Extracting prog: 28m54.657368808s
Minimizing prog: 18m1.604114373s
Simplifying prog options: 0s
Extracting C: 56.431081812s
Simplifying C: 5m36.023120647s


extracting reproducer from 42 programs
testing a last program of every proc
single: executing 7 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_usb_control_io-syz_open_dev$char_usb-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-close_range
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200000000100905"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]})
close_range(r1, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-sendmsg$kcm-recvmsg$kcm-syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/189, 0xbd}], 0x1}, 0x2122)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f0000000000)="b0")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_init_net_socket$bt_sco-syz_open_dev$sndmidi-dup-write$6lowpan_enable-syz_io_uring_setup-syz_io_uring_submit-io_uring_enter-prctl$PR_SCHED_CORE-bind$bt_sco-listen-accept4
detailed listing:
executing program 0:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$bt_sco(r0, &(0x7f0000000040), 0x8)
listen(r0, 0x1)
accept4(r0, 0x0, 0x0, 0x80800)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-socket-setresgid-syz_usb_control_io$hid-openat$ttyS3-ioctl$TCSBRKP-openat$ttyS3-openat$procfs-sendfile-ioctl$TCSETAF-syz_usb_ep_write$ath9k_ep1
detailed listing:
executing program 0:
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
socket(0x10, 0x3, 0x0)
setresgid(0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x169080, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x20000023896)
ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000280)={0xad2f, 0x5, 0x5, 0x8b, 0x7, "7f4ec452f80d501f"})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$tun-ioctl$TUNSETIFF-openat$fb0-prlimit64-vmsplice-mremap-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-keyctl$KEYCTL_WATCH_KEY-write$FUSE_NOTIFY_INVAL_ENTRY-read$watch_queue-getpid-openat$tun-syz_emit_ethernet-close-socket$kcm-write$cgroup_subtree-fsopen
detailed listing:
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
vmsplice(r1, &(0x7f0000e79000)=[{0x0}], 0x1, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000000000f7)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, 0x0, 0x2c)
read$watch_queue(0xffffffffffffffff, 0x0, 0x0)
getpid()
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x14b, &(0x7f0000000580)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @local, @val={@val={0x88a8, 0x1, 0x1, 0x3}, {0x8100, 0x6, 0x0, 0x4}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x4, 0x135, 0x64, 0x0, 0x8, 0x2f, 0x0, @broadcast, @broadcast}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x1f, 0x3, [0x1], "52c596da2c84a872529b487aa5d1a534bfceb828c4b8e90b7e4f6d0868fd1b"}, {}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "3cff09485ec97f84070e96fc75a5de2d664c401e2e4a459d938b8a54cf3ecf62bf3a414288202c86d160803b1bc30a0171681d1eb431338cedbb5e0303e9ae7ae3e066d2b8152cd26bfadfdbeadaca39a4b686b8657054d57938d8356844562674dd9cee208c6a04193b168283821edfc0faa91fcc1e9aba898c85667bc4bc8a4fac1ea1db875c9b87288d23c89edeaaf9959687e5f82faa36b21b7156f85c97c6c0dd0e"}, {0x8, 0x88be, 0x4, {{0xe, 0x1, 0x6, 0x2, 0x0, 0x0, 0x2, 0x6}}}, {0x8, 0x22eb, 0x3, {{0x5, 0x2, 0x0, 0x0, 0x0, 0x2, 0x5, 0x6}, 0x2, {0x50, 0x1ff, 0x1, 0x1, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x1, "71297a94e22aa086083a67fce1989344b1e9339bcbaa0d57"}}}}}}, 0x0)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x280)
fsopen(0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-sendmmsg$unix-recvmmsg-mkdir-mkdir-ioprio_set$pid-mkdir-mount$overlay-chdir-open-write$FUSE_CREATE_OPEN-sendfile-move_mount
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
move_mount(0xffffffffffffffff, &(0x7f00000000c0)='./mnt\x00', 0xffffffffffffffff, &(0x7f0000000080)='./mnt\x00', 0x172)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect-syz_open_dev$I2C-ioctl$I2C_RDWR
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003296fb608229084d488ff0102030109023300010484008109041e800056a7f602"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x155555555555563e})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f00000002c0)=[{0x8, 0x4e01, 0x7e, &(0x7f00000001c0)="70bad6d6134eb9c3fea3e1fdacfdddded02438edb6917ed837d79450af8618ef9949a85f1ef0e9ef94b3b9f6031edb897532fb8233e274df8bf706ad240402a166ec5c8045659c0377fce1d2f8daee9876a77928c19abfc9c93f1855b69870e8bfad51661c612c79b600ffea6e05b54ebb00153fc447b5403d43d145e1b5"}], 0x1})

program did not crash
single: failed to extract reproducer
bisect: bisecting 42 programs with base timeout 1m40s
testing program (duration=1m50s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [12, 9, 7, 23, 15, 16, 8, 5, 21, 10, 13, 14, 26, 17, 14, 28, 7, 5, 13, 4, 10, 12, 3, 13, 10, 3, 13, 6, 3, 9, 18, 11, 15, 9, 8, 18, 5, 21, 11, 11, 7, 5]
detailed listing:
executing program 6:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = syz_io_uring_setup(0xb, &(0x7f00000002c0)={0x0, 0x200002f, 0x800, 0x1, 0x100020b}, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0xc000000, &(0x7f0000000000)=[{0x0}], 0x1, 0x12})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
io_uring_enter(r2, 0x847b6, 0x0, 0xa, 0x0, 0x0)
executing program 1:
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x62981)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x800000, 0x0, 'queue0\x00', 0x9})
writev(r1, &(0x7f0000000580)=[{&(0x7f0000000000)="238292", 0xfff6}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0x10000, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x3517, 0xc2de, 0x9, 0x0, 0x0)
executing program 0:
openat$sndseq(0xffffffffffffff9c, &(0x7f00000193c0), 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x700, 0x20, 0x341, 0x0, {{0xf, 0x4, 0x1, 0x8, 0x3c, 0x6b, 0x0, 0xa, 0x29, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x42}, {[@generic={0x94, 0xc, "74141141c1e93e03fc23"}, @cipso={0x86, 0x1c, 0x0, [{0x1, 0x11, "727c983251ed15de07ec8a9ae94d31"}, {0x6, 0x3, "ee"}, {0x2, 0x2}]}]}}}}})
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb1000000080089", 0x17, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)
executing program 5:
shmat(0x0, &(0x7f0000ff9000/0x1000)=nil, 0x4000)
shmctl$IPC_RMID(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x20400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x83fb, 0x789b1c25, 0x29, 0x4, 0x5, 0xcc7, 0x8, 0x8d, 0x9, 0x0, 0x2, 0x1, 0x1, 0x1, 0x6, 0x81, 0x6, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e5c, 0xb, 0xffc00004, 0x3c, 0x8, 0x100006, 0xf7fffff7, 0xfffffff8]})
socket$inet6(0xa, 0x80002, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}, {0x24, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "ac"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}]}], {0x14}}, 0xdc}, 0x1, 0x0, 0x0, 0x4}, 0x0)
executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000300), 0x3, 0x189002)
r1 = fcntl$dupfd(r0, 0x0, r0)
read$FUSE(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd8}, 0x94)
executing program 0:
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x48, 0x29, 0x4, {0x4, 0x5, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @ra={0x5, 0x2, 0xbf4}, @generic={0x93, 0x10, "e80ee304ecb784ec4655260cecea14e4"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x18, 0x29, 0x36, {0x5e}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x118}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800000000000000000000000000010ff02000000000000000080000000000189"], 0x340a)
executing program 3:
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b000000080003", @ANYRES32=r3, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050000015"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
executing program 5:
socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa15, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'sit0\x00'})
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
sendmmsg(r2, 0x0, 0x0, 0x842)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={<r4=>0x0, <r5=>0x0, <r6=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1c00000000000000010000", @ANYRES32=r4, @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="0100000001000000000000009f6bd0d3ee456c65546c0662026100000000000000004193598699ddf9401a2e0553926ba142314ab8f1a716f6f01c8511c6e0ec20543f7c75822cf91bfa5088f5ffab6d26ab9f2e8ce9cbfe7597f9a1444f275cc3f633ce486650de1fc76c41ab688b69108aa7d59beb14a9c49890187e3caf2b0444bacb6c50ccd590f081ccc33c92119a92ba8e9dc46a1b58c32d3cecba5aabac23081942346ba3cc437ab0e484", @ANYRES32, @ANYBLOB], 0x38, 0x40044}}], 0x1, 0x4)
ptrace$ARCH_MAP_VDSO_64(0x1e, r4, 0x1ff, 0x2003)
syz_clone(0x100000, 0x0, 0x0, 0x0, 0x0, 0x0)
executing program 6:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x400, 0xfffffffe, 0x272}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd, 0x6, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
executing program 3:
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r2 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\r\xcc:', 0x0)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
executing program 2:
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$xdp(0x2c, 0x3, 0x0)
fsetxattr$security_evm(r2, &(0x7f00000000c0), &(0x7f0000000240)=ANY=[@ANYBLOB="03"], 0x9, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
open(&(0x7f0000000000)='./file0/file1\x00', 0x101002, 0x17d)
executing program 6:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='yeah', 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
syz_mount_image$hfsplus(&(0x7f0000000280), &(0x7f0000000240)='./file0\x00', 0x81401, &(0x7f0000000a40)=ANY=[@ANYBLOB="6e6f626172726965722c706172743d3078303030303030303030303030303030392c756d61736b3d30303030303030303030303030303030343030302c626172726965722c747970653df268d6512c6e6c733d69736f383835392d312c756d61736b3d30303030303030303030303030303030303030303030372c00000000"], 0x7, 0x6d4, &(0x7f00000011c0)="$eJzs3U+IHFkdB/BvdSY90xGzs/+yUYQMG1h0g8lMmjURhI0ikkOQoJe9DslkM2SSXSazkl3EdFxXwZN4kD14WJF4WBFERFhPi+tZELx4yj3gzUMO6khVV8/09PRMejaZ6dH9fKCm3uv36r1f/bqq+t80HeAT6/wrOdhJkfMnLtwq6/futpfu3W1f75WTTCZpJBPdVYpWUnyUnEt3yWfKG+vhiq3meen+B8XEu++3u7WJeqn6N7bbbpOhPTvJVJKfVpUDSWa6t/9r5GE3jVct1TiX1sf7mIq1uMuEHe8lDsZtdZPOemPjoZuPft4C+9bt7uPmJtPJoXQfXcvnAamvDg+/MoxDa0Nt22tTZ7djAQAAgN039LV8vyce5EFu5fDehAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/H4rubwYW9dLolWdS9H7/v9n3m/rNMYf7iN65Uq2+9cS4AwEAAAAAAACAR3LsQR7kVg736qtF9Zn/81Xlmervp/JGbmYhyzmZW5nPSlaynLkk030DNW/Nr6wsz23e8mcpt1xdXb1db3l66JanN8bVGQx02H8abOoEAAAAAAAAAJ9Y38/59c//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSA91VtTzTK0+nMZFkKkmzmFnr3hxrsI+kG/qH4w4DAAAA9s7h4j/dwmpRveY/Ur3un8obuZGVLGYlS1nI5eq9gO5L58ZfO+2le3fb18tl84Bf/ceO5q9GTPe9h+Ezz1Y9nl3b4ny+kW/nRGZyMctZzHcyn5UsZCZfr0rzKTJdv3sxfe9uK71YN8d7bkPt4mBsx/rKZXxHq0hauZJWUcZ2MpeavdAbdb+jfbP9oZkMzHinzE7xcm3EHF2u1+Ue/aRe7w/T1Z4fzJUsVvfWbJ37MhtP9ud9c+53eJwMzjSXxtp7UM+sz1JWB2caPecH1ouH6vUe5HqHb6VtzETnx2Wtd/Qd2T7nyRf+9qeLVxs3rl29cvPE/jmMPqbBY6Ldl4nnRsrEUpmJqS3v5DsPDWHqUffh8WjW2egewDu7Wj5fbXs4i/lmXsvlLORMZjOXs5nNl3M67Zzuy+uz2+e1OtcaO7u+Hf98XWgl+VG93lOTWzWUeX2yzmsn2XClm67a+m9Zz9JTI2SpaGZ4lv4+NJSJz9aFco63+x5xxm8wE3N9mXh6+0z84t+rSW4u3bi2fHX+9RHne6Fel6ftOxuv0b98LDu0c/XulsfLU+WdVVZ+uPF4Kdue7rUN5KtZf+IyUQ+2oa2Z6nzutpVnammrM7Uc6cidYSN1254bOku7ajva19ZaazuZS3ktS2vPQgDYtxo59OKhZut+6y+t91o/aF1tXZj62uTZyc81c/DPE3888NvGrxpfKV7Me/le/WgCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8kptvvnVtfmlpYXkfFtIYofNvMvqAd4Y29VLRvaW52/vVnezDX489vY+10DuQJrc7on6XZJtxmuMIvpVkd6c4NlrnTOzBLk9mSNOFtVtaSWMtniTX9skP3AG74dTK9ddP3XzzrS8uXp9/deHVhRunz555+Uz7S3O3T11ZXFqY7f4dd5TAbhh8XgoAAAAAAAAAAADsf6N9eaC5xdc2Pp1k1G+8bFB0xrCvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP+m86/kYCdF5mZPzpb1e3fbS+XSK6/3nEjSSFJ8Nyk+Ss6lu2S6b7hiq3leuv/Bz1949/32+lgTvf6Nge1+/8/V1dGCf7tX6NRLZpIcqNcPN7lVw4bxLvWN1xktsAHF2h6WCTveSxyM238DAAD//+K9AiI=")
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f00000003c0)={"54ea2a976eed66cfbc29d6586d35a35a", 0x0, 0x0, {0x1}, {0x0, 0xda}, 0xa7, [0x9, 0x5a2, 0x3, 0x4, 0x8, 0x6, 0x4, 0xffffffff, 0x43c, 0x401, 0x8, 0x3, 0x2, 0x0, 0x6, 0x10001]})
pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x5405, 0x800, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
socket$netlink(0x10, 0x3, 0xb)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xe8c}, 0x2a, 0xfffffffffffffff9)
socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000100)="fd0a0fc6dd4887c6048236609465f2e31c82c5f6be73b435a314bd11a3ccedb8ec4c8219ed81f552d8a12b9b15cdca91b058fbff98d619438ad5aaebb6ed6b", 0x3f, 0x404c801, 0x0, 0x0)
executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0)
r2 = userfaultfd(0x1)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$IOCTL_VMCI_GET_CONTEXT_ID(r3, 0x7b3, 0x0)
ioctl$sock_inet6_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000300))
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
lseek(0xffffffffffffffff, 0x7, 0x2)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000002c0)=@urb_type_bulk={0x3, {0xb}, 0xede7a065, 0x20, &(0x7f0000000200)="cf1d53a8c8e028c32715e03e8bf7c58c8726ba1d5dd8f5e8c70e35a84b727f33ec1371be9ecff06d2bcb72d3d69f", 0x2e, 0xa, 0x101, 0xffffff00, 0xe, 0x9, &(0x7f0000000240)="0fabeb5d1c3d7b93a6da53cc6ae88e5a0e0304c7dc38dfd68035fe2dce77c491da4821864d8b54869dcd069db15d236f7d94f07f80816d34ae75d3d055b72d5de83102292efb61648542fa79a9376d3fd22bbb34f9bd2b4f0f665b57c3403b8e9b5f39611930d2ad"})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
close(0x3)
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
executing program 2:
syz_usb_connect(0x2, 0x2d, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}], 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000000, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x200})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8982, &(0x7f0000000480)={0x7, 'pimreg1\x00', {0x7}, 0x8})
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x10000000)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@dstopts={{0x18}}], 0x18}, 0xc4)
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r5, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x1b, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000030000000000000009000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB="0000000000000000b70500182a000200000555000000000000000000", @ANYRES32=0x1, @ANYBLOB="00000000080000005047100010000000007701000000000085200000010000004bb90001fcffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000085200000010000009500000000000000"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7fff}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000280)=[{0x5, 0x2, 0x8, 0xa}, {0x1, 0x2, 0x0, 0xc}], 0x10, 0x1}, 0x94)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x10000003, 0x0, 0x81, 0x1ff, 0x1}, 0x1c)
recvmmsg(r6, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000500)}, 0x10}], 0x1, 0x2000, 0x0)
recvmmsg$unix(r6, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="956a3456", 0x4}], 0x1, &(0x7f00000009c0)=ANY=[@ANYBLOB="d8000000000000000f01000047000000989757ac1b87091f22d6da63611423cb97737e8214a0eea85eda5eb87c161847e35004a35f4a0451c512ae9f19db439b4eff0f2462442ebc77309611314d6ce1a94a6ab1854301b3e151aa4cd40fc514bb121dac596d45bdad4beb223477f66d6450ca695e8c9e97368d051965ab5585f659a9520b971e5d47c6898b0aeb0b03b4b8adc82e4eed07c387024db0131165e25326fd8bbfa9cfd65054c7daa6d793d58fc010391ba1c1e6b993a455d6bf7f1f76edef3c325c6a32d3937d81e62e551e7d1d5934629a532d0000000000004800006e690000000000000003000000f71683e7b16f08dc3d4f68e78375f8466ef1c527ec568d2206cd08278cf688e55104081ba271792842a7f001419cd8ffbd7f354f2a6c00000f00000000000000110100000f0000008ba75eef003ea8bbca331b8c9c7d4075375ed4be7daff79007c2ee938def1fedd53ed6f18e49ea9959e77cff43c9436aa1a4c824d7a0eaccd3779c18c049a61e48e982a1d4e17251de4bc0d74d9082e17925650c76436180613143982b595c2519a65b80c35076608f71857d06cf876f8509e860f9fc258449ac8c1a0ea1202a142d19e3141c1f52fd62f64799d21ad28fbf31b970d74bcacbf2c875645600001000000000000000020100000500000068b4afd7a129a61568c02de53140d46e5c8bcf1ffec57e6e8e0c676bc72791f9c8f815d04897c40343138cc22f491f49f0f6866ef8b29ab600000000beed8ee6e99cffe558700a7a1fb584112dd138bc77e766a4952404de8b7b69434ebd0624dece30eb4a6416489ae95180e0e081da4df0687c7000219b3bafa4a5ac1199e48e8ae35029bf0ba251a86f756dfcf76023239a7bb15584341c20abca0bd308f7845b2d73f12b56d784bf26632bc80e6b8d60f02e17121d0964452c87174c6c7ca5920cc3c03957193fcefa44a48b97582b229c3f7897dbab3b9127f3341bc644bb090bce59e75404e565133df8d8cf14fe846ced39894a07d6d5b6dc392f4e6b2f7fb3c59f52834537ba5583000000000000000000000000004940396edaaaee728474"], 0x1e0}, 0x8080)
sendmmsg(r3, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
r7 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r7, 0x1, 0x50, &(0x7f0000000040), 0x4)
executing program 0:
openat$sndseq(0xffffffffffffff9c, &(0x7f00000193c0), 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x700, 0x20, 0x341, 0x0, {{0xf, 0x4, 0x1, 0x8, 0x3c, 0x6b, 0x0, 0xa, 0x29, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x42}, {[@generic={0x94, 0xc, "74141141c1e93e03fc23"}, @cipso={0x86, 0x1c, 0x0, [{0x1, 0x11, "727c983251ed15de07ec8a9ae94d31"}, {0x6, 0x3, "ee"}, {0x2, 0x2}]}]}}}}})
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb1000000080089", 0x17, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)
executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000000020d0000052406000105240000000d240f01fffffffffeff00000206241a00000009058103000200000d0904010000020d00000904010102020d000009"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
fallocate(0xffffffffffffffff, 0x3, 0x2, 0x8000c62)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$sock(r2, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
recvfrom(r3, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f5000905820200"], 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xa8, &(0x7f0000000080)=ANY=[@ANYBLOB="6b0ee0b3d41b1b", @ANYRES8=r0, @ANYRESDEC])
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
executing program 3:
socket(0x2, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
io_setup(0x202, &(0x7f0000000200))
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x2, 0xc, 0x1400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r1, 0x0, 0x0}, 0x10)
executing program 5:
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x900f, 0x100, 0x4, 0x162}, &(0x7f0000000400)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x0, 0x8, 0x1})
io_uring_enter(r2, 0x3517, 0x173d, 0x42, 0x0, 0x0)
executing program 6:
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010"], 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r0)
executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="09000000070000000000010003"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r1, {0xfff1}, {0xfff1}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x400, 0xfffffffe, 0x272}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd, 0x6, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x109801, 0x0)
ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0)
executing program 4:
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsetxattr$security_evm(r2, &(0x7f00000000c0), &(0x7f0000000240)=ANY=[@ANYBLOB="03"], 0x9, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
open(&(0x7f0000000000)='./file0/file1\x00', 0x101002, 0x17d)
executing program 4:
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257035bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000006000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf528666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebdb638d91dbef661935839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dc7718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0xff12}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000140)="e0b95bec00c600000000001b0000", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003296fb608229084d488ff0102030109023300010484008109041e800056a7f602"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x155555555555563e})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f00000002c0)=[{0x8, 0x4e01, 0x7e, &(0x7f00000001c0)="70bad6d6134eb9c3fea3e1fdacfdddded02438edb6917ed837d79450af8618ef9949a85f1ef0e9ef94b3b9f6031edb897532fb8233e274df8bf706ad240402a166ec5c8045659c0377fce1d2f8daee9876a77928c19abfc9c93f1855b69870e8bfad51661c612c79b600ffea6e05b54ebb00153fc447b5403d43d145e1b5"}], 0x1})
executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf32(r1, &(0x7f0000001140)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x0, 0x9b, 0x4, 0xffffffff7fffffff, 0x2, 0x3, 0x8, 0x2a, 0x38, 0x329, 0xb, 0x0, 0x20, 0x1, 0x9, 0xefe9}, [{0x2, 0x8, 0x6, 0x6, 0x8000, 0xe, 0x400, 0xb}], "7aa5bb5e2d9cd61ef3abd9b8251dc56244b043c2062c8297c2310d6b42c700c08a2ad4a0b373ac9e4d74d6ba1b716d0442e34cb3ffb3d313e14e7917ea9645e2791aa53757ca"}, 0x9e)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0xa4, r2, 0x38, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x2b}, @val={0x8}, @val={0xc, 0x99, {0x3, 0x65}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x6a, 0xc5, "8a5a05b6c599e3be61d663961ce663d05e27bcd06f2cc92802753aeebeef1b7a3c5eb170b8f19b5334b867112fdf153ac4c3fa4517add6fe8552258b80d651dbb19415dd3082fb09578eb7e4e6d571bb1e82653f98ac0a7712bf7a66fd82296912d291d46b73"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20040000}, 0x800)
executing program 2:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
capset(&(0x7f0000000100)={0x20071026}, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
move_mount(r1, &(0x7f00000000c0)='./mnt\x00', r1, &(0x7f0000000080)='./mnt\x00', 0x172)
executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x9)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000180)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001b000))
ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"})
ioctl$SIOCSIFHWADDR(r3, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @remote})
executing program 5:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69577000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x2)
executing program 6:
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
move_mount(0xffffffffffffffff, &(0x7f00000000c0)='./mnt\x00', 0xffffffffffffffff, &(0x7f0000000080)='./mnt\x00', 0x172)
executing program 2:
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050000015"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
executing program 6:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
vmsplice(r1, &(0x7f0000e79000)=[{0x0}], 0x1, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000000000f7)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, 0x0, 0x2c)
read$watch_queue(0xffffffffffffffff, 0x0, 0x0)
getpid()
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x14b, &(0x7f0000000580)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @local, @val={@val={0x88a8, 0x1, 0x1, 0x3}, {0x8100, 0x6, 0x0, 0x4}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x4, 0x135, 0x64, 0x0, 0x8, 0x2f, 0x0, @broadcast, @broadcast}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x1f, 0x3, [0x1], "52c596da2c84a872529b487aa5d1a534bfceb828c4b8e90b7e4f6d0868fd1b"}, {}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "3cff09485ec97f84070e96fc75a5de2d664c401e2e4a459d938b8a54cf3ecf62bf3a414288202c86d160803b1bc30a0171681d1eb431338cedbb5e0303e9ae7ae3e066d2b8152cd26bfadfdbeadaca39a4b686b8657054d57938d8356844562674dd9cee208c6a04193b168283821edfc0faa91fcc1e9aba898c85667bc4bc8a4fac1ea1db875c9b87288d23c89edeaaf9959687e5f82faa36b21b7156f85c97c6c0dd0e"}, {0x8, 0x88be, 0x4, {{0xe, 0x1, 0x6, 0x2, 0x0, 0x0, 0x2, 0x6}}}, {0x8, 0x22eb, 0x3, {{0x5, 0x2, 0x0, 0x0, 0x0, 0x2, 0x5, 0x6}, 0x2, {0x50, 0x1ff, 0x1, 0x1, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x1, "71297a94e22aa086083a67fce1989344b1e9339bcbaa0d57"}}}}}}, 0x0)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x280)
fsopen(0x0, 0x0)
executing program 2:
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
socket(0x10, 0x3, 0x0)
setresgid(0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x169080, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x20000023896)
ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000280)={0xad2f, 0x5, 0x5, 0x8b, 0x7, "7f4ec452f80d501f"})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
executing program 3:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$bt_sco(r0, &(0x7f0000000040), 0x8)
listen(r0, 0x1)
accept4(r0, 0x0, 0x0, 0x80800)
executing program 1:
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/189, 0xbd}], 0x1}, 0x2122)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f0000000000)="b0")
executing program 5:
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200000000100905"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]})
close_range(r1, 0xffffffffffffffff, 0x0)

program crashed: memory leak in xas_create
bisect: bisecting 42 programs
bisect: split chunks (needed=false): <42>
bisect: split chunk #0 of len 42 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=1m47s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [14, 28, 7, 5, 13, 4, 10, 12, 3, 13, 10, 3, 13, 6, 3, 9, 18, 11, 15, 9, 8, 18, 5, 21, 11, 11, 7, 5]
detailed listing:
executing program 2:
syz_usb_connect(0x2, 0x2d, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}], 0x4})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x200000000000, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x200})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 5:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8982, &(0x7f0000000480)={0x7, 'pimreg1\x00', {0x7}, 0x8})
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x10000000)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r4, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@dstopts={{0x18}}], 0x18}, 0xc4)
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r5, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1d, 0x1b, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000030000000000000009000000b7080000000000007b8af8ff00000000b7080000080000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB="0000000000000000b70500182a000200000555000000000000000000", @ANYRES32=0x1, @ANYBLOB="00000000080000005047100010000000007701000000000085200000010000004bb90001fcffffff18110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000085200000010000009500000000000000"], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7fff}, 0x10, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000280)=[{0x5, 0x2, 0x8, 0xa}, {0x1, 0x2, 0x0, 0xc}], 0x10, 0x1}, 0x94)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x10000003, 0x0, 0x81, 0x1ff, 0x1}, 0x1c)
recvmmsg(r6, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000500)}, 0x10}], 0x1, 0x2000, 0x0)
recvmmsg$unix(r6, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r6, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="956a3456", 0x4}], 0x1, &(0x7f00000009c0)=ANY=[@ANYBLOB="d8000000000000000f01000047000000989757ac1b87091f22d6da63611423cb97737e8214a0eea85eda5eb87c161847e35004a35f4a0451c512ae9f19db439b4eff0f2462442ebc77309611314d6ce1a94a6ab1854301b3e151aa4cd40fc514bb121dac596d45bdad4beb223477f66d6450ca695e8c9e97368d051965ab5585f659a9520b971e5d47c6898b0aeb0b03b4b8adc82e4eed07c387024db0131165e25326fd8bbfa9cfd65054c7daa6d793d58fc010391ba1c1e6b993a455d6bf7f1f76edef3c325c6a32d3937d81e62e551e7d1d5934629a532d0000000000004800006e690000000000000003000000f71683e7b16f08dc3d4f68e78375f8466ef1c527ec568d2206cd08278cf688e55104081ba271792842a7f001419cd8ffbd7f354f2a6c00000f00000000000000110100000f0000008ba75eef003ea8bbca331b8c9c7d4075375ed4be7daff79007c2ee938def1fedd53ed6f18e49ea9959e77cff43c9436aa1a4c824d7a0eaccd3779c18c049a61e48e982a1d4e17251de4bc0d74d9082e17925650c76436180613143982b595c2519a65b80c35076608f71857d06cf876f8509e860f9fc258449ac8c1a0ea1202a142d19e3141c1f52fd62f64799d21ad28fbf31b970d74bcacbf2c875645600001000000000000000020100000500000068b4afd7a129a61568c02de53140d46e5c8bcf1ffec57e6e8e0c676bc72791f9c8f815d04897c40343138cc22f491f49f0f6866ef8b29ab600000000beed8ee6e99cffe558700a7a1fb584112dd138bc77e766a4952404de8b7b69434ebd0624dece30eb4a6416489ae95180e0e081da4df0687c7000219b3bafa4a5ac1199e48e8ae35029bf0ba251a86f756dfcf76023239a7bb15584341c20abca0bd308f7845b2d73f12b56d784bf26632bc80e6b8d60f02e17121d0964452c87174c6c7ca5920cc3c03957193fcefa44a48b97582b229c3f7897dbab3b9127f3341bc644bb090bce59e75404e565133df8d8cf14fe846ced39894a07d6d5b6dc392f4e6b2f7fb3c59f52834537ba5583000000000000000000000000004940396edaaaee728474"], 0x1e0}, 0x8080)
sendmmsg(r3, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
r7 = socket$kcm(0x2, 0x200000000000001, 0x0)
setsockopt$sock_attach_bpf(r7, 0x1, 0x50, &(0x7f0000000040), 0x4)
executing program 0:
openat$sndseq(0xffffffffffffff9c, &(0x7f00000193c0), 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x700, 0x20, 0x341, 0x0, {{0xf, 0x4, 0x1, 0x8, 0x3c, 0x6b, 0x0, 0xa, 0x29, 0x0, @multicast1, @dev={0xac, 0x14, 0x14, 0x42}, {[@generic={0x94, 0xc, "74141141c1e93e03fc23"}, @cipso={0x86, 0x1c, 0x0, [{0x1, 0x11, "727c983251ed15de07ec8a9ae94d31"}, {0x6, 0x3, "ee"}, {0x2, 0x2}]}]}}}}})
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb1000000080089", 0x17, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)
executing program 0:
r0 = syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000000020d0000052406000105240000000d240f01fffffffffeff00000206241a00000009058103000200000d0904010000020d00000904010102020d000009"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
fallocate(0xffffffffffffffff, 0x3, 0x2, 0x8000c62)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$sock(r2, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
recvfrom(r3, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0)
executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f5000905820200"], 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xa8, &(0x7f0000000080)=ANY=[@ANYBLOB="6b0ee0b3d41b1b", @ANYRES8=r0, @ANYRESDEC])
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
executing program 3:
socket(0x2, 0x2, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
io_setup(0x202, &(0x7f0000000200))
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x2, 0xc, 0x1400, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={r1, 0x0, 0x0}, 0x10)
executing program 5:
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x900f, 0x100, 0x4, 0x162}, &(0x7f0000000400)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x0, 0x8, 0x1})
io_uring_enter(r2, 0x3517, 0x173d, 0x42, 0x0, 0x0)
executing program 6:
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010"], 0x0)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r0)
executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="09000000070000000000010003"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r5}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r3}, 0x10)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r1, {0xfff1}, {0xfff1}, {0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x400, 0xfffffffe, 0x272}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd, 0x6, 0x0, 0x0, 0x2, 0x1})
io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0)
executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x109801, 0x0)
ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0)
executing program 4:
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x1}, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsetxattr$security_evm(r2, &(0x7f00000000c0), &(0x7f0000000240)=ANY=[@ANYBLOB="03"], 0x9, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
open(&(0x7f0000000000)='./file0/file1\x00', 0x101002, 0x17d)
executing program 4:
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257035bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000006000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf528666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebdb638d91dbef661935839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dc7718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0xff12}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000140)="e0b95bec00c600000000001b0000", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003296fb608229084d488ff0102030109023300010484008109041e800056a7f602"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x155555555555563e})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f00000002c0)=[{0x8, 0x4e01, 0x7e, &(0x7f00000001c0)="70bad6d6134eb9c3fea3e1fdacfdddded02438edb6917ed837d79450af8618ef9949a85f1ef0e9ef94b3b9f6031edb897532fb8233e274df8bf706ad240402a166ec5c8045659c0377fce1d2f8daee9876a77928c19abfc9c93f1855b69870e8bfad51661c612c79b600ffea6e05b54ebb00153fc447b5403d43d145e1b5"}], 0x1})
executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf32(r1, &(0x7f0000001140)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x0, 0x9b, 0x4, 0xffffffff7fffffff, 0x2, 0x3, 0x8, 0x2a, 0x38, 0x329, 0xb, 0x0, 0x20, 0x1, 0x9, 0xefe9}, [{0x2, 0x8, 0x6, 0x6, 0x8000, 0xe, 0x400, 0xb}], "7aa5bb5e2d9cd61ef3abd9b8251dc56244b043c2062c8297c2310d6b42c700c08a2ad4a0b373ac9e4d74d6ba1b716d0442e34cb3ffb3d313e14e7917ea9645e2791aa53757ca"}, 0x9e)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0xa4, r2, 0x38, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x2b}, @val={0x8}, @val={0xc, 0x99, {0x3, 0x65}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x6a, 0xc5, "8a5a05b6c599e3be61d663961ce663d05e27bcd06f2cc92802753aeebeef1b7a3c5eb170b8f19b5334b867112fdf153ac4c3fa4517add6fe8552258b80d651dbb19415dd3082fb09578eb7e4e6d571bb1e82653f98ac0a7712bf7a66fd82296912d291d46b73"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20040000}, 0x800)
executing program 2:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
capset(&(0x7f0000000100)={0x20071026}, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
move_mount(r1, &(0x7f00000000c0)='./mnt\x00', r1, &(0x7f0000000080)='./mnt\x00', 0x172)
executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x9)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000180)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001b000))
ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"})
ioctl$SIOCSIFHWADDR(r3, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @remote})
executing program 5:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69577000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x2)
executing program 6:
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
move_mount(0xffffffffffffffff, &(0x7f00000000c0)='./mnt\x00', 0xffffffffffffffff, &(0x7f0000000080)='./mnt\x00', 0x172)
executing program 2:
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050000015"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
executing program 6:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
vmsplice(r1, &(0x7f0000e79000)=[{0x0}], 0x1, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000000000f7)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, 0x0, 0x2c)
read$watch_queue(0xffffffffffffffff, 0x0, 0x0)
getpid()
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x14b, &(0x7f0000000580)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @local, @val={@val={0x88a8, 0x1, 0x1, 0x3}, {0x8100, 0x6, 0x0, 0x4}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x4, 0x135, 0x64, 0x0, 0x8, 0x2f, 0x0, @broadcast, @broadcast}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x1f, 0x3, [0x1], "52c596da2c84a872529b487aa5d1a534bfceb828c4b8e90b7e4f6d0868fd1b"}, {}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "3cff09485ec97f84070e96fc75a5de2d664c401e2e4a459d938b8a54cf3ecf62bf3a414288202c86d160803b1bc30a0171681d1eb431338cedbb5e0303e9ae7ae3e066d2b8152cd26bfadfdbeadaca39a4b686b8657054d57938d8356844562674dd9cee208c6a04193b168283821edfc0faa91fcc1e9aba898c85667bc4bc8a4fac1ea1db875c9b87288d23c89edeaaf9959687e5f82faa36b21b7156f85c97c6c0dd0e"}, {0x8, 0x88be, 0x4, {{0xe, 0x1, 0x6, 0x2, 0x0, 0x0, 0x2, 0x6}}}, {0x8, 0x22eb, 0x3, {{0x5, 0x2, 0x0, 0x0, 0x0, 0x2, 0x5, 0x6}, 0x2, {0x50, 0x1ff, 0x1, 0x1, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x1, "71297a94e22aa086083a67fce1989344b1e9339bcbaa0d57"}}}}}}, 0x0)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x280)
fsopen(0x0, 0x0)
executing program 2:
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
socket(0x10, 0x3, 0x0)
setresgid(0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x169080, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x20000023896)
ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000280)={0xad2f, 0x5, 0x5, 0x8b, 0x7, "7f4ec452f80d501f"})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
executing program 3:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$bt_sco(r0, &(0x7f0000000040), 0x8)
listen(r0, 0x1)
accept4(r0, 0x0, 0x0, 0x80800)
executing program 1:
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/189, 0xbd}], 0x1}, 0x2122)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f0000000000)="b0")
executing program 5:
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200000000100905"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]})
close_range(r1, 0xffffffffffffffff, 0x0)

program crashed: memory leak in xas_create
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=1m43s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 9, 18, 11, 15, 9, 8, 18, 5, 21, 11, 11, 7, 5]
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003296fb608229084d488ff0102030109023300010484008109041e800056a7f602"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x155555555555563e})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f00000002c0)=[{0x8, 0x4e01, 0x7e, &(0x7f00000001c0)="70bad6d6134eb9c3fea3e1fdacfdddded02438edb6917ed837d79450af8618ef9949a85f1ef0e9ef94b3b9f6031edb897532fb8233e274df8bf706ad240402a166ec5c8045659c0377fce1d2f8daee9876a77928c19abfc9c93f1855b69870e8bfad51661c612c79b600ffea6e05b54ebb00153fc447b5403d43d145e1b5"}], 0x1})
executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf32(r1, &(0x7f0000001140)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x0, 0x9b, 0x4, 0xffffffff7fffffff, 0x2, 0x3, 0x8, 0x2a, 0x38, 0x329, 0xb, 0x0, 0x20, 0x1, 0x9, 0xefe9}, [{0x2, 0x8, 0x6, 0x6, 0x8000, 0xe, 0x400, 0xb}], "7aa5bb5e2d9cd61ef3abd9b8251dc56244b043c2062c8297c2310d6b42c700c08a2ad4a0b373ac9e4d74d6ba1b716d0442e34cb3ffb3d313e14e7917ea9645e2791aa53757ca"}, 0x9e)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0xa4, r2, 0x38, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x2b}, @val={0x8}, @val={0xc, 0x99, {0x3, 0x65}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x6a, 0xc5, "8a5a05b6c599e3be61d663961ce663d05e27bcd06f2cc92802753aeebeef1b7a3c5eb170b8f19b5334b867112fdf153ac4c3fa4517add6fe8552258b80d651dbb19415dd3082fb09578eb7e4e6d571bb1e82653f98ac0a7712bf7a66fd82296912d291d46b73"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20040000}, 0x800)
executing program 2:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
capset(&(0x7f0000000100)={0x20071026}, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
move_mount(r1, &(0x7f00000000c0)='./mnt\x00', r1, &(0x7f0000000080)='./mnt\x00', 0x172)
executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x9)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000180)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001b000))
ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"})
ioctl$SIOCSIFHWADDR(r3, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @remote})
executing program 5:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69577000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x2)
executing program 6:
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)
executing program 4:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
move_mount(0xffffffffffffffff, &(0x7f00000000c0)='./mnt\x00', 0xffffffffffffffff, &(0x7f0000000080)='./mnt\x00', 0x172)
executing program 2:
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050000015"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
executing program 6:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
vmsplice(r1, &(0x7f0000e79000)=[{0x0}], 0x1, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000000000f7)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, 0x0, 0x2c)
read$watch_queue(0xffffffffffffffff, 0x0, 0x0)
getpid()
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x14b, &(0x7f0000000580)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @local, @val={@val={0x88a8, 0x1, 0x1, 0x3}, {0x8100, 0x6, 0x0, 0x4}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x4, 0x135, 0x64, 0x0, 0x8, 0x2f, 0x0, @broadcast, @broadcast}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x1f, 0x3, [0x1], "52c596da2c84a872529b487aa5d1a534bfceb828c4b8e90b7e4f6d0868fd1b"}, {}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "3cff09485ec97f84070e96fc75a5de2d664c401e2e4a459d938b8a54cf3ecf62bf3a414288202c86d160803b1bc30a0171681d1eb431338cedbb5e0303e9ae7ae3e066d2b8152cd26bfadfdbeadaca39a4b686b8657054d57938d8356844562674dd9cee208c6a04193b168283821edfc0faa91fcc1e9aba898c85667bc4bc8a4fac1ea1db875c9b87288d23c89edeaaf9959687e5f82faa36b21b7156f85c97c6c0dd0e"}, {0x8, 0x88be, 0x4, {{0xe, 0x1, 0x6, 0x2, 0x0, 0x0, 0x2, 0x6}}}, {0x8, 0x22eb, 0x3, {{0x5, 0x2, 0x0, 0x0, 0x0, 0x2, 0x5, 0x6}, 0x2, {0x50, 0x1ff, 0x1, 0x1, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x1, "71297a94e22aa086083a67fce1989344b1e9339bcbaa0d57"}}}}}}, 0x0)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x280)
fsopen(0x0, 0x0)
executing program 2:
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
socket(0x10, 0x3, 0x0)
setresgid(0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x169080, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x20000023896)
ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000280)={0xad2f, 0x5, 0x5, 0x8b, 0x7, "7f4ec452f80d501f"})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
executing program 3:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$bt_sco(r0, &(0x7f0000000040), 0x8)
listen(r0, 0x1)
accept4(r0, 0x0, 0x0, 0x80800)
executing program 1:
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/189, 0xbd}], 0x1}, 0x2122)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f0000000000)="b0")
executing program 5:
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200000000100905"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]})
close_range(r1, 0xffffffffffffffff, 0x0)

program crashed: memory leak in xas_create
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
bisect: split chunks (needed=true): <14>
bisect: split chunk #0 of len 14 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 5, 21, 11, 11, 7, 5]
detailed listing:
executing program 4:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r3 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x5, 0x1, 0x8000000004007, 0xac, 0x3, 0x4, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
move_mount(0xffffffffffffffff, &(0x7f00000000c0)='./mnt\x00', 0xffffffffffffffff, &(0x7f0000000080)='./mnt\x00', 0x172)
executing program 2:
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d0000000080211000001080211000000505050505050000015"], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10)
executing program 6:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
vmsplice(r1, &(0x7f0000e79000)=[{0x0}], 0x1, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x100000000000f7)
write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, 0x0, 0x2c)
read$watch_queue(0xffffffffffffffff, 0x0, 0x0)
getpid()
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_emit_ethernet(0x14b, &(0x7f0000000580)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @local, @val={@val={0x88a8, 0x1, 0x1, 0x3}, {0x8100, 0x6, 0x0, 0x4}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x4, 0x135, 0x64, 0x0, 0x8, 0x2f, 0x0, @broadcast, @broadcast}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x880b, 0x1f, 0x3, [0x1], "52c596da2c84a872529b487aa5d1a534bfceb828c4b8e90b7e4f6d0868fd1b"}, {}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [], "3cff09485ec97f84070e96fc75a5de2d664c401e2e4a459d938b8a54cf3ecf62bf3a414288202c86d160803b1bc30a0171681d1eb431338cedbb5e0303e9ae7ae3e066d2b8152cd26bfadfdbeadaca39a4b686b8657054d57938d8356844562674dd9cee208c6a04193b168283821edfc0faa91fcc1e9aba898c85667bc4bc8a4fac1ea1db875c9b87288d23c89edeaaf9959687e5f82faa36b21b7156f85c97c6c0dd0e"}, {0x8, 0x88be, 0x4, {{0xe, 0x1, 0x6, 0x2, 0x0, 0x0, 0x2, 0x6}}}, {0x8, 0x22eb, 0x3, {{0x5, 0x2, 0x0, 0x0, 0x0, 0x2, 0x5, 0x6}, 0x2, {0x50, 0x1ff, 0x1, 0x1, 0x0, 0x0, 0x1}}}, {0x8, 0x6558, 0x1, "71297a94e22aa086083a67fce1989344b1e9339bcbaa0d57"}}}}}}, 0x0)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x280)
fsopen(0x0, 0x0)
executing program 2:
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
socket(0x10, 0x3, 0x0)
setresgid(0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x169080, 0x0)
ioctl$TCSBRKP(r1, 0x5425, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0)
sendfile(r2, r3, 0x0, 0x20000023896)
ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000280)={0xad2f, 0x5, 0x5, 0x8b, 0x7, "7f4ec452f80d501f"})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])
executing program 3:
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$bt_sco(r0, &(0x7f0000000040), 0x8)
listen(r0, 0x1)
accept4(r0, 0x0, 0x0, 0x80800)
executing program 1:
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="1400000016000b63d25a80648c2594f90b24fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000100)=""/189, 0xbd}], 0x1}, 0x2122)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r1, 0x81, 0x1, &(0x7f0000000000)="b0")
executing program 5:
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200000000100905"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ff9}]})
close_range(r1, 0xffffffffffffffff, 0x0)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 9, 18, 11, 15, 9, 8]
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003296fb608229084d488ff0102030109023300010484008109041e800056a7f602"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x155555555555563e})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f00000002c0)=[{0x8, 0x4e01, 0x7e, &(0x7f00000001c0)="70bad6d6134eb9c3fea3e1fdacfdddded02438edb6917ed837d79450af8618ef9949a85f1ef0e9ef94b3b9f6031edb897532fb8233e274df8bf706ad240402a166ec5c8045659c0377fce1d2f8daee9876a77928c19abfc9c93f1855b69870e8bfad51661c612c79b600ffea6e05b54ebb00153fc447b5403d43d145e1b5"}], 0x1})
executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf32(r1, &(0x7f0000001140)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x0, 0x9b, 0x4, 0xffffffff7fffffff, 0x2, 0x3, 0x8, 0x2a, 0x38, 0x329, 0xb, 0x0, 0x20, 0x1, 0x9, 0xefe9}, [{0x2, 0x8, 0x6, 0x6, 0x8000, 0xe, 0x400, 0xb}], "7aa5bb5e2d9cd61ef3abd9b8251dc56244b043c2062c8297c2310d6b42c700c08a2ad4a0b373ac9e4d74d6ba1b716d0442e34cb3ffb3d313e14e7917ea9645e2791aa53757ca"}, 0x9e)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0xa4, r2, 0x38, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x2b}, @val={0x8}, @val={0xc, 0x99, {0x3, 0x65}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x6a, 0xc5, "8a5a05b6c599e3be61d663961ce663d05e27bcd06f2cc92802753aeebeef1b7a3c5eb170b8f19b5334b867112fdf153ac4c3fa4517add6fe8552258b80d651dbb19415dd3082fb09578eb7e4e6d571bb1e82653f98ac0a7712bf7a66fd82296912d291d46b73"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20040000}, 0x800)
executing program 2:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
capset(&(0x7f0000000100)={0x20071026}, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
move_mount(r1, &(0x7f00000000c0)='./mnt\x00', r1, &(0x7f0000000080)='./mnt\x00', 0x172)
executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x9)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000180)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001b000))
ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"})
ioctl$SIOCSIFHWADDR(r3, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @remote})
executing program 5:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69577000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x2)
executing program 6:
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)

program crashed: memory leak in xas_create
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <7>
bisect: split chunk #0 of len 7 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 9, 8]
detailed listing:
executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000080)=0x9)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000180)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0)
close(r3)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001b000))
ioctl$SIOCSIFHWADDR(r3, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100008dffff"})
ioctl$SIOCSIFHWADDR(r3, 0x8b15, &(0x7f0000000000)={'wlan1\x00', @remote})
executing program 5:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69577000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0, 0x2)
executing program 6:
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 9, 18, 11]
detailed listing:
executing program 0:
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003296fb608229084d488ff0102030109023300010484008109041e800056a7f602"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x155555555555563e})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f00000002c0)=[{0x8, 0x4e01, 0x7e, &(0x7f00000001c0)="70bad6d6134eb9c3fea3e1fdacfdddded02438edb6917ed837d79450af8618ef9949a85f1ef0e9ef94b3b9f6031edb897532fb8233e274df8bf706ad240402a166ec5c8045659c0377fce1d2f8daee9876a77928c19abfc9c93f1855b69870e8bfad51661c612c79b600ffea6e05b54ebb00153fc447b5403d43d145e1b5"}], 0x1})
executing program 1:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
write$binfmt_elf32(r1, &(0x7f0000001140)={{0x7f, 0x45, 0x4c, 0x46, 0x40, 0x0, 0x9b, 0x4, 0xffffffff7fffffff, 0x2, 0x3, 0x8, 0x2a, 0x38, 0x329, 0xb, 0x0, 0x20, 0x1, 0x9, 0xefe9}, [{0x2, 0x8, 0x6, 0x6, 0x8000, 0xe, 0x400, 0xb}], "7aa5bb5e2d9cd61ef3abd9b8251dc56244b043c2062c8297c2310d6b42c700c08a2ad4a0b373ac9e4d74d6ba1b716d0442e34cb3ffb3d313e14e7917ea9645e2791aa53757ca"}, 0x9e)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0xa4, r2, 0x38, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x2b}, @val={0x8}, @val={0xc, 0x99, {0x3, 0x65}}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x9}, @NL80211_ATTR_VENDOR_DATA={0x6a, 0xc5, "8a5a05b6c599e3be61d663961ce663d05e27bcd06f2cc92802753aeebeef1b7a3c5eb170b8f19b5334b867112fdf153ac4c3fa4517add6fe8552258b80d651dbb19415dd3082fb09578eb7e4e6d571bb1e82653f98ac0a7712bf7a66fd82296912d291d46b73"}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20040000}, 0x800)
executing program 2:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
capset(&(0x7f0000000100)={0x20071026}, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
move_mount(r1, &(0x7f00000000c0)='./mnt\x00', r1, &(0x7f0000000080)='./mnt\x00', 0x172)

program crashed: memory leak in xas_create
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [18, 11]
detailed listing:
executing program 2:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
capset(&(0x7f0000000100)={0x20071026}, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
move_mount(r1, &(0x7f00000000c0)='./mnt\x00', r1, &(0x7f0000000080)='./mnt\x00', 0x172)

program crashed: memory leak in xas_create
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-sched_setscheduler-mmap-socketpair$unix-connect$unix-recvmmsg-mkdir-capset-syz_open_procfs-move_mount
detailed listing:
executing program 3:
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
capset(&(0x7f0000000100)={0x20071026}, 0x0)
r1 = syz_open_procfs(0x0, 0x0)
move_mount(r1, &(0x7f00000000c0)='./mnt\x00', r1, &(0x7f0000000080)='./mnt\x00', 0x172)

program did not crash
bisect: testing without sub-chunk 2/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-sendmsg$nl_route-mmap-madvise-madvise-syz_open_dev$sndpcmp-fcntl$dupfd
detailed listing:
executing program 2:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

program crashed: memory leak in xas_create
bisect: the chunk can be dropped
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 1 programs left: 

executing program 2:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)


bisect: trying to concatenate
bisect: concatenate 1 entries
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-sendmsg$nl_route-mmap-madvise-madvise-syz_open_dev$sndpcmp-fcntl$dupfd
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

program crashed: memory leak in xas_create
bisect: concatenation succeeded
found reproducer with 18 syscalls
minimizing guilty program
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-sendmsg$nl_route-mmap-madvise-madvise-syz_open_dev$sndpcmp
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
syz_open_dev$sndpcmp(&(0x7f0000000300), 0x0, 0x28002)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-sendmsg$nl_route-mmap-madvise-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-sendmsg$nl_route-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-sendmsg$nl_route-mmap
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-sendmsg$nl_route-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYRES16=r2, @ANYBLOB="080001000300000000"], 0x2c}, 0x1, 0x0, 0x0, 0x2c048010}, 0x20000000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program did not crash
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-recvmmsg-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-connect$unix-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x3}, 0x6e)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-socketpair$unix-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-sched_setscheduler-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-prlimit64-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-sendmsg$NFT_BATCH-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-prctl$PR_SET_SECCOMP-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x0, 0x0})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-connect$pppl2tp-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-socket$inet6_udp-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-socket$pppl2tp-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_genetlink_get_family_id$tipc-mmap-madvise
detailed listing:
executing program 0:
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
extracting C reproducer
testing compiled C program (duration=1m34.091912394s, {Threaded:true Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
program crashed: memory leak in xas_create
simplifying C reproducer
testing compiled C program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:7 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
program crashed: memory leak in xas_create
testing compiled C program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:true NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
program crashed: memory leak in xas_create
testing compiled C program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
program crashed: memory leak in xas_create
testing compiled C program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
program crashed: memory leak in xas_create
testing compiled C program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
program crashed: memory leak in xas_create
testing compiled C program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
program crashed: memory leak in xas_create
testing compiled C program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
program crashed: memory leak in xas_create
testing program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
validation run: crashed=true
testing program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
validation run: crashed=true
testing program (duration=1m34.091912394s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:true NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mmap-madvise
detailed listing:
executing program 0:
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

program crashed: memory leak in xas_create
validation run: crashed=true
reproducing took 56m41.19086559s
repro crashed as (corrupted=false):
2025/11/22 08:34:49 executed programs: 5
BUG: memory leak
unreferenced object 0xffff88811e1216d0 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    06 1b 08 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    38 51 ab 25 81 88 ff ff e8 16 12 1e 81 88 ff ff  8Q.%............
  backtrace (crc 20c662ca):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88811e121da8 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    00 07 00 00 00 00 00 00 d0 16 12 1e 81 88 ff ff  ................
    38 51 ab 25 81 88 ff ff c0 1d 12 1e 81 88 ff ff  8Q.%............
  backtrace (crc 4bbb86b3):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88810cb0f6d0 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    00 06 00 00 00 00 00 00 d0 16 12 1e 81 88 ff ff  ................
    38 51 ab 25 81 88 ff ff e8 f6 b0 0c 81 88 ff ff  8Q.%............
  backtrace (crc 1176bc30):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88810cb0f918 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    00 05 00 00 00 00 00 00 d0 16 12 1e 81 88 ff ff  ................
    38 51 ab 25 81 88 ff ff 30 f9 b0 0c 81 88 ff ff  8Q.%....0.......
  backtrace (crc 3d6f8596):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88811e168ff8 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    00 04 00 00 00 00 00 00 d0 16 12 1e 81 88 ff ff  ................
    38 51 ab 25 81 88 ff ff 10 90 16 1e 81 88 ff ff  8Q.%............
  backtrace (crc 9bf5ad85):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF

final repro crashed as (corrupted=false):
2025/11/22 08:34:49 executed programs: 5
BUG: memory leak
unreferenced object 0xffff88811e1216d0 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    06 1b 08 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
    38 51 ab 25 81 88 ff ff e8 16 12 1e 81 88 ff ff  8Q.%............
  backtrace (crc 20c662ca):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88811e121da8 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    00 07 00 00 00 00 00 00 d0 16 12 1e 81 88 ff ff  ................
    38 51 ab 25 81 88 ff ff c0 1d 12 1e 81 88 ff ff  8Q.%............
  backtrace (crc 4bbb86b3):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88810cb0f6d0 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    00 06 00 00 00 00 00 00 d0 16 12 1e 81 88 ff ff  ................
    38 51 ab 25 81 88 ff ff e8 f6 b0 0c 81 88 ff ff  8Q.%............
  backtrace (crc 1176bc30):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88810cb0f918 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    00 05 00 00 00 00 00 00 d0 16 12 1e 81 88 ff ff  ................
    38 51 ab 25 81 88 ff ff 30 f9 b0 0c 81 88 ff ff  8Q.%....0.......
  backtrace (crc 3d6f8596):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

BUG: memory leak
unreferenced object 0xffff88811e168ff8 (size 576):
  comm "syz.0.17", pid 6100, jiffies 4294942810
  hex dump (first 32 bytes):
    00 04 00 00 00 00 00 00 d0 16 12 1e 81 88 ff ff  ................
    38 51 ab 25 81 88 ff ff 10 90 16 1e 81 88 ff ff  8Q.%............
  backtrace (crc 9bf5ad85):
    kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]
    slab_post_alloc_hook mm/slub.c:4983 [inline]
    slab_alloc_node mm/slub.c:5288 [inline]
    kmem_cache_alloc_lru_noprof+0x3a4/0x5d0 mm/slub.c:5307
    xas_alloc+0xf6/0x120 lib/xarray.c:378
    xas_create+0x48a/0x820 lib/xarray.c:685
    xas_create_range+0xb6/0x1b0 lib/xarray.c:725
    collapse_file+0x1e0/0x1ae0 mm/khugepaged.c:1874
    hpage_collapse_scan_file+0x617/0xb00 mm/khugepaged.c:2370
    madvise_collapse+0x2a7/0x690 mm/khugepaged.c:2795
    madvise_vma_behavior+0x886/0x1470 mm/madvise.c:1358
    madvise_walk_vmas+0x152/0x4d0 mm/madvise.c:1669
    madvise_do_behavior+0xc4/0x2e0 mm/madvise.c:1885
    do_madvise+0x118/0x1c0 mm/madvise.c:1978
    __do_sys_madvise mm/madvise.c:1987 [inline]
    __se_sys_madvise mm/madvise.c:1985 [inline]
    __x64_sys_madvise+0x2c/0x40 mm/madvise.c:1985
    do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
    do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94
    entry_SYSCALL_64_after_hwframe+0x77/0x7f

connection error: failed to recv *flatrpc.ExecutorMessageRawT: EOF