0000, 0x10, 0x4, 0x64, 0x8, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x40010, 0x0, 0x0, 0x202, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x4, 0x4000000000000009, 0x3]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x1000000000, 0x0, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffffb, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc], 0x1, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$x86-syz_kvm_add_vcpu$x86-ioctl$KVM_SET_NESTED_STATE
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000240))

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_MSRS-ioctl$KVM_RUN-ioctl$KVM_SET_MSRS-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_REGS-ioctl$KVM_RUN-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc0010002, 0x20000, 0x80ffffff}]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0xc0010006}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-syz_kvm_setup_syzos_vm$x86-syz_kvm_add_vcpu$x86-ioctl$KVM_SET_CPUID-ioctl$KVM_RUN
detailed listing:
executing program 0:
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, &(0x7f00000000c0)=[@rdmsr={0x66, 0x18, {0xc0000104}}], 0x18})
ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000001e00))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock-syz_genetlink_get_family_id$batadv-syz_init_net_socket$bt_l2cap-socket$nl_generic-socket$nl_route-pselect6
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0)

program crashed: memory leak in skb_clone
single: successfully extracted reproducer
found reproducer with 14 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock-syz_genetlink_get_family_id$batadv-syz_init_net_socket$bt_l2cap-socket$nl_generic-socket$nl_route
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock-syz_genetlink_get_family_id$batadv-syz_init_net_socket$bt_l2cap-socket$nl_generic
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock-syz_genetlink_get_family_id$batadv-syz_init_net_socket$bt_l2cap
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x3)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock-syz_genetlink_get_family_id$batadv
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-connect$bt_l2cap
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-syz_init_net_socket$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-socket$unix-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-socket-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-openat$tun-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_MAP_CONST_STR_FREEZE-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$MAP_CREATE_CONST_STR-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program crashed: memory leak in skb_clone
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, 0x0, 0x0)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, 0x0, 0x24040800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0}, 0x24040800)

program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
program crashed: no output from test machine
not a leak crash: no output from test machine
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program crashed: memory leak in skb_clone
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program crashed: memory leak in skb_clone
validation run: crashed=true
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): bpf$BPF_MAP_CONST_STR_FREEZE-bpf$BPF_PROG_TEST_RUN-syz_init_net_socket$bt_l2cap-connect$bt_l2cap-sendmsg$sock
detailed listing:
executing program 0:
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmsg$sock(r0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)=[@timestamping={{0x14, 0x1, 0x25, 0x3}}], 0x18}, 0x24040800)

program crashed: memory leak in skb_clone
validation run: crashed=true
reproducing took 2h13m44.980811129s
repro crashed as (corrupted=false):
2025/12/02 18:17:09 executed programs: 40
BUG: memory leak
unreferenced object 0xffff88810c726000 (size 240):
  comm "kworker/u9:4", pid 5981, jiffies 4294961872
  hex dump (first 32 bytes):
    90 ac 62 10 81 88 ff ff 90 ac 62 10 81 88 ff ff  ..b.......b.....
    00 00 00 00 00 00 00 00 00 ac 62 10 81 88 ff ff  ..........b.....
  backtrace (crc 1f3fcfd2):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
    skb_clone+0xae/0x2b0 net/core/skbuff.c:2050
    __skb_tstamp_tx+0x3a0/0x4c0 net/core/skbuff.c:5636
    hci_conn_tx_queue+0x11c/0x1d0 net/bluetooth/hci_conn.c:3026
    hci_send_conn_frame net/bluetooth/hci_core.c:3086 [inline]
    hci_sched_acl_pkt net/bluetooth/hci_core.c:3701 [inline]
    hci_sched_acl net/bluetooth/hci_core.c:3726 [inline]
    hci_tx_work+0x437/0x570 net/bluetooth/hci_core.c:3820
    process_one_work+0x26b/0x620 kernel/workqueue.c:3263
    process_scheduled_works kernel/workqueue.c:3346 [inline]
    worker_thread+0x2c4/0x4f0 kernel/workqueue.c:3427
    kthread+0x15b/0x310 kernel/kthread.c:463
    ret_from_fork+0x2af/0x2e0 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

final repro crashed as (corrupted=false):
2025/12/02 18:17:09 executed programs: 40
BUG: memory leak
unreferenced object 0xffff88810c726000 (size 240):
  comm "kworker/u9:4", pid 5981, jiffies 4294961872
  hex dump (first 32 bytes):
    90 ac 62 10 81 88 ff ff 90 ac 62 10 81 88 ff ff  ..b.......b.....
    00 00 00 00 00 00 00 00 00 ac 62 10 81 88 ff ff  ..........b.....
  backtrace (crc 1f3fcfd2):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_noprof+0x397/0x5a0 mm/slub.c:5295
    skb_clone+0xae/0x2b0 net/core/skbuff.c:2050
    __skb_tstamp_tx+0x3a0/0x4c0 net/core/skbuff.c:5636
    hci_conn_tx_queue+0x11c/0x1d0 net/bluetooth/hci_conn.c:3026
    hci_send_conn_frame net/bluetooth/hci_core.c:3086 [inline]
    hci_sched_acl_pkt net/bluetooth/hci_core.c:3701 [inline]
    hci_sched_acl net/bluetooth/hci_core.c:3726 [inline]
    hci_tx_work+0x437/0x570 net/bluetooth/hci_core.c:3820
    process_one_work+0x26b/0x620 kernel/workqueue.c:3263
    process_scheduled_works kernel/workqueue.c:3346 [inline]
    worker_thread+0x2c4/0x4f0 kernel/workqueue.c:3427
    kthread+0x15b/0x310 kernel/kthread.c:463
    ret_from_fork+0x2af/0x2e0 arch/x86/kernel/process.c:158
    ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF