Extracting prog: 1h41m53.430437523s
Minimizing prog: 1h5m14.583812346s
Simplifying prog options: 0s
Extracting C: 1m26.369609434s
Simplifying C: 34m31.669078954s


extracting reproducer from 30 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_connect$cdc_ncm-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 13, 26, 9, 30, 6, 3, 7, 26, 21, 30, 30, 28, 38, 30, 9, 3, 2, 5, 5, 30, 4, 18, 8, 16, 8, 14, 20, 3, 30]
detailed listing:
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
r1 = getpid()
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f00000000c0)={0x0, 0x2, r0, 0x7})
getpid()
sched_setscheduler(r1, 0x7, &(0x7f0000000180)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x8000)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = inotify_init1(0x800)
ioctl$INOTIFY_IOC_SETNEXTWD(r4, 0x541b, 0xfffffffffffffffa)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000100075c0000000e0a01020000000000000000010000"], 0xec}}, 0x0)
unshare(0x6a040000)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6c3, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f028, 0x1})
executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000051000000000000000800a0018010000756c6c"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x65}, 0x94)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x3)
writev(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)="4f3bf5835e00000000225121d6958c78cfc0e1f14f1b257f40ad12", 0x1b}], 0x1)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000002fc0), 0x800, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f00000032c0)={0x14})
ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1)
close(r0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)}, 0x40040d0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r0, 0x8b29, &(0x7f0000000040)={'veth1_macvtap\x00', @random="01c66300"})
executing program 4:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001140), 0xc1840, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
write$cgroup_devices(r1, 0x0, 0xffdd) (async)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000100)={0x2, 0x2, 0x0, 0xc2c6d7ed92c4ca45, 0x4}) (async)
syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r4, 0x0, 0x0) (async)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, 0x0, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00')
preadv(r6, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x4) (async)
r7 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f00000001c0), &(0x7f0000000240)=0x4) (async, rerun: 64)
shutdown(0xffffffffffffffff, 0x0) (rerun: 64)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) (async, rerun: 32)
r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0) (rerun: 32)
pwritev(r9, &(0x7f00000000c0)=[{&(0x7f0000000080)="e756d337a1129afc310be63dea375cc551177c82b985e06e0a82e6a0ac24510aef6adbe5adbce172d671cf", 0x2b}, {&(0x7f0000000140)="2fe223062b20b43055a9dafe4340c47124ecd08f52a0c029f0a905035f10e9372aff2c7d2157544591840dd6c552a01e4ba3451745e9f6acf1ab492ec553c0a3a346a7aeb4ddec32ccc729701914fced53fda22078fda3fd9e1b0af51b28313480732979e4cd1840fc633c288bce242d33d7e3f261d3fe0b171ef6fda9219a2027ef44ddc97cc419e3383a31b1f5267e9a7381a10983c6e302a04311986e02c10795068e88c0f4c9fd102ac1c8555325f987f841b93ff8d248e9ac7340b7a8fa442bcba46626f609784da08ea2f72f31248b565a48990caecab054389a205965e86545fb133b4f1f7ea299132f4c545563cbcbf34f964218687b441a95ac50897e8985b939e5dae4facf50de8dc32d59d10a310afe7b8bf72d502a517af97dd21e60950510c291c4636adef9dffd5651fc004395e886a814edcbd672cfbfc1d50e7a16d3d5d83075ef1362e9e087defb7a107af5edc02ac5ecbb720affdbb2032bd2e4c046a949cdce18d90e8ac4d4af14723e8ff94ab24a89fb576081d6d3ebdd8943e796aa3c1eddba172161d57e214a0602b3c039c29f2f523046ea2d899540a20d81dfa3d326696c5a5876044dcc625f2ac8d023502428346fea4f5bb0d82c75ffb0c91940a232793467989f7d0503ca85c5b241e12af8e838799581cb678a4362d4b34569cc312c518cffd9946da804158046a38a520c84ee7792193cc03b0851164a18a75ba265f0e13d3f4941052b7ceb8cc344a1ad231784e8165ba13a192d23d3740aa479b74e2730fd07cafd06b6683cb1d52cc09575c536ca34b2174e17bf18a20b8982f74dbd137be413dffee5f2b9829412e8c585319f2c0b0edd9e16a615a1f0806fc6b9b54ac44cd6effc61376107d33a76d41c381f73fcffaf41ef60e64e8f43ce96d21cb321f41e8f23a189d08d562ec927e8dd7522792268f2b4b790ad6c8e6758c34a5ae61adc93e3c3867f83a0714173627581a739ce408cd90f96e8634d88645dfbb97389e3b010676083c82558c12977dd8933bfa5f448a74f42775ac4623319ea6ebb0066db0ce56b577a296b6c753de9fb019b9c02ae939e413a6c88633746b7cde63e3547344a0b5542ebf0454fd93098e53a8d6dd1d0e21283ccbdef4eb1b97b1847802c917475bde022d455cef0e9478963ef304302caa38bd053ce5aa8a5118b1f987ee24167565aba7304c612e36a6305629c64b71ed893678fe138a412f4cc85dc190ea81521a1991ed09a1833afc8966b37850271f9f3cb37a455cdfb3675c4f8fff2d7d8e68f637c0ea509a2dc75f60399a6f77661010245422b10c864541df432e2e7a278bb73584ad962c2250dea46af78a40930c9506f8a1b81ec3a55574e417f1bd35a4832ed48e0c5ded28c5e666df4f8fe0ac0e60212d94bd9b308540aabf7fb68890416891792790317f7514009e98dc40e2ba092d8c7cdb4ee48cefefc2d7763c1915f95bcd32295127dbf6baa46e4132596e51e6a79b671cf16eb3e58f3968224f3adc5a628c8473a477fd1c48e6627ba26ac5401a65aefc2dcf60bf446c3496d2ededdd8bdd23bbf4d4b5aa1cff98b7ffeb65dd9f5a84f22b3a50b8d194f44e21d3515b2f9bd8c28506ec0f646327c892c4613d61fc24931b6939472eeee3e22ce1f8bcc191a04c56b28dc4616b2ef7bf219e6745b631c1ec089d6027e99b1f9f613ea0bc75db0f56f62fb924989fd43693ce31f038fac8672e4da4210af05100403c643a654a05f3655078f31df0222e98b01841bfd7800c6aaee8a0e7ec88b60efb02afab6c1fb2d2abcfc60ae8b15f5937de2dbddd4ea31d4e423cc6f0d48af9de2053a3d4f5c28170e8ad53d0d4b25dee8f91acfdb089b60707c12a668dc4aeea747e15740a48fbbdf860042d9f97fb810f8bf1237033aae5adda9fabea1e49219c93f9055f05e79f9b987e40484dab641141e759f22fe83928febdb4fce6aeefbacb22540355d4112dc5dfb62c7aeda256364b238a470d19b516abbef5cac019be1c60809d394a5c3d875b891caf322eee675bf2b8fe503a6be877d094a36661dac863ecd7f2323253bb99c71456085f523afda527d7b4c7b0a3b5eab9fdd870c7d38373e741dde1b5f4481a8f9db3ba71c11a28a16242e54f9660ac69285669aa78dbdd9eef6ca43948285dfca8ea632dc3bc31b1519215c9fe4022647884edd56449e03e2d577835dc7d5a0d6981e27fd872677a4b477588da6a898567e1227c8bff8a1676702ce647411b129c34d008093bb0b48f99967d68268ccde0f09cfa372c3292f547bb7436b6e08e942766ae097f47f9ebf5c752731eaa596e46f721536b4871ce1692ed973ff00e5b38858756324f556209b9a0573df20557574814d2cabed8023419529b7927616090103423cb6cbe6c99f99099bbe26c0a8d0faacb8b07e79da40a476b813fd0701943f1254d66181242fb03f8bfd7f8e7b7537eee03c02a3eb3c42c13cb7e8d7e5f05d2c3f8168f408b251094d83a477196708c1361568f53e01756bac5685b8ab6bdbf50aa9db9977cdccc22e347ed6dd78b2f93aebb88b7714b3a628e1468f836c6de1e6f12575c6afba940ccde6a4d95f62ce512886adfabb06896da9ca81e1809642c537f96712568ddce33d9c12187477fb3654b63873b596c7850d7ec1728debab8047ae5b04399f84b378b6b886257ca51de651a8b6cde74a653e36ca75cc698ce411bd237d52e64180dcdc4bd45ad03acca3c98412ff229a474cd99f0d856c405f63ae282e7e1f3e2375335aa922ca42d392a6295fc35921eda0430076eae5192157d37cfd6dcf905107e168f5fc40f238950bbec2360b0e3bedc52d69a0d99ba119e07374878dad7c2c1394d981d224344954fd9acb8ac6c2df4d979a074d7d8062a54df9e5bffde9b5a1bc1ec9186234d729ffbc9d08865f9f7ade5bd39b62d38d6934d7f31fef05d380231790e9a51824654354e20ffe15b4c6c1e0817b7371dc3eabdb4eb56d93343c50e87b2723009e26f03256eb1061c3072ab84a50b3be516ad059d0557acaab5407104fe42f4a832983d38896675a544f4ed6ae2203cb958b061f0e5b8df3fd94b4dd9c942885857925264bb75a5231059f98d5da64f5d7ecc21e79d6a402132be9a8dd28df04899202a4e6c28bad2c5f75d01403623753316685d4eb8a0b93372770e9ff1bcda974b4e62b47438f52ed94f14e71a3162eeb2c5a5c3b7eee5b423ba2eaed05468f9904b509b1453ff3431d95dcc30fdaff2f1e9c33d42684e89ff66894b4052effdc808d9d5c7810e7bca2505edc6d3896584d2e6ddc9383de2df55492c17c9ed63055701ab45ba7edab661475bc292781196ef6a5eb5c82b92ce029e942b189d9d17dac51ba62c319ece7bbc37131cddc389dbdfe181944e099e4a36b448b9e77dde2e50d767d5b103bd8737e31ca206ff9f0328d1ca23540f928ae397c742b514285c22698c937be7f763473df59607fed8b7bb3289a97ee431e1310d011b9ac0f5f78b4415bb280d59d769389a926b2e4963c436a760463e4e59a4db9214988fbe7336c1f51c9425eacf3d975e42d8acdf207cd6dc71f6b9dc1efc1893e47e0b3fe2c7cf683cbc7fa4fc00e2b4d69f4b7c883d448d4bb724dec3f601e97a181288ee2f654c2c7c8e915e14daed55d017cd9ed5d2ead80f14fb29e9150150244551b843a7b1780490c97962d2e63957f49a5dcfec73188bb8284e7e699f0727b7eb339806bae3cd051c6e77666c3142e27ca626c4ea41865d60ab1d425a609f6dcf53ac58477b8bebef4b83fcd181808acb4d504fc7b51dc3452685c2449ee86b34dd2418c3157fc02daaa29aced516afd1ed478942cfd730e68f25c97e0f8866f1fe266c3895d9e19fc6964c38f63237d682fcd2e0b070788e5ed5ac3d32c5036b71fd3abc4ca53b2bb93bd5085b6d58f1bf68ffa134f5ef63b498702fb69a6aff33dbe27bff9250b3696ca267e1534a2d1780221f997f7b0a32de9ee2fd6fbf75cae4560f5011ae81e0143c356ead3e7ae63cd806056feef5afee0697b7fd2b6630535a0bd006d86400110356743ee70af78c0b96a72c384ae81843374f22f84feaf8d430624ccd81760abf674f0a2991be60ea7f096dbc6ba5b9c7c95c2f0aeb568bee45e8bd40727688d415e3d62440a6217590855e6b413877abb6bef485d1cce8960a369fd4348c824864bca07f4a9f2be9e0eeb84dc2bc3ecdb35c723e7a96f8fda5846e95bca2c648d64bc30242c1efa80086af683bd67aef0620740056276a54b8a1c43dffb631e24e443264168453b76e005c47c60f510327cd6f85b51428e5832d1ced42baf29e1627a56322ba76658bfae3c441f4667dbdf2b25931b85b95ed37a6d942736b69214e2bb9234a019bc6559e600836bba640cdfe6ba1b1b821e49a2b4aae23474c496064cc4bd3072fcbf299e2f76028a4e7c47f6ec9c2c6f4485316d1345bcadd19c69aaf707d3f762ff7972b817787f4297f619307b113bd16fb880f1a7080971d9973fc99c12966c6450db87a5b8b9a243a2927ec845de2eda52617e4b41b5dd51eb39ee3a1a95bbe95eeb822b2f6215f8c649ba2e2a5e6cdade3d4bc4a12aaff064efed4a15bd34f2bd1cf40c9e510a965b99265ff2a37239c729eb3cfc35c7086ab3f5db6772219d67509547588867136bf67314aad16dcedc089e268aa1fd83e7d41730c9d6bb55a5e036c6874609d9e9e97614916af0b65ec739ae830af63f03a88ec3e9b4c565da02538181fa89bf651873b1074bde86b90ba29341bc3f1be26e01b1aa15966ea799f0f46a36702e3db540027c5832f6e534d4c640280864b0eac8649f4d69db7ce210402fabdda8986006a64d34ed64196191ba5b3bd62c6bddc89449919c276da8daf0887185f1ac4ea2cfd1b2546dd2d71b89b6ed20e6311242f689fe49a19dd60f00cf7429cf806f389dc75e9ce0b53603e3d725d6069a6064a13cd24e03b6a5f7a6601ebf72e013a45609fa1cbfc7c4435d9ae0b048f99fa389764bacc81f7b3c72b6b8a1b751c8d0c364c7158a9baa985e6cded3321b60a066d249e05853b933611366d7c5a7cf7d86bfa42e013f01aa622b15abc60a0d16940f12735aade184a15c736cfd7f080a0469353ee1a8bafdb79fa6dfcce5a781b8ed7e2ce44a356c97a3733916143dc043400348673c7cc59f1d4c99eb856fe0e768d517e03329531b2e1c07348a44054d1efd21e348100947f6c1c0bf632b95a6c00999474a1ae5fc75c048b51226f9e31768db3fdb188b0e654d088b3d710cd342ce727e0b024d1e13056a67dc1eaf6f66cd837b0eb11cccada111927977760c95295d15526e4e7b6219bdcd1fcbdb75dd0d410684a74dffb0d2f757b1aaafb7ed765f6d9a4f6afc173c2452da7768e967a426fe299ec67d2793098cf03f02ea5920b174761dd6c8c081d7997bd68ecac43f23bf969e7dd58bc3573cb4941a9344f396eb1d340d49b435ac065f306c0838814b3a83981d81d6247cd7b174e472778ad2a6313e02563f07ba4ac359bb2c895a4c09ece95cf739a1f720ea2b6d8919fb58ed4773434de5262682d5fb847252598b75a76cd7d725245b0adc1807ef02e362fce69c918b42808125d8d6dd9cf29e905252edad26b9b5db2a2414d7a3f9add683d8cb0cf545d57b46417e73882b74c4", 0xfc0}], 0x2, 0x8, 0x1) (async)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0xfffffffd, 0x0, {0xa, 0x5, 0x0, 0x0, {0x0, 0x5e22, [0x0, 0xffffffff, 0xfffffffe], [0x0, 0x0, 0xfffffffd], 0x0, [0x1, 0x3]}, 0x0, 0xfffffffe}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0)
executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f00000003c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48)
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1})
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={<r3=>0xffffffffffffffff})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000900)={0x29c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x28b, 0x66}}}}, [@NL80211_ATTR_REKEY_DATA={0xbc, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "89f0a9aa561a361e"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="63740952b2813b589e047981d678d90c43846c30b3e980931a89ddf7f2be0f68"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="725409ca6be11e448f1c4a198f7bdd924bc3205cd5677cc4"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "4141b294dc57218d"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xfffff5ba}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x10}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "ab112e94b2e9c4d9"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c699757162c3d4ce"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="d19e454a8a76c2c12da8d3ffa1aff157f902635b34ae1d35"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="9b630ddc78359ca7f24435bf07e800"}]}, @NL80211_ATTR_REKEY_DATA={0x54, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="107bee18f9c844bea11245323df5ca011014bebbc66a20c8"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x100000}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "e499a15781f0e20c"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "d7fa001570f1cce7"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="ac7578b0216e74a83880b882b8384975"}]}, @NL80211_ATTR_REKEY_DATA={0xc, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}]}, @NL80211_ATTR_REKEY_DATA={0x58, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4469f3b7}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "ae9dbfa392344792"}, @NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x9}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="e0f96061719a0912b022926dd8a3aafa"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x944}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x2}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "bb0f00f2cc1ee675"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5ef1}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5d1668b327b05255"}]}, @NL80211_ATTR_REKEY_DATA={0x50, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="2ba9482c36f8052cfddb16204f252b58"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "98329af1373065b9"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xe}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="f6b4db2441f4817fb62ab36e9486e6742c3a4ebb2d537da24cee1021d3c82d2e"}]}, @NL80211_ATTR_REKEY_DATA={0xa0, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="88a2214bea4bfaa4fcd5085243e27054ddc3d5eee14d2daa"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x76}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="0d2d6005afae51720247d855f1974a50"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="9384bfb1d1b2a3f0d8a1a864d23625f6"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "d65c32f11ea4e465"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "feac140e2f8b1776"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="c32133d7141897a86f534026966dc84c"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="def0014013850d29f479178b9a69b368958b1a89b3fe72b06268c1d1d49d0562"}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x8804}, 0x40)
recvfrom(r3, &(0x7f0000000300), 0x0, 0x12000, &(0x7f0000000340)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e20, @loopback}}, 0x80)
executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xf)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0}) (async)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000200), 0x8882, 0x0)
kcmp(0x0, 0xffffffffffffffff, 0x0, r0, r4) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000780)=@newtfilter={0x60, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xfff3, 0x7}, {0xc}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x30, 0x2, [@TCA_CGROUP_EMATCHES={0x2c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8f6}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x10e, 0x2, 0x8001}, {0x3, 0x0, 0x2}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x48e7, 0x0, 0xe3e3}}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x40010)
r5 = socket(0x10, 0x3, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xcb}, 0x0) (async, rerun: 32)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) (async, rerun: 32)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) (async)
getpid() (async)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000340)) (async)
r7 = syz_pidfd_open(0x0, 0x0)
setns(r7, 0x24020000) (async)
mount$9p_xen(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x44000, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'}) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@getqdisc={0x51, 0x26, 0x2, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x4, 0x9}, {0x10, 0xe}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8844) (async, rerun: 64)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f00000000c0)={0x0, 'vxcan1\x00', {}, 0x161}) (async, rerun: 64)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000ac0)={0x0}}, 0x0) (async)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES16=r0, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}, 0x1, 0x0, 0x0, 0x4000044}, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008010)
executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, 0x0)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc70e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xda, 0x5, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x613, 0x4, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x5, 0x0, 0x20}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="51890800000000e882"], 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x1c}}, 0x20000050)
executing program 2:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xe, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000240), 0xfff, r1}, 0x38)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3800000000010102000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/85}, 0x20)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000df2bfd404b0c0001cad7010203010902240001000000000904450002c9cee40009050802ff03000000090582030004"], 0x0)
r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x4, &(0x7f0000000080)=ANY=[])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000000300))
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
getsockopt$IP6T_SO_GET_ENTRIES(r6, 0x29, 0x41, &(0x7f0000000040)=ANY=[@ANYRESDEC=r5], &(0x7f00000000c0)=0x28)
r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r7, 0x8008f512, &(0x7f0000000180))
r8 = getpid()
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RELOAD(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x0, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000b00), r0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f00000002c0)={0x34, r10, 0x601, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x240080c0}, 0x8008)
executing program 2:
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b160000000000000000020000084c00048018000180080001006f7366000c000280080001400000000430000180080001006e6174002400028008000140000000000800054000000017080006400000120008000240000000020900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x7a, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\a\x00\x00'}]}, 0x18}], 0x1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
getsockopt$inet_buf(r3, 0x118, 0x0, 0x0, &(0x7f00000003c0)=0x14)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x48)
r4 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000240)={r4})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r5)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={0x58, r6, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x34, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}, {0x20, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x58}}, 0x0)
executing program 3:
socket(0x10, 0x3, 0x0)
poll(0x0, 0x0, 0x3)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xe, &(0x7f0000000240)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], &(0x7f0000000000)='GPL\x00', 0x99c, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0x5, 0x81}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0x1, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000400)=[{0x1, 0x1, 0x9, 0x6}, {0x2, 0x5, 0xf}, {0x1, 0x5, 0xa}], 0x10, 0x5}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={r0, 0x0, 0x25, 0x8, @void}, 0x10)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x2031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = socket$caif_stream(0x25, 0x1, 0x4)
setsockopt$sock_timeval(r2, 0x1, 0x42, &(0x7f0000000180), 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x50d802, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x20000004, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x13}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x70}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d34101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
inotify_init()
r8 = socket(0x10, 0x803, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/oss_mixer\x00', 0x4200, 0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0})
executing program 2:
r0 = memfd_create(&(0x7f0000000840)='\x01\x00\x00\x00\x00\x00\x00\x00\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06F\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]^\x88\xecif\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf}\x0e\a\x00\x91U\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8Y26\xa6u<\xca@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb16\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\ah\x92j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0<uc\xbc\xec\xe5\xc79\x9c\xcf\xa4m\x06\x12\xd0IY\x18\x15\x8d\x01P\x12/\xfct\xfe\xa0\xc7-\x9a+\xf3\xf9R\x85\xa5~\x90\xbeC\xee\xe9\'\x9fW\xa5\xfa\xb9\xc8\x85\x16\xb2\xe2\x8f\xfa)?6\x0e\xac-\x82\xe3\xc1\xf7\xd3\x04\xf7\x0e\xe7v\xb2{\xaa\xfc)\xcb\xd4D\xf6#%I\xad\xaap\xddX\x14e\x11\xd8\xb3\xe9\xf2@\x97\xfa\x16\xe9\xb4l\x0e9\xf4\x9e\xefT\xfd\x9d\x18\xba\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00X\xc1\x9c\xd7\xed\xad*\xc6\xc9\xd6\xe6\xfe*t\x06\xeb]\vr-\x04{\x86\xcb\xbb4?\xa1\xb5S\xb8\x10pg\xbd\xce\x84\xe9\xfdZ\f\xeb\xd0c\x02\xdc\x90\t\x9fRAC8\xa8', 0x6)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kvm_set_irq\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000300)="a6", 0x1, 0x20000045, 0x0, 0x0)
r5 = io_uring_setup(0x4c0c, &(0x7f0000000140)={0x0, 0x2637, 0x80, 0x2, 0x10001d4})
io_uring_register$IORING_REGISTER_EVENTFD(r5, 0x4, 0x0, 0x1)
io_uring_register$IORING_UNREGISTER_EVENTFD(r5, 0x5, 0x0, 0x0)
write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r6)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
accept$unix(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
fallocate(r0, 0x0, 0x0, 0x8)
ftruncate(r0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000008000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000001000"/28], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
r9 = memfd_secret(0x80000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r9, 0x0)
executing program 3:
socket$inet6(0xa, 0x3, 0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000540)=""/181, 0xffffffffffffffce)
ioctl$PIO_SCRNMAP(r3, 0x4b52, &(0x7f0000000000))
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000040)={0x1, 0x7, 0x3})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x9)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r5 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r5, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x7, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_GETINFO(r6, 0xffffffff80000500, 0x0, &(0x7f00000002c0))
executing program 2:
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
symlink(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00')
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, r1) (async)
setpgid(r1, r1)
setpgid(0x0, r1) (async)
setpgid(0x0, r1)
r2 = openat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x177)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB=',rootmode=0000000000', @ANYRES32=r1, @ANYBLOB=',grou', @ANYBLOB=','])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xffffffffffffffff)
r4 = dup(r3)
socket$alg(0x26, 0x5, 0x0) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) (async)
bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000e40)=[{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="aa0c4f9ea197977a702a10d14a7b8eebe5d1082562ae8fcafccb0d8bc25db16b61e30bd139b699e67887222295f0de1754d29910b0d12470568ee21e1d8bc6e34ef48689168ee9cbe89f3e64459a8fc7e7a6b7aa5ba63a47a4dd620f90de0426c77feb9e6f322c37cb587ce6a31426e0969c5c3e0b36772a792ad0ef287f36ea317cc25c487e2dcb5f95d80647877ba5f9082204987fd733534cf2b6e5ed29e43326", 0xa2}, {&(0x7f0000000140)="ae284725b8a817a05d1469d3cedb57c536622fce8e691a44d9cc9f3649ffddd2df", 0x21}, {&(0x7f0000000300)="5fcbb5280006dbc7f4782d55ba500671729acaf46a46bc051dbbaaec1b32397d20f80fb0d6585d177c8b0ebb73926301571fe2deae2a4ab46700b6ede62ba6b01b16a010be6f246becb4916a0ffcebcd3529f21d7ee3a417b07a70fe4c1e21520b17c78c3008cbb469db577d7cd8bc958f09364a8b100bd761ed8adbef6b3bfc", 0x80}, {&(0x7f0000000600)="f29201c2a8ce8dfc752f7919907c32deafc8f0d19fd0aeff179543295990095400bb22c9d0d56c8ca046ad95578e60dd9006bd8922fa222b7a25c72f4bba3f08fa7db9e78253280cd44b37ee8c81867af1d64078fe141648e152481e", 0x5c}, {&(0x7f0000000680)="f13d9e59a73fd9177f972d88d7021aeae8ac0ec453a0c26e73ec4275d87e602cbdd6ad29685a7f6a320eb6d225bd89785bfa4b9f5a0fa9656513ed780c0bef4778375c42", 0x44}], 0x5, 0x0, 0x0, 0x4000000}, {0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000480)="ac55f5f4156ef4a703f48d303b3b47bd400e2bca23b55405a2", 0x19}, {&(0x7f0000000880)="6ddf659bfcc18ac6ad6975c1453207cb3ac2cc04daa9d8ba54262d65bc5de47f25d1c823c4d19f76ebf956496ba130c787ea1e59e801b648be8bc64382cd6628c1548284cfb0e734abcef76d2e940da9ea43a04d7c593eb4d6a2a7f510aea65f3ff4671bccb2b22784addba7a6423a2d261c7ab0f5cd6e1e115bbb0bd2fd9e951dbd2ed95d94c06008db08dd3f9bbe171f8dcbe5cb15819e281fb6be72ef1b99edfcdd5ad5cf42c521262b7786b1c364542f7e018efdd2ee5af0fc017aaa646def034f4f553c0d975ae51ddcb2b1", 0xce}, {&(0x7f0000000780)="ba9590c0e376f0986232adfde5eb21cb59fea52c66614075d432f14bd166e466c22139b90a695fc7e4494b6c3a57bcfecaa5", 0x32}, {&(0x7f00000007c0)="dbca006cb532d7824bf34eccaa1ac4fcc8658ea1e1a316ff820d", 0x1a}, {&(0x7f0000000980)="97f845f095c071e2d751d88f1dfd46cad8d39b29fd8e67846504df3493c9df090038962c00fd268b7d3169f90cd9dc6b23948e1f0c9f988288d73d90f8771f6d936afb3de2cb861d17f45dccc8b14a0b2fa8fcba7edbed883324221b", 0x5c}], 0x5, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000000001705000003000000000000000000000088000000000000001701000002000000730000004945e6c168da9271088acbef958309d76905526e14d8a89cc0aa959406533df8cdb5d6083345f37d06325b91f20b46a695f692b718cd5f58bbe28f5b9195ba5b115412287b9f7293b9a9425749d3f5f51aae0e29b0fee82b0eb34110829623eeefad797b8f502e0a9d169df0e3cbc008804eebb1880018000000000000001701000003000000010000000000000000010000000000001701000002000000e5000000c8cebcff8a53bd38afaf2f3b5ef66238af43432580d7e8418e5571b1d74506150f9b2275370747b704788f192cf4d5ce54889ddd019b0514ee1999961e60762dc98f3f6b820f885a910f6fcf109c4a0f64614fb6522b2eacfc3766eb3f7867e51e55cd761559c8badf09cbba4323483d3ab59109f9ebda75d8dcf2997a6ed0004872a5773236f4d454eaa2e1e10f0db2b0c99c04bcb7cc134cea2a2f14f6d83ab32341510044979a5f18fe1b48e93d03d448ddf6e5eddd637d67723a5a99d2e40db976b9719d39fa53fa857435938529ffb3ccb7cc60e4251a358f51e7839feb0a33fed023000000000000001800000000000000170100000300000000000000000000002000000000000000170100000200000008000000b9d9980c2603344b00000000800000000000000017010000020000006c000000eb6baae91c077b7173c02690e12eabc672624bdd2e6d65823b07b7b629acfc8bcd679c1d9f328aae4c9f45479e28435d89997d0f872c466805ea8b003484a7e4042da32544e817d2203b2f95fd720ff2e7d67ad3805bb7581a8096285723b5ce7bc2b24d0e3975729f64ea2f800000000000000017010000020000006b0000008403b0f8f08533965a3c64ad84e36e57b870c83ded477817db1c8d2dd87503ebd03db205f5d9395b52426c2a45010cfc983bd308e8b481ebe248a4deb1c7c2903ae9350c58c4069b388a665abfc2d9d4881bd52b58901e89dc5413fde13b304519bd468942cf0018000000000000001701000003000000010000000000"], 0x308, 0x10}], 0x2, 0x41801)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) (async)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
r4 = socket$unix(0x1, 0x1, 0x0) (rerun: 32)
bind$unix(r4, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
connect$unix(r4, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket(0x200000000000011, 0x2, 0x0) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x61, &(0x7f0000000180)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x20000000, 0x0, 0x0, 0x41100, 0x40}, 0x94) (async)
openat$dir(0xffffffffffffff9c, 0x0, 0x200c00, 0x102) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
prlimit64(0x0, 0xf, &(0x7f0000000140)={0x8, 0x5}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async, rerun: 64)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0) (async)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
executing program 2:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000040ef1747600000ba0000010902240001000000000904000001030006000921000000012205000905810300"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
pipe2(&(0x7f0000000000)={<r2=>0x0, <r3=>0x0}, 0x0)
read$FUSE(r2, &(0x7f0000001240)={0x2020}, 0x2020)
write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[], 0x20)
fcntl$setstatus(r2, 0x4, 0x42800)
splice(r1, &(0x7f0000000040), r3, 0x0, 0x808, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000380)=ANY=[@ANYBLOB="20231f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 1)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01030000000000000000010000010900010073797a310000000054000000030a01040000000000000000010000000900030073797a31000000000900010073797a31000000003a5363780800014000000005080002401b2fd2c51400030064766d7270300000000000000000000028000000000a05000000000000000000010000080900010073797a3100000000080002400000000114000000110001"], 0xc4}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x140)
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="ad2293803a78"}, 0x14)
executing program 0:
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x8008551d, &(0x7f0000000000)=ANY=[@ANYBLOB="a6170000020000008126"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee4, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={&(0x7f0000000100)=@nameseq={0x1e, 0x3, 0x0, {0xe0007cc61fb31236}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8044800}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x455}, 0x10)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(0xffffffffffffffff, r5, 0x0)
read$char_usb(r6, &(0x7f00000002c0)=""/91, 0x5b)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
getsockopt$nfc_llcp(r7, 0x118, 0x4, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@getchain={0x64, 0x66, 0x4, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xf}, {0xfff2, 0xc}, {0x5, 0xfff2}}, [{0x8, 0xb, 0x7ff}, {0x8, 0xb, 0x104}, {0x8, 0xb, 0x805}, {0x8, 0xb, 0x8}, {0x8, 0xb, 0xffff}, {0x8, 0xb, 0x400}, {0x8, 0xb, 0xffff0000}, {0x8, 0xb, 0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x240408c4}, 0x44080)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1c, 0xc, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES64=0x0, @ANYRES64=r0], 0x0, 0xffffffff, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x48)
io_uring_setup(0x4168, &(0x7f0000000480)={0x0, 0x5f4e, 0x800, 0x2, 0x218, 0x0, r6})
executing program 1:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4}, 0x50)
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000080)=<r1=>0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000280)={{r0}, r1, 0x4, @unused=[0x60b, 0x9, 0x3], @devid})
socketpair(0x22, 0x2, 0x3, &(0x7f0000000240))
executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1c0)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = getpgid(0xffffffffffffffff)
capget(&(0x7f00000002c0)={0x20071026, r0}, &(0x7f0000000300)={0x0, 0x3, 0x2, 0x0, 0x7, 0x81})
chdir(&(0x7f00000001c0)='./bus\x00')
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x804418, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f00000017c0)={0x10, 0x1405, 0x1, 0x70bd28, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x20004004}, 0x4000010)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg(r2, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x820067c0563725f1)
r3 = dup3(0xffffffffffffffff, r1, 0x0)
openat$cgroup_ro(r3, 0x0, 0x0, 0x0)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f0000000140)={'nat\x00', 0x0, 0x4, 0x1000, [0x8, 0xfffffffffffffb86, 0xfff, 0xfffe, 0xec, 0xffffffffffffffff], 0x4, &(0x7f0000000000)=[{}, {}, {}, {}], &(0x7f0000000540)=""/4096}, &(0x7f0000000040)=0x78)
executing program 1:
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000000000004"])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000300)={0x0, 0x7})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x5, 0x0, 0x1})
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, 0x0}, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x800)
clock_gettime(0x3, &(0x7f0000000040))
write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0)
ioctl$BTRFS_IOC_START_SYNC(r4, 0x80089418, &(0x7f00000000c0)=<r5=>0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f0000000480)={{r3}, r5, 0x18, @unused=[0x5, 0x81, 0x80000000, 0x1a3], @subvolid})
linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x400)
executing program 4:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500672083a69db8efbccb247f5388d6583f000000000005e948ee34753fb0660352f986b8af06d3d6291645084765bd375b4eb440355a57cc76d196b049461ed45b60b00ff49a9a701328e7bf99a9f365bfa846d714babfb9431e0af77b5161609bd63f47cd045484c748afffca09ac156e133c42c822d177629c0d69a00161fdb37c3c6ec6b8f259f8e7a40bc7a5d05e072d155cf42cb86a319dcc43375edae1201b0137e9ec28b269ebb40dccf4db81ef349af71be5b27fb6c00d5d34128524ff5d52ca078db307f5f61d4751a05ce75e13ba1f87c90dd3ec8c798a21e0135ae69e924dd491028dd040891a5e84e2480ec8b0c516f718d48154c5c494e5295f65105ba1aebca7c09fb0e98f1c87b3ba38a1"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1])
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b7020000380d0000bfa30000000000000703000000feffff720af0fff8ffff1989a4f0ff00000000b7060000080000001e640000000000004504040001000000170400000c000a00b7040000ff0100006a0af2fe00000000850000001a000000b70000003f00000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c4608800000000000000005cbb5a2600"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffe49}, 0x42)
executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) (async)
syz_open_dev$dri(&(0x7f0000000000), 0xffffffffffffffff, 0x8000)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x64, r1, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x800}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\x00'}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20002000}, 0x1041)
socket(0x400000000010, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0), 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)
munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 2)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 1 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_connect$cdc_ncm-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 1m40s
testing program (duration=1m47s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [22, 13, 26, 9, 30, 6, 3, 7, 26, 21, 30, 30, 28, 38, 30, 9, 3, 2, 5, 5, 30, 4, 18, 8, 16, 8, 14, 20, 3, 30]
detailed listing:
executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
r1 = getpid()
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f00000000c0)={0x0, 0x2, r0, 0x7})
getpid()
sched_setscheduler(r1, 0x7, &(0x7f0000000180)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0x8000)
recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r4 = inotify_init1(0x800)
ioctl$INOTIFY_IOC_SETNEXTWD(r4, 0x541b, 0xfffffffffffffffa)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000100075c0000000e0a01020000000000000000010000"], 0xec}}, 0x0)
unshare(0x6a040000)
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6c3, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000040)={0xf0f028, 0x1})
executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000ac0)={0x6, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000051000000000000000800a0018010000756c6c"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x65}, 0x94)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x3)
writev(r2, &(0x7f0000000000)=[{&(0x7f00000000c0)="4f3bf5835e00000000225121d6958c78cfc0e1f14f1b257f40ad12", 0x1b}], 0x1)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000002fc0), 0x800, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r3, 0xc010640c, &(0x7f00000032c0)={0x14})
ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1)
close(r0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)}, 0x40040d0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r0, 0x8b29, &(0x7f0000000040)={'veth1_macvtap\x00', @random="01c66300"})
executing program 4:
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001140), 0xc1840, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
write$cgroup_devices(r1, 0x0, 0xffdd) (async)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000100)={0x2, 0x2, 0x0, 0xc2c6d7ed92c4ca45, 0x4}) (async)
syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r4, 0x0, 0x0) (async)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, 0x0, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00')
preadv(r6, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x4) (async)
r7 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f00000001c0), &(0x7f0000000240)=0x4) (async, rerun: 64)
shutdown(0xffffffffffffffff, 0x0) (rerun: 64)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) (async, rerun: 32)
r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0) (rerun: 32)
pwritev(r9, &(0x7f00000000c0)=[{&(0x7f0000000080)="e756d337a1129afc310be63dea375cc551177c82b985e06e0a82e6a0ac24510aef6adbe5adbce172d671cf", 0x2b}, {&(0x7f0000000140)="2fe223062b20b43055a9dafe4340c47124ecd08f52a0c029f0a905035f10e9372aff2c7d2157544591840dd6c552a01e4ba3451745e9f6acf1ab492ec553c0a3a346a7aeb4ddec32ccc729701914fced53fda22078fda3fd9e1b0af51b28313480732979e4cd1840fc633c288bce242d33d7e3f261d3fe0b171ef6fda9219a2027ef44ddc97cc419e3383a31b1f5267e9a7381a10983c6e302a04311986e02c10795068e88c0f4c9fd102ac1c8555325f987f841b93ff8d248e9ac7340b7a8fa442bcba46626f609784da08ea2f72f31248b565a48990caecab054389a205965e86545fb133b4f1f7ea299132f4c545563cbcbf34f964218687b441a95ac50897e8985b939e5dae4facf50de8dc32d59d10a310afe7b8bf72d502a517af97dd21e60950510c291c4636adef9dffd5651fc004395e886a814edcbd672cfbfc1d50e7a16d3d5d83075ef1362e9e087defb7a107af5edc02ac5ecbb720affdbb2032bd2e4c046a949cdce18d90e8ac4d4af14723e8ff94ab24a89fb576081d6d3ebdd8943e796aa3c1eddba172161d57e214a0602b3c039c29f2f523046ea2d899540a20d81dfa3d326696c5a5876044dcc625f2ac8d023502428346fea4f5bb0d82c75ffb0c91940a232793467989f7d0503ca85c5b241e12af8e838799581cb678a4362d4b34569cc312c518cffd9946da804158046a38a520c84ee7792193cc03b0851164a18a75ba265f0e13d3f4941052b7ceb8cc344a1ad231784e8165ba13a192d23d3740aa479b74e2730fd07cafd06b6683cb1d52cc09575c536ca34b2174e17bf18a20b8982f74dbd137be413dffee5f2b9829412e8c585319f2c0b0edd9e16a615a1f0806fc6b9b54ac44cd6effc61376107d33a76d41c381f73fcffaf41ef60e64e8f43ce96d21cb321f41e8f23a189d08d562ec927e8dd7522792268f2b4b790ad6c8e6758c34a5ae61adc93e3c3867f83a0714173627581a739ce408cd90f96e8634d88645dfbb97389e3b010676083c82558c12977dd8933bfa5f448a74f42775ac4623319ea6ebb0066db0ce56b577a296b6c753de9fb019b9c02ae939e413a6c88633746b7cde63e3547344a0b5542ebf0454fd93098e53a8d6dd1d0e21283ccbdef4eb1b97b1847802c917475bde022d455cef0e9478963ef304302caa38bd053ce5aa8a5118b1f987ee24167565aba7304c612e36a6305629c64b71ed893678fe138a412f4cc85dc190ea81521a1991ed09a1833afc8966b37850271f9f3cb37a455cdfb3675c4f8fff2d7d8e68f637c0ea509a2dc75f60399a6f77661010245422b10c864541df432e2e7a278bb73584ad962c2250dea46af78a40930c9506f8a1b81ec3a55574e417f1bd35a4832ed48e0c5ded28c5e666df4f8fe0ac0e60212d94bd9b308540aabf7fb68890416891792790317f7514009e98dc40e2ba092d8c7cdb4ee48cefefc2d7763c1915f95bcd32295127dbf6baa46e4132596e51e6a79b671cf16eb3e58f3968224f3adc5a628c8473a477fd1c48e6627ba26ac5401a65aefc2dcf60bf446c3496d2ededdd8bdd23bbf4d4b5aa1cff98b7ffeb65dd9f5a84f22b3a50b8d194f44e21d3515b2f9bd8c28506ec0f646327c892c4613d61fc24931b6939472eeee3e22ce1f8bcc191a04c56b28dc4616b2ef7bf219e6745b631c1ec089d6027e99b1f9f613ea0bc75db0f56f62fb924989fd43693ce31f038fac8672e4da4210af05100403c643a654a05f3655078f31df0222e98b01841bfd7800c6aaee8a0e7ec88b60efb02afab6c1fb2d2abcfc60ae8b15f5937de2dbddd4ea31d4e423cc6f0d48af9de2053a3d4f5c28170e8ad53d0d4b25dee8f91acfdb089b60707c12a668dc4aeea747e15740a48fbbdf860042d9f97fb810f8bf1237033aae5adda9fabea1e49219c93f9055f05e79f9b987e40484dab641141e759f22fe83928febdb4fce6aeefbacb22540355d4112dc5dfb62c7aeda256364b238a470d19b516abbef5cac019be1c60809d394a5c3d875b891caf322eee675bf2b8fe503a6be877d094a36661dac863ecd7f2323253bb99c71456085f523afda527d7b4c7b0a3b5eab9fdd870c7d38373e741dde1b5f4481a8f9db3ba71c11a28a16242e54f9660ac69285669aa78dbdd9eef6ca43948285dfca8ea632dc3bc31b1519215c9fe4022647884edd56449e03e2d577835dc7d5a0d6981e27fd872677a4b477588da6a898567e1227c8bff8a1676702ce647411b129c34d008093bb0b48f99967d68268ccde0f09cfa372c3292f547bb7436b6e08e942766ae097f47f9ebf5c752731eaa596e46f721536b4871ce1692ed973ff00e5b38858756324f556209b9a0573df20557574814d2cabed8023419529b7927616090103423cb6cbe6c99f99099bbe26c0a8d0faacb8b07e79da40a476b813fd0701943f1254d66181242fb03f8bfd7f8e7b7537eee03c02a3eb3c42c13cb7e8d7e5f05d2c3f8168f408b251094d83a477196708c1361568f53e01756bac5685b8ab6bdbf50aa9db9977cdccc22e347ed6dd78b2f93aebb88b7714b3a628e1468f836c6de1e6f12575c6afba940ccde6a4d95f62ce512886adfabb06896da9ca81e1809642c537f96712568ddce33d9c12187477fb3654b63873b596c7850d7ec1728debab8047ae5b04399f84b378b6b886257ca51de651a8b6cde74a653e36ca75cc698ce411bd237d52e64180dcdc4bd45ad03acca3c98412ff229a474cd99f0d856c405f63ae282e7e1f3e2375335aa922ca42d392a6295fc35921eda0430076eae5192157d37cfd6dcf905107e168f5fc40f238950bbec2360b0e3bedc52d69a0d99ba119e07374878dad7c2c1394d981d224344954fd9acb8ac6c2df4d979a074d7d8062a54df9e5bffde9b5a1bc1ec9186234d729ffbc9d08865f9f7ade5bd39b62d38d6934d7f31fef05d380231790e9a51824654354e20ffe15b4c6c1e0817b7371dc3eabdb4eb56d93343c50e87b2723009e26f03256eb1061c3072ab84a50b3be516ad059d0557acaab5407104fe42f4a832983d38896675a544f4ed6ae2203cb958b061f0e5b8df3fd94b4dd9c942885857925264bb75a5231059f98d5da64f5d7ecc21e79d6a402132be9a8dd28df04899202a4e6c28bad2c5f75d01403623753316685d4eb8a0b93372770e9ff1bcda974b4e62b47438f52ed94f14e71a3162eeb2c5a5c3b7eee5b423ba2eaed05468f9904b509b1453ff3431d95dcc30fdaff2f1e9c33d42684e89ff66894b4052effdc808d9d5c7810e7bca2505edc6d3896584d2e6ddc9383de2df55492c17c9ed63055701ab45ba7edab661475bc292781196ef6a5eb5c82b92ce029e942b189d9d17dac51ba62c319ece7bbc37131cddc389dbdfe181944e099e4a36b448b9e77dde2e50d767d5b103bd8737e31ca206ff9f0328d1ca23540f928ae397c742b514285c22698c937be7f763473df59607fed8b7bb3289a97ee431e1310d011b9ac0f5f78b4415bb280d59d769389a926b2e4963c436a760463e4e59a4db9214988fbe7336c1f51c9425eacf3d975e42d8acdf207cd6dc71f6b9dc1efc1893e47e0b3fe2c7cf683cbc7fa4fc00e2b4d69f4b7c883d448d4bb724dec3f601e97a181288ee2f654c2c7c8e915e14daed55d017cd9ed5d2ead80f14fb29e9150150244551b843a7b1780490c97962d2e63957f49a5dcfec73188bb8284e7e699f0727b7eb339806bae3cd051c6e77666c3142e27ca626c4ea41865d60ab1d425a609f6dcf53ac58477b8bebef4b83fcd181808acb4d504fc7b51dc3452685c2449ee86b34dd2418c3157fc02daaa29aced516afd1ed478942cfd730e68f25c97e0f8866f1fe266c3895d9e19fc6964c38f63237d682fcd2e0b070788e5ed5ac3d32c5036b71fd3abc4ca53b2bb93bd5085b6d58f1bf68ffa134f5ef63b498702fb69a6aff33dbe27bff9250b3696ca267e1534a2d1780221f997f7b0a32de9ee2fd6fbf75cae4560f5011ae81e0143c356ead3e7ae63cd806056feef5afee0697b7fd2b6630535a0bd006d86400110356743ee70af78c0b96a72c384ae81843374f22f84feaf8d430624ccd81760abf674f0a2991be60ea7f096dbc6ba5b9c7c95c2f0aeb568bee45e8bd40727688d415e3d62440a6217590855e6b413877abb6bef485d1cce8960a369fd4348c824864bca07f4a9f2be9e0eeb84dc2bc3ecdb35c723e7a96f8fda5846e95bca2c648d64bc30242c1efa80086af683bd67aef0620740056276a54b8a1c43dffb631e24e443264168453b76e005c47c60f510327cd6f85b51428e5832d1ced42baf29e1627a56322ba76658bfae3c441f4667dbdf2b25931b85b95ed37a6d942736b69214e2bb9234a019bc6559e600836bba640cdfe6ba1b1b821e49a2b4aae23474c496064cc4bd3072fcbf299e2f76028a4e7c47f6ec9c2c6f4485316d1345bcadd19c69aaf707d3f762ff7972b817787f4297f619307b113bd16fb880f1a7080971d9973fc99c12966c6450db87a5b8b9a243a2927ec845de2eda52617e4b41b5dd51eb39ee3a1a95bbe95eeb822b2f6215f8c649ba2e2a5e6cdade3d4bc4a12aaff064efed4a15bd34f2bd1cf40c9e510a965b99265ff2a37239c729eb3cfc35c7086ab3f5db6772219d67509547588867136bf67314aad16dcedc089e268aa1fd83e7d41730c9d6bb55a5e036c6874609d9e9e97614916af0b65ec739ae830af63f03a88ec3e9b4c565da02538181fa89bf651873b1074bde86b90ba29341bc3f1be26e01b1aa15966ea799f0f46a36702e3db540027c5832f6e534d4c640280864b0eac8649f4d69db7ce210402fabdda8986006a64d34ed64196191ba5b3bd62c6bddc89449919c276da8daf0887185f1ac4ea2cfd1b2546dd2d71b89b6ed20e6311242f689fe49a19dd60f00cf7429cf806f389dc75e9ce0b53603e3d725d6069a6064a13cd24e03b6a5f7a6601ebf72e013a45609fa1cbfc7c4435d9ae0b048f99fa389764bacc81f7b3c72b6b8a1b751c8d0c364c7158a9baa985e6cded3321b60a066d249e05853b933611366d7c5a7cf7d86bfa42e013f01aa622b15abc60a0d16940f12735aade184a15c736cfd7f080a0469353ee1a8bafdb79fa6dfcce5a781b8ed7e2ce44a356c97a3733916143dc043400348673c7cc59f1d4c99eb856fe0e768d517e03329531b2e1c07348a44054d1efd21e348100947f6c1c0bf632b95a6c00999474a1ae5fc75c048b51226f9e31768db3fdb188b0e654d088b3d710cd342ce727e0b024d1e13056a67dc1eaf6f66cd837b0eb11cccada111927977760c95295d15526e4e7b6219bdcd1fcbdb75dd0d410684a74dffb0d2f757b1aaafb7ed765f6d9a4f6afc173c2452da7768e967a426fe299ec67d2793098cf03f02ea5920b174761dd6c8c081d7997bd68ecac43f23bf969e7dd58bc3573cb4941a9344f396eb1d340d49b435ac065f306c0838814b3a83981d81d6247cd7b174e472778ad2a6313e02563f07ba4ac359bb2c895a4c09ece95cf739a1f720ea2b6d8919fb58ed4773434de5262682d5fb847252598b75a76cd7d725245b0adc1807ef02e362fce69c918b42808125d8d6dd9cf29e905252edad26b9b5db2a2414d7a3f9add683d8cb0cf545d57b46417e73882b74c4", 0xfc0}], 0x2, 0x8, 0x1) (async)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0xfffffffd, 0x0, {0xa, 0x5, 0x0, 0x0, {0x0, 0x5e22, [0x0, 0xffffffff, 0xfffffffe], [0x0, 0x0, 0xfffffffd], 0x0, [0x1, 0x3]}, 0x0, 0xfffffffe}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0)
executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f00000003c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48)
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1})
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={<r3=>0xffffffffffffffff})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000900)={0x29c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x28b, 0x66}}}}, [@NL80211_ATTR_REKEY_DATA={0xbc, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "89f0a9aa561a361e"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="63740952b2813b589e047981d678d90c43846c30b3e980931a89ddf7f2be0f68"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="725409ca6be11e448f1c4a198f7bdd924bc3205cd5677cc4"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "4141b294dc57218d"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xfffff5ba}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x10}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "ab112e94b2e9c4d9"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c699757162c3d4ce"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="d19e454a8a76c2c12da8d3ffa1aff157f902635b34ae1d35"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="9b630ddc78359ca7f24435bf07e800"}]}, @NL80211_ATTR_REKEY_DATA={0x54, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="107bee18f9c844bea11245323df5ca011014bebbc66a20c8"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x100000}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "e499a15781f0e20c"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "d7fa001570f1cce7"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="ac7578b0216e74a83880b882b8384975"}]}, @NL80211_ATTR_REKEY_DATA={0xc, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4}]}, @NL80211_ATTR_REKEY_DATA={0x58, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x4469f3b7}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "ae9dbfa392344792"}, @NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x9}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="e0f96061719a0912b022926dd8a3aafa"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x944}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x2}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "bb0f00f2cc1ee675"}]}, @NL80211_ATTR_REKEY_DATA={0x18, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5ef1}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "5d1668b327b05255"}]}, @NL80211_ATTR_REKEY_DATA={0x50, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="2ba9482c36f8052cfddb16204f252b58"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "98329af1373065b9"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xe}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="f6b4db2441f4817fb62ab36e9486e6742c3a4ebb2d537da24cee1021d3c82d2e"}]}, @NL80211_ATTR_REKEY_DATA={0xa0, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="88a2214bea4bfaa4fcd5085243e27054ddc3d5eee14d2daa"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x76}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="0d2d6005afae51720247d855f1974a50"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="9384bfb1d1b2a3f0d8a1a864d23625f6"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "d65c32f11ea4e465"}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "feac140e2f8b1776"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="c32133d7141897a86f534026966dc84c"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="def0014013850d29f479178b9a69b368958b1a89b3fe72b06268c1d1d49d0562"}]}]}, 0x29c}, 0x1, 0x0, 0x0, 0x8804}, 0x40)
recvfrom(r3, &(0x7f0000000300), 0x0, 0x12000, &(0x7f0000000340)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e20, @loopback}}, 0x80)
executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xf)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0}) (async)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000200), 0x8882, 0x0)
kcmp(0x0, 0xffffffffffffffff, 0x0, r0, r4) (async)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000780)=@newtfilter={0x60, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0xfff3, 0x7}, {0xc}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x30, 0x2, [@TCA_CGROUP_EMATCHES={0x2c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8f6}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x10e, 0x2, 0x8001}, {0x3, 0x0, 0x2}}}, @TCF_EM_CONTAINER={0xc, 0x2, 0x0, 0x0, {{0x48e7, 0x0, 0xe3e3}}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x40010)
r5 = socket(0x10, 0x3, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xcb}, 0x0) (async, rerun: 32)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) (async, rerun: 32)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff) (async)
getpid() (async)
ioctl$BLKROGET(0xffffffffffffffff, 0x125e, &(0x7f0000000340)) (async)
r7 = syz_pidfd_open(0x0, 0x0)
setns(r7, 0x24020000) (async)
mount$9p_xen(0x0, &(0x7f0000000300)='.\x00', 0x0, 0x44000, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00'}) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@getqdisc={0x51, 0x26, 0x2, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0x4, 0x9}, {0x10, 0xe}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8844) (async, rerun: 64)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f00000000c0)={0x0, 'vxcan1\x00', {}, 0x161}) (async, rerun: 64)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000ac0)={0x0}}, 0x0) (async)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES16=r0, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}, 0x1, 0x0, 0x0, 0x4000044}, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008010)
executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, 0x0)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc70e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xda, 0x5, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x613, 0x4, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x5, 0x0, 0x20}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="51890800000000e882"], 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x1c}}, 0x20000050)
executing program 2:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000980)=@base={0xe, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000240), 0xfff, r1}, 0x38)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3800000000010102000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, &(0x7f0000000140), &(0x7f0000000000)=""/85}, 0x20)
executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000df2bfd404b0c0001cad7010203010902240001000000000904450002c9cee40009050802ff03000000090582030004"], 0x0)
r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x4, &(0x7f0000000080)=ANY=[])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f0000000300))
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
getsockopt$IP6T_SO_GET_ENTRIES(r6, 0x29, 0x41, &(0x7f0000000040)=ANY=[@ANYRESDEC=r5], &(0x7f00000000c0)=0x28)
r7 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r7, 0x8008f512, &(0x7f0000000180))
r8 = getpid()
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RELOAD(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x0, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r8}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000b00), r0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f00000002c0)={0x34, r10, 0x601, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x240080c0}, 0x8008)
executing program 2:
socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b160000000000000000020000084c00048018000180080001006f7366000c000280080001400000000430000180080001006e6174002400028008000140000000000800054000000017080006400000120008000240000000020900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x18, 0x7a, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\a\x00\x00'}]}, 0x18}], 0x1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
getsockopt$inet_buf(r3, 0x118, 0x0, 0x0, &(0x7f00000003c0)=0x14)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[], 0x48)
r4 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000240)={r4})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r5)
sendmsg$NLBL_CIPSOV4_C_ADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={0x58, r6, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x34, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x2}, {0x20, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x58}}, 0x0)
executing program 3:
socket(0x10, 0x3, 0x0)
poll(0x0, 0x0, 0x3)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xe, &(0x7f0000000240)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], &(0x7f0000000000)='GPL\x00', 0x99c, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0x5, 0x81}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0x1, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000400)=[{0x1, 0x1, 0x9, 0x6}, {0x2, 0x5, 0xf}, {0x1, 0x5, 0xa}], 0x10, 0x5}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={r0, 0x0, 0x25, 0x8, @void}, 0x10)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x2031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = socket$caif_stream(0x25, 0x1, 0x4)
setsockopt$sock_timeval(r2, 0x1, 0x42, &(0x7f0000000180), 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x50d802, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x20000004, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x13}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x70}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d34101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
inotify_init()
r8 = socket(0x10, 0x803, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/oss_mixer\x00', 0x4200, 0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0})
executing program 2:
r0 = memfd_create(&(0x7f0000000840)='\x01\x00\x00\x00\x00\x00\x00\x00\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06F\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]^\x88\xecif\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf}\x0e\a\x00\x91U\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8Y26\xa6u<\xca@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb16\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\ah\x92j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0<uc\xbc\xec\xe5\xc79\x9c\xcf\xa4m\x06\x12\xd0IY\x18\x15\x8d\x01P\x12/\xfct\xfe\xa0\xc7-\x9a+\xf3\xf9R\x85\xa5~\x90\xbeC\xee\xe9\'\x9fW\xa5\xfa\xb9\xc8\x85\x16\xb2\xe2\x8f\xfa)?6\x0e\xac-\x82\xe3\xc1\xf7\xd3\x04\xf7\x0e\xe7v\xb2{\xaa\xfc)\xcb\xd4D\xf6#%I\xad\xaap\xddX\x14e\x11\xd8\xb3\xe9\xf2@\x97\xfa\x16\xe9\xb4l\x0e9\xf4\x9e\xefT\xfd\x9d\x18\xba\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00X\xc1\x9c\xd7\xed\xad*\xc6\xc9\xd6\xe6\xfe*t\x06\xeb]\vr-\x04{\x86\xcb\xbb4?\xa1\xb5S\xb8\x10pg\xbd\xce\x84\xe9\xfdZ\f\xeb\xd0c\x02\xdc\x90\t\x9fRAC8\xa8', 0x6)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kvm_set_irq\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000300)="a6", 0x1, 0x20000045, 0x0, 0x0)
r5 = io_uring_setup(0x4c0c, &(0x7f0000000140)={0x0, 0x2637, 0x80, 0x2, 0x10001d4})
io_uring_register$IORING_REGISTER_EVENTFD(r5, 0x4, 0x0, 0x1)
io_uring_register$IORING_UNREGISTER_EVENTFD(r5, 0x5, 0x0, 0x0)
write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r6)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
accept$unix(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
fallocate(r0, 0x0, 0x0, 0x8)
ftruncate(r0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000008000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000001000"/28], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
r9 = memfd_secret(0x80000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r9, 0x0)
executing program 3:
socket$inet6(0xa, 0x3, 0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000540)=""/181, 0xffffffffffffffce)
ioctl$PIO_SCRNMAP(r3, 0x4b52, &(0x7f0000000000))
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000040)={0x1, 0x7, 0x3})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x9)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r5 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r5, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x7, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_GETINFO(r6, 0xffffffff80000500, 0x0, &(0x7f00000002c0))
executing program 2:
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
symlink(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00')
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, r1) (async)
setpgid(r1, r1)
setpgid(0x0, r1) (async)
setpgid(0x0, r1)
r2 = openat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x177)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB=',rootmode=0000000000', @ANYRES32=r1, @ANYBLOB=',grou', @ANYBLOB=','])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xffffffffffffffff)
r4 = dup(r3)
socket$alg(0x26, 0x5, 0x0) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) (async)
bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000e40)=[{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="aa0c4f9ea197977a702a10d14a7b8eebe5d1082562ae8fcafccb0d8bc25db16b61e30bd139b699e67887222295f0de1754d29910b0d12470568ee21e1d8bc6e34ef48689168ee9cbe89f3e64459a8fc7e7a6b7aa5ba63a47a4dd620f90de0426c77feb9e6f322c37cb587ce6a31426e0969c5c3e0b36772a792ad0ef287f36ea317cc25c487e2dcb5f95d80647877ba5f9082204987fd733534cf2b6e5ed29e43326", 0xa2}, {&(0x7f0000000140)="ae284725b8a817a05d1469d3cedb57c536622fce8e691a44d9cc9f3649ffddd2df", 0x21}, {&(0x7f0000000300)="5fcbb5280006dbc7f4782d55ba500671729acaf46a46bc051dbbaaec1b32397d20f80fb0d6585d177c8b0ebb73926301571fe2deae2a4ab46700b6ede62ba6b01b16a010be6f246becb4916a0ffcebcd3529f21d7ee3a417b07a70fe4c1e21520b17c78c3008cbb469db577d7cd8bc958f09364a8b100bd761ed8adbef6b3bfc", 0x80}, {&(0x7f0000000600)="f29201c2a8ce8dfc752f7919907c32deafc8f0d19fd0aeff179543295990095400bb22c9d0d56c8ca046ad95578e60dd9006bd8922fa222b7a25c72f4bba3f08fa7db9e78253280cd44b37ee8c81867af1d64078fe141648e152481e", 0x5c}, {&(0x7f0000000680)="f13d9e59a73fd9177f972d88d7021aeae8ac0ec453a0c26e73ec4275d87e602cbdd6ad29685a7f6a320eb6d225bd89785bfa4b9f5a0fa9656513ed780c0bef4778375c42", 0x44}], 0x5, 0x0, 0x0, 0x4000000}, {0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000480)="ac55f5f4156ef4a703f48d303b3b47bd400e2bca23b55405a2", 0x19}, {&(0x7f0000000880)="6ddf659bfcc18ac6ad6975c1453207cb3ac2cc04daa9d8ba54262d65bc5de47f25d1c823c4d19f76ebf956496ba130c787ea1e59e801b648be8bc64382cd6628c1548284cfb0e734abcef76d2e940da9ea43a04d7c593eb4d6a2a7f510aea65f3ff4671bccb2b22784addba7a6423a2d261c7ab0f5cd6e1e115bbb0bd2fd9e951dbd2ed95d94c06008db08dd3f9bbe171f8dcbe5cb15819e281fb6be72ef1b99edfcdd5ad5cf42c521262b7786b1c364542f7e018efdd2ee5af0fc017aaa646def034f4f553c0d975ae51ddcb2b1", 0xce}, {&(0x7f0000000780)="ba9590c0e376f0986232adfde5eb21cb59fea52c66614075d432f14bd166e466c22139b90a695fc7e4494b6c3a57bcfecaa5", 0x32}, {&(0x7f00000007c0)="dbca006cb532d7824bf34eccaa1ac4fcc8658ea1e1a316ff820d", 0x1a}, {&(0x7f0000000980)="97f845f095c071e2d751d88f1dfd46cad8d39b29fd8e67846504df3493c9df090038962c00fd268b7d3169f90cd9dc6b23948e1f0c9f988288d73d90f8771f6d936afb3de2cb861d17f45dccc8b14a0b2fa8fcba7edbed883324221b", 0x5c}], 0x5, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000000001705000003000000000000000000000088000000000000001701000002000000730000004945e6c168da9271088acbef958309d76905526e14d8a89cc0aa959406533df8cdb5d6083345f37d06325b91f20b46a695f692b718cd5f58bbe28f5b9195ba5b115412287b9f7293b9a9425749d3f5f51aae0e29b0fee82b0eb34110829623eeefad797b8f502e0a9d169df0e3cbc008804eebb1880018000000000000001701000003000000010000000000000000010000000000001701000002000000e5000000c8cebcff8a53bd38afaf2f3b5ef66238af43432580d7e8418e5571b1d74506150f9b2275370747b704788f192cf4d5ce54889ddd019b0514ee1999961e60762dc98f3f6b820f885a910f6fcf109c4a0f64614fb6522b2eacfc3766eb3f7867e51e55cd761559c8badf09cbba4323483d3ab59109f9ebda75d8dcf2997a6ed0004872a5773236f4d454eaa2e1e10f0db2b0c99c04bcb7cc134cea2a2f14f6d83ab32341510044979a5f18fe1b48e93d03d448ddf6e5eddd637d67723a5a99d2e40db976b9719d39fa53fa857435938529ffb3ccb7cc60e4251a358f51e7839feb0a33fed023000000000000001800000000000000170100000300000000000000000000002000000000000000170100000200000008000000b9d9980c2603344b00000000800000000000000017010000020000006c000000eb6baae91c077b7173c02690e12eabc672624bdd2e6d65823b07b7b629acfc8bcd679c1d9f328aae4c9f45479e28435d89997d0f872c466805ea8b003484a7e4042da32544e817d2203b2f95fd720ff2e7d67ad3805bb7581a8096285723b5ce7bc2b24d0e3975729f64ea2f800000000000000017010000020000006b0000008403b0f8f08533965a3c64ad84e36e57b870c83ded477817db1c8d2dd87503ebd03db205f5d9395b52426c2a45010cfc983bd308e8b481ebe248a4deb1c7c2903ae9350c58c4069b388a665abfc2d9d4881bd52b58901e89dc5413fde13b304519bd468942cf0018000000000000001701000003000000010000000000"], 0x308, 0x10}], 0x2, 0x41801)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) (async)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
r4 = socket$unix(0x1, 0x1, 0x0) (rerun: 32)
bind$unix(r4, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
connect$unix(r4, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket(0x200000000000011, 0x2, 0x0) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x61, &(0x7f0000000180)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x20000000, 0x0, 0x0, 0x41100, 0x40}, 0x94) (async)
openat$dir(0xffffffffffffff9c, 0x0, 0x200c00, 0x102) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
prlimit64(0x0, 0xf, &(0x7f0000000140)={0x8, 0x5}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async, rerun: 64)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0) (async)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
executing program 2:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000040ef1747600000ba0000010902240001000000000904000001030006000921000000012205000905810300"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
pipe2(&(0x7f0000000000)={<r2=>0x0, <r3=>0x0}, 0x0)
read$FUSE(r2, &(0x7f0000001240)={0x2020}, 0x2020)
write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[], 0x20)
fcntl$setstatus(r2, 0x4, 0x42800)
splice(r1, &(0x7f0000000040), r3, 0x0, 0x808, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000380)=ANY=[@ANYBLOB="20231f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 1)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01030000000000000000010000010900010073797a310000000054000000030a01040000000000000000010000000900030073797a31000000000900010073797a31000000003a5363780800014000000005080002401b2fd2c51400030064766d7270300000000000000000000028000000000a05000000000000000000010000080900010073797a3100000000080002400000000114000000110001"], 0xc4}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x140)
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="ad2293803a78"}, 0x14)
executing program 0:
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x8008551d, &(0x7f0000000000)=ANY=[@ANYBLOB="a6170000020000008126"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee4, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={&(0x7f0000000100)=@nameseq={0x1e, 0x3, 0x0, {0xe0007cc61fb31236}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8044800}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x455}, 0x10)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(0xffffffffffffffff, r5, 0x0)
read$char_usb(r6, &(0x7f00000002c0)=""/91, 0x5b)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
getsockopt$nfc_llcp(r7, 0x118, 0x4, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@getchain={0x64, 0x66, 0x4, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xf}, {0xfff2, 0xc}, {0x5, 0xfff2}}, [{0x8, 0xb, 0x7ff}, {0x8, 0xb, 0x104}, {0x8, 0xb, 0x805}, {0x8, 0xb, 0x8}, {0x8, 0xb, 0xffff}, {0x8, 0xb, 0x400}, {0x8, 0xb, 0xffff0000}, {0x8, 0xb, 0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x240408c4}, 0x44080)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1c, 0xc, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES64=0x0, @ANYRES64=r0], 0x0, 0xffffffff, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x48)
io_uring_setup(0x4168, &(0x7f0000000480)={0x0, 0x5f4e, 0x800, 0x2, 0x218, 0x0, r6})
executing program 1:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4}, 0x50)
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000080)=<r1=>0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000280)={{r0}, r1, 0x4, @unused=[0x60b, 0x9, 0x3], @devid})
socketpair(0x22, 0x2, 0x3, &(0x7f0000000240))
executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1c0)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = getpgid(0xffffffffffffffff)
capget(&(0x7f00000002c0)={0x20071026, r0}, &(0x7f0000000300)={0x0, 0x3, 0x2, 0x0, 0x7, 0x81})
chdir(&(0x7f00000001c0)='./bus\x00')
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x804418, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f00000017c0)={0x10, 0x1405, 0x1, 0x70bd28, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x20004004}, 0x4000010)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg(r2, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x820067c0563725f1)
r3 = dup3(0xffffffffffffffff, r1, 0x0)
openat$cgroup_ro(r3, 0x0, 0x0, 0x0)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f0000000140)={'nat\x00', 0x0, 0x4, 0x1000, [0x8, 0xfffffffffffffb86, 0xfff, 0xfffe, 0xec, 0xffffffffffffffff], 0x4, &(0x7f0000000000)=[{}, {}, {}, {}], &(0x7f0000000540)=""/4096}, &(0x7f0000000040)=0x78)
executing program 1:
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000000000004"])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000300)={0x0, 0x7})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x5, 0x0, 0x1})
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, 0x0}, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x800)
clock_gettime(0x3, &(0x7f0000000040))
write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0)
ioctl$BTRFS_IOC_START_SYNC(r4, 0x80089418, &(0x7f00000000c0)=<r5=>0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f0000000480)={{r3}, r5, 0x18, @unused=[0x5, 0x81, 0x80000000, 0x1a3], @subvolid})
linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x400)
executing program 4:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500672083a69db8efbccb247f5388d6583f000000000005e948ee34753fb0660352f986b8af06d3d6291645084765bd375b4eb440355a57cc76d196b049461ed45b60b00ff49a9a701328e7bf99a9f365bfa846d714babfb9431e0af77b5161609bd63f47cd045484c748afffca09ac156e133c42c822d177629c0d69a00161fdb37c3c6ec6b8f259f8e7a40bc7a5d05e072d155cf42cb86a319dcc43375edae1201b0137e9ec28b269ebb40dccf4db81ef349af71be5b27fb6c00d5d34128524ff5d52ca078db307f5f61d4751a05ce75e13ba1f87c90dd3ec8c798a21e0135ae69e924dd491028dd040891a5e84e2480ec8b0c516f718d48154c5c494e5295f65105ba1aebca7c09fb0e98f1c87b3ba38a1"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1])
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b7020000380d0000bfa30000000000000703000000feffff720af0fff8ffff1989a4f0ff00000000b7060000080000001e640000000000004504040001000000170400000c000a00b7040000ff0100006a0af2fe00000000850000001a000000b70000003f00000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c4608800000000000000005cbb5a2600"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffe49}, 0x42)
executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) (async)
syz_open_dev$dri(&(0x7f0000000000), 0xffffffffffffffff, 0x8000)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x64, r1, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x800}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\x00'}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20002000}, 0x1041)
socket(0x400000000010, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0), 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)
munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 2)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
bisect: bisecting 30 programs
bisect: split chunks (needed=false): <29>
bisect: split chunk #0 of len 29 into 3 parts
bisect: testing without sub-chunk 1/3
testing program (duration=1m45s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [30, 30, 28, 38, 30, 9, 3, 2, 5, 5, 30, 4, 18, 8, 16, 8, 14, 20, 3, 30]
detailed listing:
executing program 3:
socket(0x10, 0x3, 0x0)
poll(0x0, 0x0, 0x3)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xe, &(0x7f0000000240)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffd}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], &(0x7f0000000000)='GPL\x00', 0x99c, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000340)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000380)={0x3, 0x5, 0x81}, 0x10, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0x1, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000400)=[{0x1, 0x1, 0x9, 0x6}, {0x2, 0x5, 0xf}, {0x1, 0x5, 0xa}], 0x10, 0x5}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={r0, 0x0, 0x25, 0x8, @void}, 0x10)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x2031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = socket$caif_stream(0x25, 0x1, 0x4)
setsockopt$sock_timeval(r2, 0x1, 0x42, &(0x7f0000000180), 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x50d802, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x20000004, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x13}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x70}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000100)="e09f547ed3f02dc1fd3d6487775b", 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d34101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
inotify_init()
r8 = socket(0x10, 0x803, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/oss_mixer\x00', 0x4200, 0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', 0x0})
executing program 2:
r0 = memfd_create(&(0x7f0000000840)='\x01\x00\x00\x00\x00\x00\x00\x00\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06F\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\x82\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xc0L\x1d\x98Zq\xce\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1j$S\xfc\xb1[N\x8d\xcfI\xc8\x91\x87\x1fuYG7}%)\xb9\x00\x00\x00\x00\x00\x00\x00\x80W\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]^\x88\xecif\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1f2\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x9e\x035\x8a@\xd4\x1c\xe0\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\x00\x00\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d\xf5s\x03\x1a=\xcc\xd1\xa7\'\xa0\xaf\xf7\xec\xaf}\x0e\a\x00\x91U\xf9\x8e_f\x8e\x00\xc3r*\xc7\xaf\xe2\'\xe0f9\xde\n,\x8c8Y26\xa6u<\xca@H\xdc\xf1\xb0\xb8\x9f\xc2o\x0f\x02I\xb6\xc3xH\xc3\x88(\xb6\x97~\xea)\'\xa3:\x8d\xebc>z\xae*\xc2\x14\xe9\x89#\xe2)\x9a\xb0hR\xffa\xf8\xde\xf7q4\xcfV\xbb\xc3t\xfa\xa9\x05>\xaea\x12\xce\x1cY\a\xb16\xb9\x12v\x1dN\xe1,_3\xa9\xa36\xaa.Cj\xd4\ah\x92j\x86\xe1\x1f\xec1\xb9!lI\xc7\xbf\x85\xdd\x03\xbd\xeb\xec\xf9\xf3\xaf\xe02AzX\x9aO\x93y;\xa7,\xbb\x11\xe6\x8fn\xa0m\xf8\xcf\x92\x19\xba,\x0e\x04\xbe\xbb\xdd\x00\xb1\xb6Enr\x17\xa4\xc5)\xcc}*yN\xdc\xc3\xe0\xf2\x10\xe0<uc\xbc\xec\xe5\xc79\x9c\xcf\xa4m\x06\x12\xd0IY\x18\x15\x8d\x01P\x12/\xfct\xfe\xa0\xc7-\x9a+\xf3\xf9R\x85\xa5~\x90\xbeC\xee\xe9\'\x9fW\xa5\xfa\xb9\xc8\x85\x16\xb2\xe2\x8f\xfa)?6\x0e\xac-\x82\xe3\xc1\xf7\xd3\x04\xf7\x0e\xe7v\xb2{\xaa\xfc)\xcb\xd4D\xf6#%I\xad\xaap\xddX\x14e\x11\xd8\xb3\xe9\xf2@\x97\xfa\x16\xe9\xb4l\x0e9\xf4\x9e\xefT\xfd\x9d\x18\xba\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00X\xc1\x9c\xd7\xed\xad*\xc6\xc9\xd6\xe6\xfe*t\x06\xeb]\vr-\x04{\x86\xcb\xbb4?\xa1\xb5S\xb8\x10pg\xbd\xce\x84\xe9\xfdZ\f\xeb\xd0c\x02\xdc\x90\t\x9fRAC8\xa8', 0x6)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kvm_set_irq\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000300)="a6", 0x1, 0x20000045, 0x0, 0x0)
r5 = io_uring_setup(0x4c0c, &(0x7f0000000140)={0x0, 0x2637, 0x80, 0x2, 0x10001d4})
io_uring_register$IORING_REGISTER_EVENTFD(r5, 0x4, 0x0, 0x1)
io_uring_register$IORING_UNREGISTER_EVENTFD(r5, 0x5, 0x0, 0x0)
write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(r6)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x800)
accept$unix(0xffffffffffffffff, 0x0, &(0x7f00000001c0))
fallocate(r0, 0x0, 0x0, 0x8)
ftruncate(r0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0500000008000000e27f00000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000001000"/28], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10)
r9 = memfd_secret(0x80000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r9, 0x0)
executing program 3:
socket$inet6(0xa, 0x3, 0x4)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000540)=""/181, 0xffffffffffffffce)
ioctl$PIO_SCRNMAP(r3, 0x4b52, &(0x7f0000000000))
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000040)={0x1, 0x7, 0x3})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='cubic', 0x9)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r5 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r5, 0x29, 0x24, &(0x7f0000000080), 0x4)
sendmsg$kcm(r5, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x7, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_GETINFO(r6, 0xffffffff80000500, 0x0, &(0x7f00000002c0))
executing program 2:
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
symlink(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00')
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r1, r1) (async)
setpgid(r1, r1)
setpgid(0x0, r1) (async)
setpgid(0x0, r1)
r2 = openat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x177)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB=',rootmode=0000000000', @ANYRES32=r1, @ANYBLOB=',grou', @ANYBLOB=','])
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0xffffffffffffffff)
r4 = dup(r3)
socket$alg(0x26, 0x5, 0x0) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) (async)
bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000e40)=[{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="aa0c4f9ea197977a702a10d14a7b8eebe5d1082562ae8fcafccb0d8bc25db16b61e30bd139b699e67887222295f0de1754d29910b0d12470568ee21e1d8bc6e34ef48689168ee9cbe89f3e64459a8fc7e7a6b7aa5ba63a47a4dd620f90de0426c77feb9e6f322c37cb587ce6a31426e0969c5c3e0b36772a792ad0ef287f36ea317cc25c487e2dcb5f95d80647877ba5f9082204987fd733534cf2b6e5ed29e43326", 0xa2}, {&(0x7f0000000140)="ae284725b8a817a05d1469d3cedb57c536622fce8e691a44d9cc9f3649ffddd2df", 0x21}, {&(0x7f0000000300)="5fcbb5280006dbc7f4782d55ba500671729acaf46a46bc051dbbaaec1b32397d20f80fb0d6585d177c8b0ebb73926301571fe2deae2a4ab46700b6ede62ba6b01b16a010be6f246becb4916a0ffcebcd3529f21d7ee3a417b07a70fe4c1e21520b17c78c3008cbb469db577d7cd8bc958f09364a8b100bd761ed8adbef6b3bfc", 0x80}, {&(0x7f0000000600)="f29201c2a8ce8dfc752f7919907c32deafc8f0d19fd0aeff179543295990095400bb22c9d0d56c8ca046ad95578e60dd9006bd8922fa222b7a25c72f4bba3f08fa7db9e78253280cd44b37ee8c81867af1d64078fe141648e152481e", 0x5c}, {&(0x7f0000000680)="f13d9e59a73fd9177f972d88d7021aeae8ac0ec453a0c26e73ec4275d87e602cbdd6ad29685a7f6a320eb6d225bd89785bfa4b9f5a0fa9656513ed780c0bef4778375c42", 0x44}], 0x5, 0x0, 0x0, 0x4000000}, {0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000480)="ac55f5f4156ef4a703f48d303b3b47bd400e2bca23b55405a2", 0x19}, {&(0x7f0000000880)="6ddf659bfcc18ac6ad6975c1453207cb3ac2cc04daa9d8ba54262d65bc5de47f25d1c823c4d19f76ebf956496ba130c787ea1e59e801b648be8bc64382cd6628c1548284cfb0e734abcef76d2e940da9ea43a04d7c593eb4d6a2a7f510aea65f3ff4671bccb2b22784addba7a6423a2d261c7ab0f5cd6e1e115bbb0bd2fd9e951dbd2ed95d94c06008db08dd3f9bbe171f8dcbe5cb15819e281fb6be72ef1b99edfcdd5ad5cf42c521262b7786b1c364542f7e018efdd2ee5af0fc017aaa646def034f4f553c0d975ae51ddcb2b1", 0xce}, {&(0x7f0000000780)="ba9590c0e376f0986232adfde5eb21cb59fea52c66614075d432f14bd166e466c22139b90a695fc7e4494b6c3a57bcfecaa5", 0x32}, {&(0x7f00000007c0)="dbca006cb532d7824bf34eccaa1ac4fcc8658ea1e1a316ff820d", 0x1a}, {&(0x7f0000000980)="97f845f095c071e2d751d88f1dfd46cad8d39b29fd8e67846504df3493c9df090038962c00fd268b7d3169f90cd9dc6b23948e1f0c9f988288d73d90f8771f6d936afb3de2cb861d17f45dccc8b14a0b2fa8fcba7edbed883324221b", 0x5c}], 0x5, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000000001705000003000000000000000000000088000000000000001701000002000000730000004945e6c168da9271088acbef958309d76905526e14d8a89cc0aa959406533df8cdb5d6083345f37d06325b91f20b46a695f692b718cd5f58bbe28f5b9195ba5b115412287b9f7293b9a9425749d3f5f51aae0e29b0fee82b0eb34110829623eeefad797b8f502e0a9d169df0e3cbc008804eebb1880018000000000000001701000003000000010000000000000000010000000000001701000002000000e5000000c8cebcff8a53bd38afaf2f3b5ef66238af43432580d7e8418e5571b1d74506150f9b2275370747b704788f192cf4d5ce54889ddd019b0514ee1999961e60762dc98f3f6b820f885a910f6fcf109c4a0f64614fb6522b2eacfc3766eb3f7867e51e55cd761559c8badf09cbba4323483d3ab59109f9ebda75d8dcf2997a6ed0004872a5773236f4d454eaa2e1e10f0db2b0c99c04bcb7cc134cea2a2f14f6d83ab32341510044979a5f18fe1b48e93d03d448ddf6e5eddd637d67723a5a99d2e40db976b9719d39fa53fa857435938529ffb3ccb7cc60e4251a358f51e7839feb0a33fed023000000000000001800000000000000170100000300000000000000000000002000000000000000170100000200000008000000b9d9980c2603344b00000000800000000000000017010000020000006c000000eb6baae91c077b7173c02690e12eabc672624bdd2e6d65823b07b7b629acfc8bcd679c1d9f328aae4c9f45479e28435d89997d0f872c466805ea8b003484a7e4042da32544e817d2203b2f95fd720ff2e7d67ad3805bb7581a8096285723b5ce7bc2b24d0e3975729f64ea2f800000000000000017010000020000006b0000008403b0f8f08533965a3c64ad84e36e57b870c83ded477817db1c8d2dd87503ebd03db205f5d9395b52426c2a45010cfc983bd308e8b481ebe248a4deb1c7c2903ae9350c58c4069b388a665abfc2d9d4881bd52b58901e89dc5413fde13b304519bd468942cf0018000000000000001701000003000000010000000000"], 0x308, 0x10}], 0x2, 0x41801)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) (async)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
r4 = socket$unix(0x1, 0x1, 0x0) (rerun: 32)
bind$unix(r4, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r4, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
connect$unix(r4, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
socket(0x200000000000011, 0x2, 0x0) (async)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x61, &(0x7f0000000180)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x20000000, 0x0, 0x0, 0x41100, 0x40}, 0x94) (async)
openat$dir(0xffffffffffffff9c, 0x0, 0x200c00, 0x102) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
prlimit64(0x0, 0xf, &(0x7f0000000140)={0x8, 0x5}, 0x0) (async, rerun: 64)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async, rerun: 64)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0) (async)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
executing program 2:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000040ef1747600000ba0000010902240001000000000904000001030006000921000000012205000905810300"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
pipe2(&(0x7f0000000000)={<r2=>0x0, <r3=>0x0}, 0x0)
read$FUSE(r2, &(0x7f0000001240)={0x2020}, 0x2020)
write$binfmt_aout(r1, &(0x7f0000000380)=ANY=[], 0x20)
fcntl$setstatus(r2, 0x4, 0x42800)
splice(r1, &(0x7f0000000040), r3, 0x0, 0x808, 0x0)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000380)=ANY=[@ANYBLOB="20231f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 1)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01030000000000000000010000010900010073797a310000000054000000030a01040000000000000000010000000900030073797a31000000000900010073797a31000000003a5363780800014000000005080002401b2fd2c51400030064766d7270300000000000000000000028000000000a05000000000000000000010000080900010073797a3100000000080002400000000114000000110001"], 0xc4}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}, 0x1, 0x0, 0x0, 0x810}, 0x140)
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec445ae083a4b7fc08a086fc691", 0x28, 0x0, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="ad2293803a78"}, 0x14)
executing program 0:
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$USBDEVFS_FREE_STREAMS(r2, 0x8008551d, &(0x7f0000000000)=ANY=[@ANYBLOB="a6170000020000008126"])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee4, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000004440)={&(0x7f0000000100)=@nameseq={0x1e, 0x3, 0x0, {0xe0007cc61fb31236}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8044800}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x455}, 0x10)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(0xffffffffffffffff, r5, 0x0)
read$char_usb(r6, &(0x7f00000002c0)=""/91, 0x5b)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
getsockopt$nfc_llcp(r7, 0x118, 0x4, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@getchain={0x64, 0x66, 0x4, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xf}, {0xfff2, 0xc}, {0x5, 0xfff2}}, [{0x8, 0xb, 0x7ff}, {0x8, 0xb, 0x104}, {0x8, 0xb, 0x805}, {0x8, 0xb, 0x8}, {0x8, 0xb, 0xffff}, {0x8, 0xb, 0x400}, {0x8, 0xb, 0xffff0000}, {0x8, 0xb, 0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x240408c4}, 0x44080)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1c, 0xc, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0, @ANYRES64=0x0, @ANYRES64=r0], 0x0, 0xffffffff, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x48)
io_uring_setup(0x4168, &(0x7f0000000480)={0x0, 0x5f4e, 0x800, 0x2, 0x218, 0x0, r6})
executing program 1:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4}, 0x50)
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000080)=<r1=>0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000280)={{r0}, r1, 0x4, @unused=[0x60b, 0x9, 0x3], @devid})
socketpair(0x22, 0x2, 0x3, &(0x7f0000000240))
executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1c0)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = getpgid(0xffffffffffffffff)
capget(&(0x7f00000002c0)={0x20071026, r0}, &(0x7f0000000300)={0x0, 0x3, 0x2, 0x0, 0x7, 0x81})
chdir(&(0x7f00000001c0)='./bus\x00')
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x804418, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f00000017c0)={0x10, 0x1405, 0x1, 0x70bd28, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x20004004}, 0x4000010)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg(r2, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x820067c0563725f1)
r3 = dup3(0xffffffffffffffff, r1, 0x0)
openat$cgroup_ro(r3, 0x0, 0x0, 0x0)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f0000000140)={'nat\x00', 0x0, 0x4, 0x1000, [0x8, 0xfffffffffffffb86, 0xfff, 0xfffe, 0xec, 0xffffffffffffffff], 0x4, &(0x7f0000000000)=[{}, {}, {}, {}], &(0x7f0000000540)=""/4096}, &(0x7f0000000040)=0x78)
executing program 1:
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000000000004"])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000300)={0x0, 0x7})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x5, 0x0, 0x1})
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, 0x0}, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x800)
clock_gettime(0x3, &(0x7f0000000040))
write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0)
ioctl$BTRFS_IOC_START_SYNC(r4, 0x80089418, &(0x7f00000000c0)=<r5=>0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f0000000480)={{r3}, r5, 0x18, @unused=[0x5, 0x81, 0x80000000, 0x1a3], @subvolid})
linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x400)
executing program 4:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500672083a69db8efbccb247f5388d6583f000000000005e948ee34753fb0660352f986b8af06d3d6291645084765bd375b4eb440355a57cc76d196b049461ed45b60b00ff49a9a701328e7bf99a9f365bfa846d714babfb9431e0af77b5161609bd63f47cd045484c748afffca09ac156e133c42c822d177629c0d69a00161fdb37c3c6ec6b8f259f8e7a40bc7a5d05e072d155cf42cb86a319dcc43375edae1201b0137e9ec28b269ebb40dccf4db81ef349af71be5b27fb6c00d5d34128524ff5d52ca078db307f5f61d4751a05ce75e13ba1f87c90dd3ec8c798a21e0135ae69e924dd491028dd040891a5e84e2480ec8b0c516f718d48154c5c494e5295f65105ba1aebca7c09fb0e98f1c87b3ba38a1"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1])
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b7020000380d0000bfa30000000000000703000000feffff720af0fff8ffff1989a4f0ff00000000b7060000080000001e640000000000004504040001000000170400000c000a00b7040000ff0100006a0af2fe00000000850000001a000000b70000003f00000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c4608800000000000000005cbb5a2600"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffe49}, 0x42)
executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) (async)
syz_open_dev$dri(&(0x7f0000000000), 0xffffffffffffffff, 0x8000)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x64, r1, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x800}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\x00'}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20002000}, 0x1041)
socket(0x400000000010, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0), 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)
munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 2)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/3
testing program (duration=1m42s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 4, 18, 8, 16, 8, 14, 20, 3, 30]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4}, 0x50)
ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000080)=<r1=>0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000280)={{r0}, r1, 0x4, @unused=[0x60b, 0x9, 0x3], @devid})
socketpair(0x22, 0x2, 0x3, &(0x7f0000000240))
executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1c0)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = getpgid(0xffffffffffffffff)
capget(&(0x7f00000002c0)={0x20071026, r0}, &(0x7f0000000300)={0x0, 0x3, 0x2, 0x0, 0x7, 0x81})
chdir(&(0x7f00000001c0)='./bus\x00')
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x804418, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000001880)={&(0x7f00000017c0)={0x10, 0x1405, 0x1, 0x70bd28, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x20004004}, 0x4000010)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg(r2, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x820067c0563725f1)
r3 = dup3(0xffffffffffffffff, r1, 0x0)
openat$cgroup_ro(r3, 0x0, 0x0, 0x0)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r3, 0x0, 0x83, &(0x7f0000000140)={'nat\x00', 0x0, 0x4, 0x1000, [0x8, 0xfffffffffffffb86, 0xfff, 0xfffe, 0xec, 0xffffffffffffffff], 0x4, &(0x7f0000000000)=[{}, {}, {}, {}], &(0x7f0000000540)=""/4096}, &(0x7f0000000040)=0x78)
executing program 1:
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000000000000004"])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000300)={0x0, 0x7})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x5, 0x0, 0x1})
executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x2, 0x0, 0x0}, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x800)
clock_gettime(0x3, &(0x7f0000000040))
write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0)
ioctl$BTRFS_IOC_START_SYNC(r4, 0x80089418, &(0x7f00000000c0)=<r5=>0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r2, 0x5000943a, &(0x7f0000000480)={{r3}, r5, 0x18, @unused=[0x5, 0x81, 0x80000000, 0x1a3], @subvolid})
linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x400)
executing program 4:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500672083a69db8efbccb247f5388d6583f000000000005e948ee34753fb0660352f986b8af06d3d6291645084765bd375b4eb440355a57cc76d196b049461ed45b60b00ff49a9a701328e7bf99a9f365bfa846d714babfb9431e0af77b5161609bd63f47cd045484c748afffca09ac156e133c42c822d177629c0d69a00161fdb37c3c6ec6b8f259f8e7a40bc7a5d05e072d155cf42cb86a319dcc43375edae1201b0137e9ec28b269ebb40dccf4db81ef349af71be5b27fb6c00d5d34128524ff5d52ca078db307f5f61d4751a05ce75e13ba1f87c90dd3ec8c798a21e0135ae69e924dd491028dd040891a5e84e2480ec8b0c516f718d48154c5c494e5295f65105ba1aebca7c09fb0e98f1c87b3ba38a1"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1])
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xe, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b7020000380d0000bfa30000000000000703000000feffff720af0fff8ffff1989a4f0ff00000000b7060000080000001e640000000000004504040001000000170400000c000a00b7040000ff0100006a0af2fe00000000850000001a000000b70000003f00000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c4608800000000000000005cbb5a2600"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffe49}, 0x42)
executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) (async)
syz_open_dev$dri(&(0x7f0000000000), 0xffffffffffffffff, 0x8000)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x64, r1, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x800}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\x00'}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20002000}, 0x1041)
socket(0x400000000010, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0), 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)
munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 2)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 3/3
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_connect$cdc_ncm-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')

program did not crash
bisect: split chunks (needed=true): <9>
bisect: split chunk #0 of len 9 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m41s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 14, 20, 3, 30]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) (async)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f}) (async)
syz_open_dev$dri(&(0x7f0000000000), 0xffffffffffffffff, 0x8000)
close_range(r0, 0xffffffffffffffff, 0x0)
executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x64, r1, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x20}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x800}, @NBD_ATTR_BACKEND_IDENTIFIER={0x5, 0xa, '\x00'}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20002000}, 0x1041)
socket(0x400000000010, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, 0x2}, 0x1c)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0), 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)
munlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 2)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <4>
bisect: split chunk #0 of len 4 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 3, 30]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) (fail_nth: 2)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <2>
bisect: split chunk #0 of len 2 into 2 parts
bisect: testing without sub-chunk 1/2
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [5, 30]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
bisect: the chunk can be dropped
bisect: testing without sub-chunk 2/2
bisect: no need to test this chunk, it's definitely needed
bisect: split chunks (needed=true): <1>
bisect: split chunk #0 of len 1 into 2 parts
bisect: no way to further split the chunk
bisect: 2 programs left: 

executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)


bisect: trying to concatenate
bisect: concatenate 2 entries
minimizing program #0 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 30]
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 30]
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 30]
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x88, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x2, 0x1, 0xbe, 0x90, 0x87, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "4ed1fb9a2823"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x37, 0xfff}, {0x6, 0x24, 0x1a, 0x6, 0x20}, [@mbim_extended={0x8, 0x24, 0x1c, 0x24a2, 0x2, 0x4}, @network_terminal={0x7, 0x24, 0xa, 0xa, 0x81, 0x46, 0x8}, @obex={0x5, 0x24, 0x15, 0x4}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x6f, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x5f6, 0x0, 0xb, 0x37}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xc, 0x7, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x9, 0x28, 0x94, 0x40, 0x9}, 0xb, &(0x7f0000000180)={0x5, 0xf, 0xb, 0x2, [@ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x3, [{0x18, &(0x7f00000001c0)=@string={0x18, 0x3, "a71ce7980a3cec144ec6fe6877051238c3db80278e59"}}, {0x46, &(0x7f0000000200)=@string={0x46, 0x3, "5b9592abf83b460f43d5cac4b883fc3b0cccfbc8e9a209a7943e57960bb9f49209be57c5486aa87367fa12c2fe89c39a7074f4c80712deda3e2c3799f3cd37c2cccb011f"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x422}}]})
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 30]
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [3, 30]
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 1:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)
accept4(r9, 0x0, 0x0, 0x800)

program did not crash
minimized 5 calls -> 4 calls
minimizing program #1 before concatenation
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 29]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292", 0xc)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 28]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 27]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))
socket$alg(0x26, 0x5, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 26]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf, 0x9, &(0x7f0000000080))

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 25]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r8 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r8, 0xffff)
ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x0, 0x8000})

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 24]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r7 = memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)
ftruncate(r7, 0xffff)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 23]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
memfd_create(&(0x7f00000007c0)='y\x10XDJ\xb4\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00u\"\xb9J\xcd(W+\x00\x04\x87\x1c1\xc7\x9f\xde\r-\xb8Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\xd5\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VwA\xaf\xc6\x90i\xa1\xb5\xd2\xbe\xcfAMq%M\xa2\x1e\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8c\x06A2@\xf6\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2\ng\xf1\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\xd9\xbd\xd9\xaf\x12$\x8dOA\xcd\x05H\xa5A\x01\x00\x00\x00\x00\x00\x00\x00\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xbbd\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$WV\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1^\'\xfe>h\xa5\xa1\x0e\x05o\a\x96\x81\xaa\xfd3\xe5q\xd6\xe9\x9dx\xbai,^%\xeb\xc2\x14g,\x9b=\xac=b\xedI\x1b\xd4%\xcdr\xdc\xb3\xb8#\x96\xa6\x1eK\xf9\x84r,J\xd5\xb6(o\xf4\xa2XFc\xc9\x8cKJ\x84\x84\x15\xdeS\xbf\xd0\xd2R\xa1\xf8\xf8\xd7{[\xfb.\x0ee\x93a\x96a\x85Nu\x15\x04:\xa7\xbf!O\x0e\x8e\xf6\x9f\x19n@\x02U\x97\x17\x96\xaf\xac\x93\x00\x00\x00\x00\x00\x00\x00\x8f\tH=\x81!a\x9f\xb6\x89 \x82(\x99\xc5\x82>\x1f\xac\xf90\xc5\xcc\xd4rlEX.\xf8\xc00VR\x82\xb3\x8f\xa3\x96N\x00\xef\xcf\xb9\x01\x17\x00\x99\xbe\"\x7fn\xcez\xf0\xe5\xa1\x81r)5\x82G\x80b\xc6\xd4\xcb`\xbb\x1f\x80\xe4\xae\xec\x1556\xabZ\x9e\xda\xc8\xce\xc7Eyt\f\xb5o?\xafL-+/\x16\x96J\x95G\xec\xf8C=P\xe8\xe6\\\x16_>f\xb5D\xdc\x9b\xec\x1f\x85@\xbd\xad~\xb3E\xee\xe6T\xe5\x0e\x93', 0x2)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 22]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 21]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 20]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 19]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 18]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 17]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 16]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 16]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 16]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 16]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 16]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 16]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 16]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 15]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 14]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 13]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 12]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f00000000c0))
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 12]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040), 0x2002, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 12]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 11]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 10]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 10]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [4, 10]
detailed listing:
executing program 3:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
executing program 0:
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program did not crash
minimized 30 calls -> 11 calls
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-socket$tipc-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix-connect$unix
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
bisect: concatenation succeeded
found reproducer with 15 syscalls
minimizing guilty program
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-socket$tipc-sched_setscheduler-getpid-sched_setscheduler-mmap-socketpair$unix
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-socket$tipc-sched_setscheduler-getpid-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-socket$tipc-sched_setscheduler-getpid-sched_setscheduler
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-socket$tipc-sched_setscheduler-getpid-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-socket$tipc-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-socket$tipc-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
socket$tipc(0x1e, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-ioctl$BTRFS_IOC_GET_SUBVOL_INFO-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000000c0))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-getpid-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: use-after-free Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, &(0x7f00000004c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
testing program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=2m30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
simplifying C reproducer
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program did not crash
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing compiled C program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
testing program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
validation run: crashed=true
testing program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
validation run: crashed=true
testing program (duration=2m30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:false Wifi:true IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write-prlimit64-sched_setscheduler-mmap
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x2, &(0x7f00000004c0)='P\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

program crashed: KASAN: slab-out-of-bounds Read in mcp2221_raw_event
validation run: crashed=true
reproducing took 3h27m48.826486652s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0x1070/0x10a0 drivers/hid/hid-mcp2221.c:948
Read of size 1 at addr ffff8880721cbfff by task kworker/0:7/6094

CPU: 0 UID: 0 PID: 6094 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: usb_hub_wq hub_event
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xcd/0x630 mm/kasan/report.c:482
 kasan_report+0xe0/0x110 mm/kasan/report.c:595
 mcp2221_raw_event+0x1070/0x10a0 drivers/hid/hid-mcp2221.c:948
 __hid_input_report.constprop.0+0x314/0x450 drivers/hid/hid-core.c:2139
 hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:286
 __usb_hcd_giveback_urb+0x38b/0x610 drivers/usb/core/hcd.c:1661
 usb_hcd_giveback_urb+0x39b/0x450 drivers/usb/core/hcd.c:1745
 dummy_timer+0x1809/0x3a00 drivers/usb/gadget/udc/dummy_hcd.c:1995
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1841
 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1858
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1052
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:kasan_check_range+0x12/0x1b0 mm/kasan/generic.c:199
Code: 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 85 f6 0f 84 64 01 00 00 48 89 f8 41 54 <44> 0f b6 c2 48 01 f0 55 53 0f 82 d7 00 00 00 eb 0f cc cc cc 48 b8
RSP: 0018:ffffc900037b6b60 EFLAGS: 00000202
RAX: ffff888077da86b0 RBX: ffff888077da8668 RCX: ffffffff819803ae
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff888077da86b0
RBP: ffff888077da86b0 R08: 0000000000000002 R09: 0000000000000000
R10: ffff888077da866f R11: 0000000000000000 R12: ffffffff8c6df2a0
R13: ffffffff9ae57620 R14: 0000000000000000 R15: ffff888026709978
 instrument_atomic_write include/linux/instrumented.h:82 [inline]
 atomic_set include/linux/atomic/atomic-instrumented.h:67 [inline]
 osq_lock_init include/linux/osq_lock.h:25 [inline]
 __mutex_init+0xae/0x120 kernel/locking/mutex.c:53
 i2c_register_adapter+0x15d/0x1370 drivers/i2c/i2c-core-base.c:1544
 i2c_add_adapter drivers/i2c/i2c-core-base.c:1673 [inline]
 i2c_add_adapter+0x10a/0x1b0 drivers/i2c/i2c-core-base.c:1653
 devm_i2c_add_adapter+0x1b/0x90 drivers/i2c/i2c-core-base.c:1845
 mcp2221_probe+0x5f1/0xc50 drivers/hid/hid-mcp2221.c:1289
 __hid_device_probe drivers/hid/hid-core.c:2775 [inline]
 hid_device_probe+0x5ba/0x8d0 drivers/hid/hid-core.c:2812
 call_driver_probe drivers/base/dd.c:581 [inline]
 really_probe+0x241/0xa90 drivers/base/dd.c:659
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:801
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:959
 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1031
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1aa0 drivers/base/core.c:3689
 hid_add_device+0x31b/0x5c0 drivers/hid/hid-core.c:2951
 usbhid_probe+0xd38/0x13f0 drivers/hid/usbhid/hid-core.c:1435
 usb_probe_interface+0x303/0xa40 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:581 [inline]
 really_probe+0x241/0xa90 drivers/base/dd.c:659
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:801
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:959
 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1031
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1aa0 drivers/base/core.c:3689
 usb_set_configuration+0x1187/0x1e20 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:250
 usb_probe_device+0xef/0x3e0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:581 [inline]
 really_probe+0x241/0xa90 drivers/base/dd.c:659
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:801
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:959
 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1031
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1aa0 drivers/base/core.c:3689
 usb_new_device+0xd07/0x1a60 drivers/usb/core/hub.c:2694
 hub_port_connect drivers/usb/core/hub.c:5566 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5706 [inline]
 port_event drivers/usb/core/hub.c:5870 [inline]
 hub_event+0x2f34/0x4fe0 drivers/usb/core/hub.c:5952
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Allocated by task 5918:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:56
 kasan_save_track+0x14/0x30 mm/kasan/common.c:77
 poison_kmalloc_redzone mm/kasan/common.c:400 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:417
 kmalloc_noprof include/linux/slab.h:957 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 ipv6_add_addr+0x4e3/0x1fe0 net/ipv6/addrconf.c:1120
 add_addr+0xde/0x350 net/ipv6/addrconf.c:3201
 add_v4_addrs+0x642/0x980 net/ipv6/addrconf.c:3263
 addrconf_gre_config net/ipv6/addrconf.c:3545 [inline]
 addrconf_init_auto_addrs+0x51a/0x810 net/ipv6/addrconf.c:3559
 addrconf_notify+0xe93/0x19e0 net/ipv6/addrconf.c:3740
 notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2229
 call_netdevice_notifiers_extack net/core/dev.c:2267 [inline]
 call_netdevice_notifiers net/core/dev.c:2281 [inline]
 __dev_notify_flags+0x12c/0x2e0 net/core/dev.c:9676
 netif_change_flags+0x108/0x160 net/core/dev.c:9705
 do_setlink.constprop.0+0xb53/0x4380 net/core/rtnetlink.c:3151
 rtnl_changelink net/core/rtnetlink.c:3769 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3928 [inline]
 rtnl_newlink+0x1446/0x2000 net/core/rtnetlink.c:4065
 rtnetlink_rcv_msg+0x95e/0xe90 net/core/rtnetlink.c:6954
 netlink_rcv_skb+0x158/0x420 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8c8/0xdd0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x4a3/0x520 net/socket.c:2244
 __do_sys_sendto net/socket.c:2251 [inline]
 __se_sys_sendto net/socket.c:2247 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2247
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff8880721cbc00
 which belongs to the cache kmalloc-cg-512 of size 512
The buggy address is located 583 bytes to the right of
 allocated 440-byte region [ffff8880721cbc00, ffff8880721cbdb8)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x721c8
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88813ff30140 ffffea0001e68c00 dead000000000002
raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88813ff30140 ffffea0001e68c00 dead000000000002
head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000002 ffffea0001c87201 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5796, tgid 5796 (sshd-session), ts 52056965840, free_ts 15121629475
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1c0/0x230 mm/page_alloc.c:1850
 prep_new_page mm/page_alloc.c:1858 [inline]
 get_page_from_freelist+0x10a3/0x3a30 mm/page_alloc.c:3884
 __alloc_frozen_pages_noprof+0x25f/0x2470 mm/page_alloc.c:5183
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2416
 alloc_slab_page mm/slub.c:3039 [inline]
 allocate_slab mm/slub.c:3212 [inline]
 new_slab+0x24a/0x360 mm/slub.c:3266
 ___slab_alloc+0xdc4/0x1ae0 mm/slub.c:4636
 __slab_alloc.constprop.0+0x63/0x110 mm/slub.c:4755
 __slab_alloc_node mm/slub.c:4831 [inline]
 slab_alloc_node mm/slub.c:5253 [inline]
 __do_kmalloc_node mm/slub.c:5626 [inline]
 __kmalloc_node_track_caller_noprof+0x4db/0x8a0 mm/slub.c:5736
 kmalloc_reserve+0xef/0x2c0 net/core/skbuff.c:601
 __alloc_skb+0x166/0x380 net/core/skbuff.c:670
 alloc_skb include/linux/skbuff.h:1383 [inline]
 alloc_skb_with_frags+0xe0/0x860 net/core/skbuff.c:6671
 sock_alloc_send_pskb+0x7f9/0x980 net/core/sock.c:2965
 unix_stream_sendmsg+0x39f/0x1340 net/unix/af_unix.c:2455
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 sock_write_iter+0x566/0x610 net/socket.c:1195
 new_sync_write fs/read_write.c:593 [inline]
 vfs_write+0x7d3/0x11d0 fs/read_write.c:686
 ksys_write+0x1f8/0x250 fs/read_write.c:738
page last free pid 1 tgid 1 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1394 [inline]
 __free_frozen_pages+0x7df/0x1160 mm/page_alloc.c:2906
 __free_pages mm/page_alloc.c:5302 [inline]
 free_contig_range+0x183/0x4b0 mm/page_alloc.c:7146
 destroy_args+0xb69/0x12e0 mm/debug_vm_pgtable.c:958
 debug_vm_pgtable+0x1a32/0x3640 mm/debug_vm_pgtable.c:1345
 do_one_initcall+0x123/0x6e0 init/main.c:1283
 do_initcall_level init/main.c:1345 [inline]
 do_initcalls init/main.c:1361 [inline]
 do_basic_setup init/main.c:1380 [inline]
 kernel_init_freeable+0x5c8/0x920 init/main.c:1593
 kernel_init+0x1c/0x2b0 init/main.c:1483
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Memory state around the buggy address:
 ffff8880721cbe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8880721cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880721cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                                ^
 ffff8880721cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880721cc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	0f 1f 40 00          	nopl   0x0(%rax)
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	0f 1f 40 d6          	nopl   -0x2a(%rax)
  1c:	48 85 f6             	test   %rsi,%rsi
  1f:	0f 84 64 01 00 00    	je     0x189
  25:	48 89 f8             	mov    %rdi,%rax
  28:	41 54                	push   %r12
* 2a:	44 0f b6 c2          	movzbl %dl,%r8d <-- trapping instruction
  2e:	48 01 f0             	add    %rsi,%rax
  31:	55                   	push   %rbp
  32:	53                   	push   %rbx
  33:	0f 82 d7 00 00 00    	jb     0x110
  39:	eb 0f                	jmp    0x4a
  3b:	cc                   	int3
  3c:	cc                   	int3
  3d:	cc                   	int3
  3e:	48                   	rex.W
  3f:	b8                   	.byte 0xb8

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0x1070/0x10a0 drivers/hid/hid-mcp2221.c:948
Read of size 1 at addr ffff8880721cbfff by task kworker/0:7/6094

CPU: 0 UID: 0 PID: 6094 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
Workqueue: usb_hub_wq hub_event
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:378 [inline]
 print_report+0xcd/0x630 mm/kasan/report.c:482
 kasan_report+0xe0/0x110 mm/kasan/report.c:595
 mcp2221_raw_event+0x1070/0x10a0 drivers/hid/hid-mcp2221.c:948
 __hid_input_report.constprop.0+0x314/0x450 drivers/hid/hid-core.c:2139
 hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:286
 __usb_hcd_giveback_urb+0x38b/0x610 drivers/usb/core/hcd.c:1661
 usb_hcd_giveback_urb+0x39b/0x450 drivers/usb/core/hcd.c:1745
 dummy_timer+0x1809/0x3a00 drivers/usb/gadget/udc/dummy_hcd.c:1995
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x202/0xad0 kernel/time/hrtimer.c:1841
 hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1858
 handle_softirqs+0x219/0x8e0 kernel/softirq.c:622
 __do_softirq kernel/softirq.c:656 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x109/0x170 kernel/softirq.c:723
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:739
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline]
 sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1052
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:kasan_check_range+0x12/0x1b0 mm/kasan/generic.c:199
Code: 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 85 f6 0f 84 64 01 00 00 48 89 f8 41 54 <44> 0f b6 c2 48 01 f0 55 53 0f 82 d7 00 00 00 eb 0f cc cc cc 48 b8
RSP: 0018:ffffc900037b6b60 EFLAGS: 00000202
RAX: ffff888077da86b0 RBX: ffff888077da8668 RCX: ffffffff819803ae
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff888077da86b0
RBP: ffff888077da86b0 R08: 0000000000000002 R09: 0000000000000000
R10: ffff888077da866f R11: 0000000000000000 R12: ffffffff8c6df2a0
R13: ffffffff9ae57620 R14: 0000000000000000 R15: ffff888026709978
 instrument_atomic_write include/linux/instrumented.h:82 [inline]
 atomic_set include/linux/atomic/atomic-instrumented.h:67 [inline]
 osq_lock_init include/linux/osq_lock.h:25 [inline]
 __mutex_init+0xae/0x120 kernel/locking/mutex.c:53
 i2c_register_adapter+0x15d/0x1370 drivers/i2c/i2c-core-base.c:1544
 i2c_add_adapter drivers/i2c/i2c-core-base.c:1673 [inline]
 i2c_add_adapter+0x10a/0x1b0 drivers/i2c/i2c-core-base.c:1653
 devm_i2c_add_adapter+0x1b/0x90 drivers/i2c/i2c-core-base.c:1845
 mcp2221_probe+0x5f1/0xc50 drivers/hid/hid-mcp2221.c:1289
 __hid_device_probe drivers/hid/hid-core.c:2775 [inline]
 hid_device_probe+0x5ba/0x8d0 drivers/hid/hid-core.c:2812
 call_driver_probe drivers/base/dd.c:581 [inline]
 really_probe+0x241/0xa90 drivers/base/dd.c:659
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:801
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:959
 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1031
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1aa0 drivers/base/core.c:3689
 hid_add_device+0x31b/0x5c0 drivers/hid/hid-core.c:2951
 usbhid_probe+0xd38/0x13f0 drivers/hid/usbhid/hid-core.c:1435
 usb_probe_interface+0x303/0xa40 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:581 [inline]
 really_probe+0x241/0xa90 drivers/base/dd.c:659
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:801
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:959
 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1031
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1aa0 drivers/base/core.c:3689
 usb_set_configuration+0x1187/0x1e20 drivers/usb/core/message.c:2210
 usb_generic_driver_probe+0xb1/0x110 drivers/usb/core/generic.c:250
 usb_probe_device+0xef/0x3e0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:581 [inline]
 really_probe+0x241/0xa90 drivers/base/dd.c:659
 __driver_probe_device+0x1de/0x440 drivers/base/dd.c:801
 driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:831
 __device_attach_driver+0x1df/0x310 drivers/base/dd.c:959
 bus_for_each_drv+0x159/0x1e0 drivers/base/bus.c:462
 __device_attach+0x1e4/0x4b0 drivers/base/dd.c:1031
 bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:537
 device_add+0x1148/0x1aa0 drivers/base/core.c:3689
 usb_new_device+0xd07/0x1a60 drivers/usb/core/hub.c:2694
 hub_port_connect drivers/usb/core/hub.c:5566 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5706 [inline]
 port_event drivers/usb/core/hub.c:5870 [inline]
 hub_event+0x2f34/0x4fe0 drivers/usb/core/hub.c:5952
 process_one_work+0x9cf/0x1b70 kernel/workqueue.c:3263
 process_scheduled_works kernel/workqueue.c:3346 [inline]
 worker_thread+0x6c8/0xf10 kernel/workqueue.c:3427
 kthread+0x3c5/0x780 kernel/kthread.c:463
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Allocated by task 5918:
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:56
 kasan_save_track+0x14/0x30 mm/kasan/common.c:77
 poison_kmalloc_redzone mm/kasan/common.c:400 [inline]
 __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:417
 kmalloc_noprof include/linux/slab.h:957 [inline]
 kzalloc_noprof include/linux/slab.h:1094 [inline]
 ipv6_add_addr+0x4e3/0x1fe0 net/ipv6/addrconf.c:1120
 add_addr+0xde/0x350 net/ipv6/addrconf.c:3201
 add_v4_addrs+0x642/0x980 net/ipv6/addrconf.c:3263
 addrconf_gre_config net/ipv6/addrconf.c:3545 [inline]
 addrconf_init_auto_addrs+0x51a/0x810 net/ipv6/addrconf.c:3559
 addrconf_notify+0xe93/0x19e0 net/ipv6/addrconf.c:3740
 notifier_call_chain+0xbc/0x410 kernel/notifier.c:85
 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:2229
 call_netdevice_notifiers_extack net/core/dev.c:2267 [inline]
 call_netdevice_notifiers net/core/dev.c:2281 [inline]
 __dev_notify_flags+0x12c/0x2e0 net/core/dev.c:9676
 netif_change_flags+0x108/0x160 net/core/dev.c:9705
 do_setlink.constprop.0+0xb53/0x4380 net/core/rtnetlink.c:3151
 rtnl_changelink net/core/rtnetlink.c:3769 [inline]
 __rtnl_newlink net/core/rtnetlink.c:3928 [inline]
 rtnl_newlink+0x1446/0x2000 net/core/rtnetlink.c:4065
 rtnetlink_rcv_msg+0x95e/0xe90 net/core/rtnetlink.c:6954
 netlink_rcv_skb+0x158/0x420 net/netlink/af_netlink.c:2552
 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
 netlink_unicast+0x5aa/0x870 net/netlink/af_netlink.c:1346
 netlink_sendmsg+0x8c8/0xdd0 net/netlink/af_netlink.c:1896
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 __sys_sendto+0x4a3/0x520 net/socket.c:2244
 __do_sys_sendto net/socket.c:2251 [inline]
 __se_sys_sendto net/socket.c:2247 [inline]
 __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2247
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff8880721cbc00
 which belongs to the cache kmalloc-cg-512 of size 512
The buggy address is located 583 bytes to the right of
 allocated 440-byte region [ffff8880721cbc00, ffff8880721cbdb8)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x721c8
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88813ff30140 ffffea0001e68c00 dead000000000002
raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000040 ffff88813ff30140 ffffea0001e68c00 dead000000000002
head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
head: 00fff00000000002 ffffea0001c87201 00000000ffffffff 00000000ffffffff
head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5796, tgid 5796 (sshd-session), ts 52056965840, free_ts 15121629475
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1c0/0x230 mm/page_alloc.c:1850
 prep_new_page mm/page_alloc.c:1858 [inline]
 get_page_from_freelist+0x10a3/0x3a30 mm/page_alloc.c:3884
 __alloc_frozen_pages_noprof+0x25f/0x2470 mm/page_alloc.c:5183
 alloc_pages_mpol+0x1fb/0x550 mm/mempolicy.c:2416
 alloc_slab_page mm/slub.c:3039 [inline]
 allocate_slab mm/slub.c:3212 [inline]
 new_slab+0x24a/0x360 mm/slub.c:3266
 ___slab_alloc+0xdc4/0x1ae0 mm/slub.c:4636
 __slab_alloc.constprop.0+0x63/0x110 mm/slub.c:4755
 __slab_alloc_node mm/slub.c:4831 [inline]
 slab_alloc_node mm/slub.c:5253 [inline]
 __do_kmalloc_node mm/slub.c:5626 [inline]
 __kmalloc_node_track_caller_noprof+0x4db/0x8a0 mm/slub.c:5736
 kmalloc_reserve+0xef/0x2c0 net/core/skbuff.c:601
 __alloc_skb+0x166/0x380 net/core/skbuff.c:670
 alloc_skb include/linux/skbuff.h:1383 [inline]
 alloc_skb_with_frags+0xe0/0x860 net/core/skbuff.c:6671
 sock_alloc_send_pskb+0x7f9/0x980 net/core/sock.c:2965
 unix_stream_sendmsg+0x39f/0x1340 net/unix/af_unix.c:2455
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg net/socket.c:742 [inline]
 sock_write_iter+0x566/0x610 net/socket.c:1195
 new_sync_write fs/read_write.c:593 [inline]
 vfs_write+0x7d3/0x11d0 fs/read_write.c:686
 ksys_write+0x1f8/0x250 fs/read_write.c:738
page last free pid 1 tgid 1 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1394 [inline]
 __free_frozen_pages+0x7df/0x1160 mm/page_alloc.c:2906
 __free_pages mm/page_alloc.c:5302 [inline]
 free_contig_range+0x183/0x4b0 mm/page_alloc.c:7146
 destroy_args+0xb69/0x12e0 mm/debug_vm_pgtable.c:958
 debug_vm_pgtable+0x1a32/0x3640 mm/debug_vm_pgtable.c:1345
 do_one_initcall+0x123/0x6e0 init/main.c:1283
 do_initcall_level init/main.c:1345 [inline]
 do_initcalls init/main.c:1361 [inline]
 do_basic_setup init/main.c:1380 [inline]
 kernel_init_freeable+0x5c8/0x920 init/main.c:1593
 kernel_init+0x1c/0x2b0 init/main.c:1483
 ret_from_fork+0x675/0x7d0 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Memory state around the buggy address:
 ffff8880721cbe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff8880721cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880721cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                                ^
 ffff8880721cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff8880721cc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	0f 1f 40 00          	nopl   0x0(%rax)
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	90                   	nop
   d:	90                   	nop
   e:	90                   	nop
   f:	90                   	nop
  10:	90                   	nop
  11:	90                   	nop
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	0f 1f 40 d6          	nopl   -0x2a(%rax)
  1c:	48 85 f6             	test   %rsi,%rsi
  1f:	0f 84 64 01 00 00    	je     0x189
  25:	48 89 f8             	mov    %rdi,%rax
  28:	41 54                	push   %r12
* 2a:	44 0f b6 c2          	movzbl %dl,%r8d <-- trapping instruction
  2e:	48 01 f0             	add    %rsi,%rax
  31:	55                   	push   %rbp
  32:	53                   	push   %rbx
  33:	0f 82 d7 00 00 00    	jb     0x110
  39:	eb 0f                	jmp    0x4a
  3b:	cc                   	int3
  3c:	cc                   	int3
  3d:	cc                   	int3
  3e:	48                   	rex.W
  3f:	b8                   	.byte 0xb8