Extracting prog: 6m19.271946975s
Minimizing prog: 5m53.235320741s
Simplifying prog options: 6m16.137973898s
Extracting C: 4m22.538769788s
Simplifying C: 0s


extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-openat$fb1-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
r11 = openat$fb1(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r11, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-openat$fb1-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
r11 = openat$fb1(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r11, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: KASAN: slab-use-after-free Read in kernel_sock_shutdown
single: successfully extracted reproducer
found reproducer with 37 syscalls
minimizing guilty program
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-openat$fb1
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
openat$fb1(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: KASAN: slab-use-after-free Read in kernel_sock_shutdown
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

minimization failed with failed to copy syz-execprog to VM: scp failed: failed to run ["scp" "-P" "54866" "-F" "/dev/null" "-o" "UserKnownHostsFile=/dev/null" "-o" "IdentitiesOnly=yes" "-o" "BatchMode=yes" "-o" "StrictHostKeyChecking=no" "-o" "ConnectTimeout=10" "-v" "-O" "/syzkaller/syzkaller/current/bin/linux_amd64/syz-execprog" "root@localhost:/syz-execprog"]: exit status 1
extracting C reproducer
testing compiled C program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
testing compiled C program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
program did not crash
simplifying guilty program options
testing program (duration=1m58.050769315s, {Threaded:false Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program did not crash
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
validation run: crashed=false
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
validation run: crashed=false
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
validation run: crashed=false
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
validation run: crashed=false
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: general protection fault in kernel_sock_shutdown
validation run: crashed=true
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: KASAN: slab-use-after-free Read in kernel_sock_shutdown
validation run: crashed=true
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: lost connection to test machine
ignore low priority crash: lost connection to test machine
validation run: crashed=false
testing program (duration=1m58.050769315s, {Threaded:true Repeat:true RepeatTimes:0 Procs:6 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$kcm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION2-ioctl$KVM_SET_USER_MEMORY_REGION2-openat$kvm-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_syzos_vm$x86-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_NEWLINK-sendmsg$RDMA_NLDEV_CMD_NEWLINK-openat$rdma_cm-write$RDMA_USER_CM_CMD_CREATE_ID-write$RDMA_USER_CM_CMD_CREATE_ID-syz_usb_connect-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-write$RDMA_USER_CM_CMD_RESOLVE_ADDR-socket$nl_rdma-socket$nl_rdma-sendmsg$RDMA_NLDEV_CMD_DELLINK-sendmsg$RDMA_NLDEV_CMD_DELLINK-mmap$KVM_VCPU-ioctl$KVM_SET_USER_MEMORY_REGION-ioctl$KVM_SET_USER_MEMORY_REGION-sendmsg$inet-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-close-ioctl$FBIOPUT_VSCREENINFO
detailed listing:
executing program 0:
r0 = socket$kcm(0x2, 0x200000000000001, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000140)={0x3, 0x2, 0xfec00000, 0x1000, &(0x7f0000f40000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x2, 0x6000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000280)={0x5, 0x0, 0x4000, 0x2000, &(0x7f0000d6c000/0x2000)=nil, 0x7})
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x1, 0xcccc0000, 0x2000, &(0x7f0000c7d000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x13f, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r7, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r8, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0xfffc, @local}, @ib={0x1b, 0x0, 0x0, {}, 0xfffffffffffffffc, 0x1, 0x2}}}, 0x118)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b72164}, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x4, 0x0, 0x1000, &(0x7f0000c00000/0x1000)=nil})
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
close(0x3)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000500)={0x300, 0x1e0, 0x356, 0x480, 0x4, 0x2, 0x0, 0x2, {0x80000001, 0x2, 0x1}, {0x4, 0x7, 0x1}, {0x0, 0x7, 0x1}, {0xcb1, 0x0, 0x1}, 0x2, 0x1fc, 0x9, 0xffff0001, 0x0, 0xf1, 0x7ff, 0x7, 0xda, 0x2, 0x5, 0x6, 0xa, 0x100, 0x0, 0x4})

program crashed: general protection fault in kernel_sock_shutdown
validation run: crashed=true
reproducing took 37m39.083888675s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 0 UID: 0 PID: 5787 Comm: syz.1.18 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3785
Code: 51 f8 4d 8d 7e 20 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 a7 64 be f8 4d 8b 3f 49 83 c7 68 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 8a 64 be f8 4d 8b 1f 4c 89 f7 89
RSP: 0018:ffffc90004d4f0a8 EFLAGS: 00010202
RAX: 000000000000000d RBX: 0000000000000002 RCX: ffff888037228000
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff8880387c1840
RBP: 0000000000000002 R08: ffffffff9030ccf7 R09: 1ffffffff206199e
R10: dffffc0000000000 R11: fffffbfff206199f R12: dffffc0000000000
R13: dffffc0000000000 R14: ffff8880387c1840 R15: 0000000000000068
FS:  00007f2c008866c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f165b77b9a0 CR3: 000000004296a000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 udp_tunnel_sock_release+0x6f/0x80 net/ipv4/udp_tunnel_core.c:202
 rxe_release_udp_tunnel drivers/infiniband/sw/rxe/rxe_net.c:294 [inline]
 rxe_sock_put drivers/infiniband/sw/rxe/rxe_net.c:639 [inline]
 rxe_net_del+0x121/0x2e0 drivers/infiniband/sw/rxe/rxe_net.c:660
 rxe_dellink+0x15/0x20 drivers/infiniband/sw/rxe/rxe.c:254
 nldev_dellink+0x304/0x3d0 drivers/infiniband/core/nldev.c:1849
 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]
 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
 rdma_nl_rcv+0x6d1/0xa10 drivers/infiniband/core/netlink.c:259
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x75c/0x8e0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 ____sys_sendmsg+0x972/0x9f0 net/socket.c:2698
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
 __sys_sendmsg net/socket.c:2784 [inline]
 __do_sys_sendmsg net/socket.c:2789 [inline]
 __se_sys_sendmsg net/socket.c:2787 [inline]
 __x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2787
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2bff99cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2c00886028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f2bffc15fa0 RCX: 00007f2bff99cdd9
RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 000000000000000f
RBP: 00007f2bffa32d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2bffc16038 R14: 00007f2bffc15fa0 R15: 00007ffc60ee81a8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3785
Code: 51 f8 4d 8d 7e 20 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 a7 64 be f8 4d 8b 3f 49 83 c7 68 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 8a 64 be f8 4d 8b 1f 4c 89 f7 89
RSP: 0018:ffffc90004d4f0a8 EFLAGS: 00010202
----------------
Code disassembly (best guess):
   0:	51                   	push   %rcx
   1:	f8                   	clc
   2:	4d 8d 7e 20          	lea    0x20(%r14),%r15
   6:	4c 89 f8             	mov    %r15,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  12:	74 08                	je     0x1c
  14:	4c 89 ff             	mov    %r15,%rdi
  17:	e8 a7 64 be f8       	call   0xf8be64c3
  1c:	4d 8b 3f             	mov    (%r15),%r15
  1f:	49 83 c7 68          	add    $0x68,%r15
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 ff             	mov    %r15,%rdi
  34:	e8 8a 64 be f8       	call   0xf8be64c3
  39:	4d 8b 1f             	mov    (%r15),%r11
  3c:	4c 89 f7             	mov    %r14,%rdi
  3f:	89                   	.byte 0x89

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 0 UID: 0 PID: 5787 Comm: syz.1.18 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3785
Code: 51 f8 4d 8d 7e 20 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 a7 64 be f8 4d 8b 3f 49 83 c7 68 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 8a 64 be f8 4d 8b 1f 4c 89 f7 89
RSP: 0018:ffffc90004d4f0a8 EFLAGS: 00010202
RAX: 000000000000000d RBX: 0000000000000002 RCX: ffff888037228000
RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff8880387c1840
RBP: 0000000000000002 R08: ffffffff9030ccf7 R09: 1ffffffff206199e
R10: dffffc0000000000 R11: fffffbfff206199f R12: dffffc0000000000
R13: dffffc0000000000 R14: ffff8880387c1840 R15: 0000000000000068
FS:  00007f2c008866c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f165b77b9a0 CR3: 000000004296a000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 udp_tunnel_sock_release+0x6f/0x80 net/ipv4/udp_tunnel_core.c:202
 rxe_release_udp_tunnel drivers/infiniband/sw/rxe/rxe_net.c:294 [inline]
 rxe_sock_put drivers/infiniband/sw/rxe/rxe_net.c:639 [inline]
 rxe_net_del+0x121/0x2e0 drivers/infiniband/sw/rxe/rxe_net.c:660
 rxe_dellink+0x15/0x20 drivers/infiniband/sw/rxe/rxe.c:254
 nldev_dellink+0x304/0x3d0 drivers/infiniband/core/nldev.c:1849
 rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]
 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
 rdma_nl_rcv+0x6d1/0xa10 drivers/infiniband/core/netlink.c:259
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x75c/0x8e0 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x813/0xb40 net/netlink/af_netlink.c:1894
 sock_sendmsg_nosec net/socket.c:787 [inline]
 __sock_sendmsg net/socket.c:802 [inline]
 ____sys_sendmsg+0x972/0x9f0 net/socket.c:2698
 ___sys_sendmsg+0x2a5/0x360 net/socket.c:2752
 __sys_sendmsg net/socket.c:2784 [inline]
 __do_sys_sendmsg net/socket.c:2789 [inline]
 __se_sys_sendmsg net/socket.c:2787 [inline]
 __x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c:2787
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2bff99cdd9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2c00886028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f2bffc15fa0 RCX: 00007f2bff99cdd9
RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 000000000000000f
RBP: 00007f2bffa32d69 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f2bffc16038 R14: 00007f2bffc15fa0 R15: 00007ffc60ee81a8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3785
Code: 51 f8 4d 8d 7e 20 4c 89 f8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ff e8 a7 64 be f8 4d 8b 3f 49 83 c7 68 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 8a 64 be f8 4d 8b 1f 4c 89 f7 89
RSP: 0018:ffffc90004d4f0a8 EFLAGS: 00010202
----------------
Code disassembly (best guess):
   0:	51                   	push   %rcx
   1:	f8                   	clc
   2:	4d 8d 7e 20          	lea    0x20(%r14),%r15
   6:	4c 89 f8             	mov    %r15,%rax
   9:	48 c1 e8 03          	shr    $0x3,%rax
   d:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  12:	74 08                	je     0x1c
  14:	4c 89 ff             	mov    %r15,%rdi
  17:	e8 a7 64 be f8       	call   0xf8be64c3
  1c:	4d 8b 3f             	mov    (%r15),%r15
  1f:	49 83 c7 68          	add    $0x68,%r15
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	4c 89 ff             	mov    %r15,%rdi
  34:	e8 8a 64 be f8       	call   0xf8be64c3
  39:	4d 8b 1f             	mov    (%r15),%r11
  3c:	4c 89 f7             	mov    %r14,%rdi
  3f:	89                   	.byte 0x89