Extracting prog: 15m40.241592744s
Minimizing prog: 26m43.761873576s
Simplifying prog options: 0s
Extracting C: 34.371537238s
Simplifying C: 11m2.62008952s


extracting reproducer from 11 programs
testing a last program of every proc
single: executing 4 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-setsockopt$inet6_tcp_int-sendto$inet6-openat$qat_adf_ctl-ioctl$IOCTL_START_ACCEL_DEV-sendmmsg$inet6-getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE-socket$inet_udp-bind$inet-sendmmsg$inet-sendmmsg$inet-socket-socket$nl_generic-syz_genetlink_get_family_id$nl80211-openat$cgroup_ro-syz_usb_control_io$hid-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$mptcp-sendmsg$MPTCP_PM_CMD_ADD_ADDR-socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-socket$inet_mptcp-connect$inet-socket$nl_generic-syz_genetlink_get_family_id$mptcp
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x8}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f00000000c0)="b2", 0x1, 0x24008844, &(0x7f0000000040)={0xa, 0x2, 0x80398, @empty, 0xfffffffe}, 0x1c)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r1, 0x40096102, &(0x7f0000000140))
sendmmsg$inet6(r0, &(0x7f0000002800)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000100)="93", 0x1}], 0x1}}], 0x1, 0x819)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000479000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/184, 0xb8, 0x1, 0x0}, &(0x7f0000000340)=0x40)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000600)=[{{&(0x7f0000000680)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendmmsg$inet(r2, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000a40)={0x2, 0x4e24, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="180a00000062de79000000020000020700000086e6ffff3a040000"], 0x18}}], 0x2, 0x40)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000240)=ANY=[@ANYBLOB="0010dfff1a6b7561"], 0x0, 0x0, 0x0, 0x0})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0x74)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_GET_VRING_ENDIAN-syz_usb_connect-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$hid-syz_usb_control_io$cdc_ncm-socket$inet_sctp-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-close_range-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$rtl8150
detailed listing:
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x3})
r1 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000005c0)={{0x80a0000, 0x0, 0x10, 0x2d, 0x4, 0x7, 0x0, 0x4, 0x0, 0x6, 0x5, 0x5}, {0x54000, 0x100000, 0xa, 0x5, 0xc, 0x16, 0x2, 0x6, 0x7, 0x9, 0x5, 0xe}, {0xffffffff, 0xdddd1000, 0x3, 0x7, 0xfc, 0x1, 0xfa, 0x2c, 0x0, 0x7, 0xe3, 0xd}, {0xd000, 0x2000, 0x1d, 0xf8, 0x0, 0x8, 0x2, 0x0, 0x64, 0x3, 0x1, 0x6d}, {0xb000, 0x1000, 0xc, 0xc1, 0x81, 0x4, 0x16, 0xf, 0xf7, 0x6, 0x9, 0x95}, {0x1dddd0000, 0x1, 0xb, 0x0, 0x1, 0x6, 0x2c, 0x1, 0x8, 0x7, 0x68, 0x8}, {0x58000, 0x26000, 0x9, 0xf7, 0x1, 0x3, 0x82, 0x5, 0x9, 0x3, 0xe, 0x3}, {0x60000, 0x1000, 0x9, 0x8, 0xb3, 0x2, 0x40, 0x2, 0x1, 0xfd, 0x1}, {0x10000, 0x2}, {0x2000, 0x9}, 0x8004002b, 0x0, 0xeeee8000, 0x400, 0x9, 0x2000, 0x30000, [0x0, 0x7, 0x1, 0x9]})
close_range(r2, 0xffffffffffffffff, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0})

program did not crash
program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CAP_X86_DISABLE_EXITS-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN-ioctl$KVM_SET_IRQCHIP
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000240)={0x8f, 0x0, 0x2})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x20000000000000)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x8000000, 0x9, 0xe04438e, 0xfffffffe, 0x0, [{0x2, 0x4, 0x5, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0x6, '\x00', 0xf}, {0x7, 0x9, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0x4}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x4, 0x28, 0x80, '\x00', 0x9c}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x1, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0xc, 0x45, '\x00', 0xc}, {0x7, 0x1, 0x7, '\x00', 0xc2}, {0x8, 0x80, 0xf, '\x00', 0x7f}, {0x1, 0x9, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x3, '\x00', 0x10}, {0x9, 0x23, 0xf3, '\x00', 0x4}, {0x8, 0x2, 0x4, '\x00', 0x2}]}})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_connect$uac1-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x1, 0x0, 0x0, &(0x7f00000014c0)={0x0, 0x0, 0x76, &(0x7f0000001180)={0x5, 0xf, 0x76, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "339f80482a45695280984621292b8771"}, @ss_container_id={0x14, 0x10, 0x4, 0xb8, "5d346cf682fa447abebf5c7ef8a0cbcb"}, @generic={0x49, 0x10, 0xb, "0ffc063072b34f6b649638bf24a59f531b48fe4eeadad45376667d28cb8f2eba6dbb564524557f7a9fc299801e26618927fff92328dfffa7d4b773c7748db12396807e4ddefc"}]}, 0x5, [{0x4, &(0x7f0000001240)=@lang_id={0x4, 0x3, 0x820}}, {0x92, &(0x7f0000001280)=@string={0x92, 0x3, "b9369e6036ff25bb4924afb85bf9b6706bd37862f84b3534b2d0b230ed6e977e1eb02eb5ef5b958ded595bf7f9274e904145303984be9f806f03a94a31ee0d1f1a61115bbfc8bde0b0273f3ee96c687e6059bb06d40ddd10c0f00b4a7b4fa913d7faa6ba9c613f4a49e99e2ce95640a722e50b07afba6b9384f0c262280b054112ac5821671f19fde8aa654700331acb"}}, {0x4, &(0x7f0000001340)=@lang_id={0x4, 0x3, 0x410}}, {0xf0, &(0x7f0000001380)=@string={0xf0, 0x3, "12b5b073bc5c76760bdc15748c24129ead1c26e004cddee675090a7b082b1ea9f940321076593091fa4149b832728c944a72ce3ffda4c86f71a28942e55e45cce3d5278589811dd0b0e3d9cba8f21e183ec8e9006a4bb45737a426d15eeef6876ab0d175507eae3d079ce12654247d4f11b7929698a553f3f3124e66f06909029a8f1204086d5ef3dd5e50a7ef53d563266b80c7e86725c5041b87aeb80062c8dfbaaae1a146cb22040ff0108c083f1ee5a2693396974d03ee21cbb601bdb2db08e8005f3e0df002a5e0923b8edb7e7835a6eb7e1ad0f23d1d63f83b34a8617474710fedbb996afe8a1270fc6e67"}}, {0x4, &(0x7f0000001480)=@lang_id={0x4, 0x3, 0xc04}}]})
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program did not crash
single: failed to extract reproducer
bisect: bisecting 11 programs with base timeout 30s
testing program (duration=32s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [15, 15, 5, 29, 5, 17, 5, 23, 8, 18, 30]
detailed listing:
executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x61, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4f, 0x1, 0x1, 0x2, 0x40, 0x2, [{{0x9, 0x4, 0x0, 0x2, 0x3, 0x2, 0x6, 0x0, 0x9, {{0x9, 0x24, 0x6, 0x0, 0x0, "0dfdea55"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x4, 0xa, 0x8001, 0x3}, [@dmm={0x6, 0x24, 0x14, 0x9}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x10, 0xf8, 0x0, 0x4}}], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x9, 0xe7, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0xb, 0xee, 0x8a}}}}}]}}]}}, &(0x7f0000000140)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x4, 0x2, 0x7, 0xdf, 0xd0}, 0x12, &(0x7f00000000c0)=ANY=[@ANYBLOB="0532120003"], 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x415}}]})
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffb, 0x122c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x1ffffe, 0x0, 0x0, 0x4, 0x4, "339f020bbe82b38b000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef6a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r4, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@rights={{0x14, 0x1, 0x1, [r4]}}], 0x18, 0x4000801}, 0xd0)
recvmsg$unix(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000013c0)}, 0x0)
setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f0000000080)={0x1}, 0x1)
setsockopt(r2, 0x3, 0x4943, &(0x7f00000000c0)="c37acb9d6ac07da851c73c0e1c9877a5c2ddf2b4406c22fe1a0c5666b178037f4dee0d36adde0d251f73aa27ccc7cacc4de208aa6aee7c93c148eb35bef8096c6696d281df71b1ab81f4f3a9976f4087c2e8ef71b78419d268d01606adc5302fead318ccb48ed01c24bf9deef811f86c48e6fcfea27e82bb28c436bc57ec3612dd87dfce1a9ce09aa2d7a1161f6b9e36614ae21ef5a58db072e36e49a544", 0x9e)
syz_usb_connect(0x2, 0x24, &(0x7f0000004600)={{0x12, 0x1, 0x200, 0x26, 0xf4, 0x24, 0x10, 0x5e9, 0x9, 0x295a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x3, 0x3, 0xe0, 0x7, [{{0x9, 0x4, 0xb4, 0x6, 0x0, 0xfe, 0xc7, 0x28, 0xb4}}]}}]}}, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
r5 = dup(r1)
read$FUSE(r5, &(0x7f0000003c40)={0x2020}, 0xffffff0a)
executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000100)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000140)=0x18)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001008000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x20010, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000240), 0x200000000000004, 0x20002)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000001740)={0x0, 0x400, 0x8})
ioctl$VIDIOC_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f0000000000)={0x0, 0x0, '\x00', @raw_data=[0x8001, 0x6, 0x81, 0x2, 0xfffffffd, 0x708a, 0x0, 0x6, 0xd4e, 0x10b, 0x4, 0x0, 0x4, 0x5cc, 0x0, 0x40fff, 0x553b2758, 0xa, 0x80000001, 0x1, 0x80, 0x4, 0x7, 0xffffff81, 0x2, 0x1, 0xcb, 0x5, 0x393a00, 0x401, 0xffff0000, 0x1ff]})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00008fb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000eb4000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000180)={0x2, 0x4e20, @loopback}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000740)="d39446efecd38eb775ab8e5b3153a564d7269a1c974e10552d185c0eb9eec0ca6c9516836a629b7d2603f558ede55b391ef9bc70b04276285d72e96dcbefbbf8bfa2e480e6d1740e806cb214ef3ce2f766ba1a2485bfee2e70d40462434ccd17c6176948d2e600f47c242e0bdf759ebe04632730c8b7ea204d2972e5e1b9bfe0e4ccf6c262b48b5646e63615d409847a0b7e5df1ecc74e2e12616676767bc4bfa08a77574670603e8e1d2e61308a3cf203ee68b075eb4bfd3b16bba02490494d75084f370750cd71b3eb7f6a0c291be6c0c6f7473e83a3b8f905722b66d9229d425f30e9ce3c97d1442e745a4cd8fbe6a20b6aa04de59c132fa07b8c9be6421ee50590efef4a490525fb121fb1a07216e24baf90039a021a67cf991277dbb6511277c3ea243703abd5f247a89d1898ad902b96ab3664bcb4e74c9a51788ae6a5f6d1256f751712aa74b3d49d564bd5a740e65d92212eb5f2cf9147238cbed4dfcbb17cc8b9ffed86ba8c9a809696b42b14cebfc16cb784d74064d93fa0589b92468112e8a19e6fe7a41fe5efbd98d2d1f5ef15cbe68c90b7a54d95a70f10536f250a582a26566f7b4798a606669c1ecc29e77d392cd38894eb28f7c42379c7684a37de652cf0525b174cb831502135c331bc01278550979be30872354123eda513cc2eb66f66cf8019c6b649972bdb2444f673b6d108f30ce5e138d85fd52bc0723c13934aa185191d8745a81803d12efcc126705389e013af44ce588735af4834fa1fb9d6a98e0f3178a90326c56a0b89d409f668e0144fab06eb05c35ea7234f8de2e9e37acae5902cac69ccb8f92bda037ff2b3e5095ee897c24f61eb00a83c86d54966afe52a9e5ded78763223ab0566ce1316ca541a9f169a536e566020c02a5229230735abda36bdc624fb92ba8b03f1c32b17c6cd5a8d8db1df78909274d96ffc9d5a9a1024576285e4f207ba29402edee91584e0504bfbe95233b4e4e39230501f2cc805b91933d73ac138cbcb7268a61d16119f84893299eb10011990287e64dc10a7dd811a1e473ec59ef82470be1a7ebd95e2e17f3c2dc45cea7cafbb4eba273246812a134269629cc82eafdaed887e959fc130d9286938625147364cf92ec021fb94ff2eaedb82a31b6f0e2c425d3c7a628814a3a310dc4963ad6ab9bed73200b1597e206138ddbf444a2eba2d2fcf7f8df9850bb847500fd6de316bf26f3cfdea2e59fbb673f0d302e2f4eb17d9e469ca4dfa387065532d833622c851f24b1a752a0de7bf386b0704f14c56d6888edfbc1cf7758735500ba0888cb17367da3ec13a802f2ae3fcb420d078d26c902a534c69a26b7aee44b8d1d36ba508e7ddd79b3f6ceacb917f075ec9b3a2539c08a40308699259d42fd6547e4cde5b09458dfeb5bf6a79f032bee2f709a5f465f06cc84c2b17c12e579234c4027d9be571ee38dc7b8785a3cae22814642df47a8dafc631a921d865e2290413668d401979d1f0b60ee90a788a6d26830338737e7e58bcde9c7163f0fe70482e3c3de3b1c40cfa7b4ecbed3b3cb86da7a4dd7090df250c963ab6f8c00e087fb686414d78d15599ab81cab3d14b213ed3a057db46f91c119a7228533ea89f1b36dd13a5ed837379fbc5a43b972bbe380d0b2bbfbad260692130f8ec8297132a547e2e40b90358c54c48a3df54ed49367b8c0ca3274ce39caad2437f8bcefd5d5d574e1cd340107eebc78fe3f1216864d73a3ab91fb132f23b56073d3ae8e0281ef305cc77a43d4fdd3e26587dcfc191e0823ea187200b5a59434c1b5969c35056d078a192bf8b7ceca48d9da5205f4d5e04315b85faf6ce88277671d8d67ec70ba6957e14a756b57f4bddf912271bf5cf85ce345d308a7175404183f6898c87b6ab829c508f26363ef8bbb9a2b59c686c9ffa58616e59efdbfb8af8b19726351d63f39897c226a736aa7d205a5cd6372e9174cacc0d7017ca84a934ec349d68741f99869c67f4b010c82104d6e1c40f2a621f71e168e5fb8e9e69b418e08e6ca2c6c903f1ba84b9e8419131c941db5d590eac5e0f3890524b5701eb2f63c42867e67e7cdf243712f6a588b66f5fd0e052496e28003c0a5d782438f4371fa49e87a08c2d0539275cff221640a941ecd17475ca8e5a57605a4753c65ba888704a1d91f5a57bc5e245db886d30180e8994c9293c09cce50cf41f571f7ce15ef233b8040d19395c96363a72f307f1df35477aaefa3286b8aa5e1f11a4b129e97c9a41ade1d879ea2f4030dfb931b5b46b83915ca0e78dbc57726155bae91135ea606be93adfc94fa7356a63812dc294c03b994b576d26478958515882e2028461e99dbcd18e449dfe2626b38f22bf5a5a206bad931805f424d34d822b1103462af24c6745d135ee626049598ca4f1d14e3611803759e316c71bf49e3a523fd2c192e49a5c242f65d23bd3160ad33750a197c9bfc2c475fc36d1851ff9c75e0f7b07bd66ee5cab73b505231c5fcf1ff557b1a9b35f460066a3488df80e98d7bc6c4050a3b58391b31daca3eb321a49f2bfebd62a341cf15f628c171e07f9ff156be7ec17451049dd64f7bcae3b119d49c2c96ef2be2ccb6c4ed18c41b02ef0d208543b7f7b72d6c408889d456a2281eb7a5c1c804e68f9844488837dfb139a7904c2540afe32a618394416eff35f0a708248659d45bfdac01d305ce0d55904415bcce22ec96c147cfd08a32e52950a1e79316f6cf02ebfce0e7467673685ab4be211cbee4ae3a72b2b62cc093bcec69faf979146c0a7408edd3e5cd3523d3b18066c990419cf1c09befdc571bf95af1509f024586528329f7c9cc07d4af707d4b916b762455e2c69ad4699a624cfa9231fa66addd7d0c4906e44a48cd178b0ae62fa7873b6500184208b8a1f29d8dab31ac54efc01c5bc21056803a5d7617e0e1b27d255a6144129725932a0d47759d0f5be305a40454c543bdc1bf4a3723042e84a69fa20c366f2c94ef4a2825970dca37cca050dd5ca361f4fdb64a112abf23698ed1226ca2edbca1f11f1ae1321240dcdeb9013cb18b20d589c366bd5bdfca43b4d72b67f1c71f658a350e8c6393a88d57adc605024bfdb1c1a48e07b7f86b8bbde50446919ee0e3f532199ec3917cf736d6cd5d79fff9d8cb886f34c04b1001b81cc2689f7e7c448a2dd0115d1fb53a0b7f1723f17a5610f564854c21910ffa7acf6e7a9c631c6a24f4f9f0a5162f525c44a7a4a53503cfbc9c5b82716d4156b0eb0ae0dbe26f1b79d3030c24afee4737bafcd9967c8a0142ac47168aa9c45fe60ab21302a8e5dd87f0e780fb21fa6e4e7941a1b1077faf7792b683386d4d7b3241eb6ebb802595ef87bc4c36888f392fdc941202a0a3b5646023b5916dc1df41f7f899e89e7e3c23a0d7eeb056ade0dc2212f182a9168e13d18ebad288d0bf9e530a05ca87caac906d847091f80c6122e0b9e82eb6a42829a537ed898418fc455f54f37142d487962846b6167f9e2d43b2db93eee5d7691bd4e3434653ed9237d6b9e7befd844b47cace5fdbd87fa65b8c68b014a14182129773706562dc835cf815d87bc14ae053da8de5fe093416e139c25a678d5a52d0a86d44b563373c0130e2e22757eb3080404947ec7c66ba7b2ce57ef9c9c654e8bf06e6cda506b7e78947fe9a225c66686ea59217eb48c6a57c6d453d0a72b1d55ca0680e36b365d462cf24784bebe939e9dfb1256a57a4290fcef7b7c2746feebcaf47571cb826c05b31a42a54a95c5756fda160c30a26cf0214545c08e50e768126ffcfa2092b062693571419ceb9a821290447e1e4b3c542575edb0e359c6beaa4a774b07ca300c4ecf0574b5b837251cadeeb53cbe59c963cb196e347d23dd049716549d92d0e761f8e71ab87d88836c625658730cc4b49036b72efd31e0eae781a3fa61c247d86f46a772406dbb71123d7140df02421230d182469730c94e1e245de6984e20bf58063e948714f94ea3720e6325a7e02de8e6cd21130b6c8ef8519830c7e2ed73d8574ed660e5072b8d0540682df12270ead3968f04341dafdaac73327e5b39603e6f9a85964a7b6cf5d457e2d990faa8c1774698c1b9875956c412e66c1188f23f09aea26edee42f1b8c3e74563ffd1cd24c810a455ec08ae7d885b2522e021712526fd41d67cff6e021211ca00579447d8446e93b9464c6eb45161955d1705b0b112ef00a425142836db3ff3e99c7f94d6ef90fb00bff396076c3cbd230ded95302540051f6b8315cef9d8132aa54f216792279829abba16e198be3646df2f555eddf34d9c637b932f0a024c074f05377f13212b5c2070fefebd6b3d0a458386167e6af8f11934db9808c57c96d8a4e7996f49c0b19d24782d7d74c3c49244ccc64d6a666c8871874f50f1f2a2d9bb4ffd9a163ef810e7e63935c6d3062c0a4cd7190ab3e0a72c68d3a8c0674ed6fd685e4e86f2ac4540141412a8b559aa309d6e4edc54bcabe8cedd58bd95213c357492ea64a07bc6ad49d88668fdfd4b7929bbcefa7d1abe4aae40857393fbd85c8eb662217003bbd9afc60058c53fe4ca637c40904a7cf3202c1fd9cbc9497626c4a868d5536092d1c36f8de7f82ab9f7b138f1343a576816e147783f46d3f21ff1e99c2e351395fcaa159e9be13e20dbe2888bbbf641d1dcd31b297a92fa0c1186b439ec28da085e204a93ca7eef1803f237c66e7cbece824bcdea01271296ebb047ad61a2db3ee97e5d0d429e99954ec4660b0ad19939c3eaad8304a5801fdb5838393d3d747b26f9918ef71e271060bfaa74ce2d1aaf320bcd4d43c707375f07550b827dc075990eaeb20245594acc8dcc3796f842312f8734fa4503236c78bf0a40601d0b859b6dd860553bb3f879caf980506300fe8f7daddf194800245a266324cf4dcee5abf56573bd595781dc43886ebb9617ba8b26e5443de1c4ea60d1d7d5ccabe2f2888c7d3e408cd1d8aa176f828fc341b3849a8756d34be80c772c7959a59a2650068479a29d523705633518e6de04a202f40ebc2768ac38c278a426e71f654c9e4081347cbed7b9ffccc299933a905dfe3094fb7a97b41b6eaceae1d8c16f3ca25489a80a973424f02c1be597b2711e5e44b87825106d43e8b6b6669da3347d4340a5835bc95b84af653a262b76d9a0f00e560393cb0e5d3c57dfc2cb901a5d8b9e30b9287a4e0c8acd6585b0047386f5512107643e992dfe3255fd15f8488576b95d04b9be199568293efc64a6cc958d0cdaceda62f8156f3867651fcf4883e8d4b8b374a22f741a61213f6dd8bff4eb4e8f9e35dafc2054ea3a820f6167db57ce9f499df9878bf587df20b42a8957dbb165d53ad361c9074d4d01c432fb89ef0d5d20f044c097512632fb73c6b048710e4719ed46993a839429973a56e1c07ba2ba1f04ec9880f335e4f4b7318c686cca505b0045f85dd0c4653b7ef69b232fb19022d362b26e131fe5ec261318d74393ac01d7416b2644e215a813dcd6170af85a4704065e9e2fcb4f321293e5164a265bdf0deeb36796261964125440d1ff1048f9ce12ba16613e8fa631485ed8dfd76c1aca4f9ce4e84b1512e752dfa27063ae2e4a02d82e6cb2986107e79172495156e0095f4e2970c0516839a22b37cc86ae69c5e88a18761ee2dc233cd9f7b5f491f5f73ba956c311b62cc1db99258df9fd41a08b3446fce2b6621907a398fadef3998e911cf3f4b4821f80c1360ee33999c62a76876a32d236cd623733ea096cab3c3a3844e4f1778957cac18595f46673bac7369e2b06c71", 0x1000}, {&(0x7f00000001c0)="07e9c4ba297fe4ce6b172e1d51dbab163148ef0e9379e9b8d17d0f7f833e7bb32385ea7ca38f6f62f5abee53", 0x2c}, {&(0x7f0000000280)="1b03978ddd80d4e9f3988709979fafc86187ee90b09b481afa04f2106c3f2365177d08356cb6ad89dd5a8b32468cfbc9ea2a23f02940bb381722e18c34c105867a074f13d697f76b20e748d10f420acd568612df728dbd34eb756c0e5231936144c64e4c2fed4b2a964d3fd9eaae67cef03431b36129a4224d445c66055e1ae7c3d8a6595f6bdca604548342438a7762135628e76bef1517039a9227952dfcc6a618d1a5257e3ad579826851d23b0f6b64d56c31bce086429228bf6a2aa37468cbacb2cceb2102fee59bc6f5612b6e7207ab670d47404a995b356f31531592be9ba9bc65aeaec25f7d462b70ac0f5c1e53acaf03056ce726", 0xf8}], 0x3, &(0x7f0000000380)=[@ip_tos_int={{0x14}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_retopts={{0xc4, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x3c, 0x20, 0x3, 0x0, [{@loopback, 0x10000}, {@private=0xa010100}, {@broadcast, 0x9}, {@dev={0xac, 0x14, 0x14, 0x2d}, 0x6}, {@empty, 0x9019}, {@local, 0x8000}, {@private=0xa010100, 0x1291}]}, @lsrr={0x83, 0xf, 0x52, [@multicast1, @empty, @dev={0xac, 0x14, 0x14, 0x1}]}, @ra={0x94, 0x4}, @rr={0x7, 0xb, 0xe2, [@loopback, @multicast2]}, @timestamp_prespec={0x44, 0x3c, 0x98, 0x3, 0x9, [{@dev={0xac, 0x14, 0x14, 0xf}, 0x7ff}, {@remote, 0x5}, {@multicast2, 0x1}, {@rand_addr=0x64010100, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, {@local, 0xff}, {@multicast1, 0x2}]}, @rr={0x7, 0x1b, 0x16, [@empty, @multicast1, @empty, @local, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}], 0xf8}, 0x40091)
syz_io_uring_setup(0x7688, &(0x7f0000000040)={0x0, 0x800389b, 0x0, 0x3, 0x19e}, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000640)={0x2, @win={{0xffff7fff, 0x9, 0xa, 0x7}, 0x1, 0x0, 0x0, 0xfffffff9, 0x0, 0xa}})
executing program 2:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x1, 0x0, 0x0, &(0x7f00000014c0)={0x0, 0x0, 0x76, &(0x7f0000001180)={0x5, 0xf, 0x76, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "339f80482a45695280984621292b8771"}, @ss_container_id={0x14, 0x10, 0x4, 0xb8, "5d346cf682fa447abebf5c7ef8a0cbcb"}, @generic={0x49, 0x10, 0xb, "0ffc063072b34f6b649638bf24a59f531b48fe4eeadad45376667d28cb8f2eba6dbb564524557f7a9fc299801e26618927fff92328dfffa7d4b773c7748db12396807e4ddefc"}]}, 0x5, [{0x4, &(0x7f0000001240)=@lang_id={0x4, 0x3, 0x820}}, {0x92, &(0x7f0000001280)=@string={0x92, 0x3, "b9369e6036ff25bb4924afb85bf9b6706bd37862f84b3534b2d0b230ed6e977e1eb02eb5ef5b958ded595bf7f9274e904145303984be9f806f03a94a31ee0d1f1a61115bbfc8bde0b0273f3ee96c687e6059bb06d40ddd10c0f00b4a7b4fa913d7faa6ba9c613f4a49e99e2ce95640a722e50b07afba6b9384f0c262280b054112ac5821671f19fde8aa654700331acb"}}, {0x4, &(0x7f0000001340)=@lang_id={0x4, 0x3, 0x410}}, {0xf0, &(0x7f0000001380)=@string={0xf0, 0x3, "12b5b073bc5c76760bdc15748c24129ead1c26e004cddee675090a7b082b1ea9f940321076593091fa4149b832728c944a72ce3ffda4c86f71a28942e55e45cce3d5278589811dd0b0e3d9cba8f21e183ec8e9006a4bb45737a426d15eeef6876ab0d175507eae3d079ce12654247d4f11b7929698a553f3f3124e66f06909029a8f1204086d5ef3dd5e50a7ef53d563266b80c7e86725c5041b87aeb80062c8dfbaaae1a146cb22040ff0108c083f1ee5a2693396974d03ee21cbb601bdb2db08e8005f3e0df002a5e0923b8edb7e7835a6eb7e1ad0f23d1d63f83b34a8617474710fedbb996afe8a1270fc6e67"}}, {0x4, &(0x7f0000001480)=@lang_id={0x4, 0x3, 0xc04}}]})
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")
executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfe, {{@in6=@empty, @in6=@remote, 0x0, 0x33, 0x0, 0x0, 0xa, 0x60, 0x30}, {0x0, 0x7f, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x200, 0xfeffffffffffffff}, {0x3, 0x0, 0x0, 0x1}, 0x6, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000100)={<r3=>0x0}, &(0x7f0000000280)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000480)={r3, 0xac, &(0x7f0000000300)=[@in6={0xa, 0x4e22, 0x7, @mcast1, 0xc076}, @in6={0xa, 0x4e20, 0xd, @loopback, 0xb1}, @in6={0xa, 0x4e23, 0x60e2, @local}, @in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e20, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6}, @in={0x2, 0x4e21, @rand_addr=0x64010102}, @in6={0xa, 0x4e24, 0x1000, @remote}]}, &(0x7f00000004c0)=0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@updpolicy={0xc4, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@multicast1, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x80, 0x60, 0x0, 0x0, 0xee01}, {0x0, 0x1000000000000401, 0xfffffffffffffffc, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x77, 0x3, 0x0, 0x100000000007fff}, 0xffffffff, 0x6e6bb1, 0x1, 0x0, 0x3}, [@mark={0xc, 0x15, {0x35075b, 0x7}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x20000080}, 0x0)
sendto$inet6(r1, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
get_mempolicy(0x0, &(0x7f00000001c0), 0x8001, &(0x7f0000717000/0x4000)=nil, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x10000)
mkdir(&(0x7f0000000000)='./file0\x00', 0xb65954f38e4c490b)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$pokeuser(0x6, r5, 0x380, 0x3)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x128)
lseek(r6, 0x2, 0x1)
lsetxattr$security_evm(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x1)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
getdents64(r6, 0x0, 0x0)
executing program 3:
r0 = shmget$private(0x0, 0x4000, 0x40, &(0x7f0000013000/0x4000)=nil)
r1 = shmat(r0, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
shmat(r0, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
shmdt(r1)
executing program 3:
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xa0, 0x29, 0x4, {0x2c, 0x10, '\x00', [@enc_lim={0x4, 0x1, 0xfd}, @generic={0xfe, 0x56, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252"}, @generic={0x80, 0x9, "09e12e5f0b6bdcf72f"}, @ra={0x5, 0x2, 0xa7e}, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x8, "e80ec8b633e304ec"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x18, 0x29, 0x36, {0x5e}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x0, 0x70, 0x0, [@mcast2]}}}], 0x128}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0x4e22, 0xc, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x3}, 0x1c)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x500000000000000)
executing program 1:
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x5e, 0xc9, 0x5e, 0x20, 0x7ca, 0xb800, 0x76b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x41, 0x2, 0x0, 0x3}}]}}]}}, 0x0) (async, rerun: 64)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r1) (rerun: 64)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x50)
executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
shutdown(r0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x2000, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000100)={0x8}, 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x154})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f000076f000/0x4000)=nil, 0x4000}, 0x1})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r6=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x2, r6}, 0x10)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0xfc, 0x1000000, 0x0})
r7 = syz_open_dev$loop(&(0x7f0000000000), 0x6, 0x4000)
ioctl$LOOP_SET_CAPACITY(r7, 0x4c07)
executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000240)={0x8f, 0x0, 0x2})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x20000000000000)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x8000000, 0x9, 0xe04438e, 0xfffffffe, 0x0, [{0x2, 0x4, 0x5, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0x6, '\x00', 0xf}, {0x7, 0x9, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0x4}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x4, 0x28, 0x80, '\x00', 0x9c}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x1, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0xc, 0x45, '\x00', 0xc}, {0x7, 0x1, 0x7, '\x00', 0xc2}, {0x8, 0x80, 0xf, '\x00', 0x7f}, {0x1, 0x9, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x3, '\x00', 0x10}, {0x9, 0x23, 0xf3, '\x00', 0x4}, {0x8, 0x2, 0x4, '\x00', 0x2}]}})
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x3})
r1 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000005c0)={{0x80a0000, 0x0, 0x10, 0x2d, 0x4, 0x7, 0x0, 0x4, 0x0, 0x6, 0x5, 0x5}, {0x54000, 0x100000, 0xa, 0x5, 0xc, 0x16, 0x2, 0x6, 0x7, 0x9, 0x5, 0xe}, {0xffffffff, 0xdddd1000, 0x3, 0x7, 0xfc, 0x1, 0xfa, 0x2c, 0x0, 0x7, 0xe3, 0xd}, {0xd000, 0x2000, 0x1d, 0xf8, 0x0, 0x8, 0x2, 0x0, 0x64, 0x3, 0x1, 0x6d}, {0xb000, 0x1000, 0xc, 0xc1, 0x81, 0x4, 0x16, 0xf, 0xf7, 0x6, 0x9, 0x95}, {0x1dddd0000, 0x1, 0xb, 0x0, 0x1, 0x6, 0x2c, 0x1, 0x8, 0x7, 0x68, 0x8}, {0x58000, 0x26000, 0x9, 0xf7, 0x1, 0x3, 0x82, 0x5, 0x9, 0x3, 0xe, 0x3}, {0x60000, 0x1000, 0x9, 0x8, 0xb3, 0x2, 0x40, 0x2, 0x1, 0xfd, 0x1}, {0x10000, 0x2}, {0x2000, 0x9}, 0x8004002b, 0x0, 0xeeee8000, 0x400, 0x9, 0x2000, 0x30000, [0x0, 0x7, 0x1, 0x9]})
close_range(r2, 0xffffffffffffffff, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0})
executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x8}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f00000000c0)="b2", 0x1, 0x24008844, &(0x7f0000000040)={0xa, 0x2, 0x80398, @empty, 0xfffffffe}, 0x1c)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r1, 0x40096102, &(0x7f0000000140))
sendmmsg$inet6(r0, &(0x7f0000002800)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000100)="93", 0x1}], 0x1}}], 0x1, 0x819)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000479000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/184, 0xb8, 0x1, 0x0}, &(0x7f0000000340)=0x40)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000600)=[{{&(0x7f0000000680)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendmmsg$inet(r2, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000a40)={0x2, 0x4e24, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="180a00000062de79000000020000020700000086e6ffff3a040000"], 0x18}}], 0x2, 0x40)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000240)=ANY=[@ANYBLOB="0010dfff1a6b7561"], 0x0, 0x0, 0x0, 0x0})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0x74)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 4 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_tcp-bind$inet6-setsockopt$inet6_tcp_int-sendto$inet6-openat$qat_adf_ctl-ioctl$IOCTL_START_ACCEL_DEV-sendmmsg$inet6-getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE-socket$inet_udp-bind$inet-sendmmsg$inet-sendmmsg$inet-socket-socket$nl_generic-syz_genetlink_get_family_id$nl80211-openat$cgroup_ro-syz_usb_control_io$hid-syz_init_net_socket$bt_hci-socket$nl_generic-syz_genetlink_get_family_id$mptcp-sendmsg$MPTCP_PM_CMD_ADD_ADDR-socket$inet6_tcp-close-socket$inet6_mptcp-bind$inet6-listen-socket$inet_mptcp-connect$inet-socket$nl_generic-syz_genetlink_get_family_id$mptcp
detailed listing:
executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x3, @loopback, 0x8}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f00000000c0)="b2", 0x1, 0x24008844, &(0x7f0000000040)={0xa, 0x2, 0x80398, @empty, 0xfffffffe}, 0x1c)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(r1, 0x40096102, &(0x7f0000000140))
sendmmsg$inet6(r0, &(0x7f0000002800)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000100)="93", 0x1}], 0x1}}], 0x1, 0x819)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000479000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/184, 0xb8, 0x1, 0x0}, &(0x7f0000000340)=0x40)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
sendmmsg$inet(r2, &(0x7f0000000600)=[{{&(0x7f0000000680)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044)
sendmmsg$inet(r2, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000a40)={0x2, 0x4e24, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="180a00000062de79000000020000020700000086e6ffff3a040000"], 0x18}}], 0x2, 0x40)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000240)=ANY=[@ANYBLOB="0010dfff1a6b7561"], 0x0, 0x0, 0x0, 0x0})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r5, 0x74)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$vhost_vsock-ioctl$VHOST_SET_VRING_BASE-ioctl$VHOST_GET_VRING_ENDIAN-syz_usb_connect-syz_usb_control_io-syz_usb_control_io$uac1-syz_usb_control_io$hid-syz_usb_control_io$cdc_ncm-socket$inet_sctp-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_SREGS-close_range-syz_usb_control_io$cdc_ecm-syz_usb_control_io$cdc_ncm-syz_usb_control_io$rtl8150
detailed listing:
executing program 0:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x3})
r1 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f00000005c0)={{0x80a0000, 0x0, 0x10, 0x2d, 0x4, 0x7, 0x0, 0x4, 0x0, 0x6, 0x5, 0x5}, {0x54000, 0x100000, 0xa, 0x5, 0xc, 0x16, 0x2, 0x6, 0x7, 0x9, 0x5, 0xe}, {0xffffffff, 0xdddd1000, 0x3, 0x7, 0xfc, 0x1, 0xfa, 0x2c, 0x0, 0x7, 0xe3, 0xd}, {0xd000, 0x2000, 0x1d, 0xf8, 0x0, 0x8, 0x2, 0x0, 0x64, 0x3, 0x1, 0x6d}, {0xb000, 0x1000, 0xc, 0xc1, 0x81, 0x4, 0x16, 0xf, 0xf7, 0x6, 0x9, 0x95}, {0x1dddd0000, 0x1, 0xb, 0x0, 0x1, 0x6, 0x2c, 0x1, 0x8, 0x7, 0x68, 0x8}, {0x58000, 0x26000, 0x9, 0xf7, 0x1, 0x3, 0x82, 0x5, 0x9, 0x3, 0xe, 0x3}, {0x60000, 0x1000, 0x9, 0x8, 0xb3, 0x2, 0x40, 0x2, 0x1, 0xfd, 0x1}, {0x10000, 0x2}, {0x2000, 0x9}, 0x8004002b, 0x0, 0xeeee8000, 0x400, 0x9, 0x2000, 0x30000, [0x0, 0x7, 0x1, 0x9]})
close_range(r2, 0xffffffffffffffff, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CAP_X86_DISABLE_EXITS-ioctl$KVM_CREATE_VCPU-syz_kvm_setup_cpu$x86-ioctl$KVM_RUN-ioctl$KVM_SET_IRQCHIP
detailed listing:
executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000240)={0x8f, 0x0, 0x2})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x20000000000000)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x8000000, 0x9, 0xe04438e, 0xfffffffe, 0x0, [{0x2, 0x4, 0x5, '\x00', 0x8}, {0x9, 0x8, 0x2, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0x6, '\x00', 0xf}, {0x7, 0x9, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0x4}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x4, 0x28, 0x80, '\x00', 0x9c}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x1, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0xc, 0x45, '\x00', 0xc}, {0x7, 0x1, 0x7, '\x00', 0xc2}, {0x8, 0x80, 0xf, '\x00', 0x7f}, {0x1, 0x9, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x3, '\x00', 0x10}, {0x9, 0x23, 0xf3, '\x00', 0x4}, {0x8, 0x2, 0x4, '\x00', 0x2}]}})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_connect$uac1-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x1, 0x0, 0x0, &(0x7f00000014c0)={0x0, 0x0, 0x76, &(0x7f0000001180)={0x5, 0xf, 0x76, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "339f80482a45695280984621292b8771"}, @ss_container_id={0x14, 0x10, 0x4, 0xb8, "5d346cf682fa447abebf5c7ef8a0cbcb"}, @generic={0x49, 0x10, 0xb, "0ffc063072b34f6b649638bf24a59f531b48fe4eeadad45376667d28cb8f2eba6dbb564524557f7a9fc299801e26618927fff92328dfffa7d4b773c7748db12396807e4ddefc"}]}, 0x5, [{0x4, &(0x7f0000001240)=@lang_id={0x4, 0x3, 0x820}}, {0x92, &(0x7f0000001280)=@string={0x92, 0x3, "b9369e6036ff25bb4924afb85bf9b6706bd37862f84b3534b2d0b230ed6e977e1eb02eb5ef5b958ded595bf7f9274e904145303984be9f806f03a94a31ee0d1f1a61115bbfc8bde0b0273f3ee96c687e6059bb06d40ddd10c0f00b4a7b4fa913d7faa6ba9c613f4a49e99e2ce95640a722e50b07afba6b9384f0c262280b054112ac5821671f19fde8aa654700331acb"}}, {0x4, &(0x7f0000001340)=@lang_id={0x4, 0x3, 0x410}}, {0xf0, &(0x7f0000001380)=@string={0xf0, 0x3, "12b5b073bc5c76760bdc15748c24129ead1c26e004cddee675090a7b082b1ea9f940321076593091fa4149b832728c944a72ce3ffda4c86f71a28942e55e45cce3d5278589811dd0b0e3d9cba8f21e183ec8e9006a4bb45737a426d15eeef6876ab0d175507eae3d079ce12654247d4f11b7929698a553f3f3124e66f06909029a8f1204086d5ef3dd5e50a7ef53d563266b80c7e86725c5041b87aeb80062c8dfbaaae1a146cb22040ff0108c083f1ee5a2693396974d03ee21cbb601bdb2db08e8005f3e0df002a5e0923b8edb7e7835a6eb7e1ad0f23d1d63f83b34a8617474710fedbb996afe8a1270fc6e67"}}, {0x4, &(0x7f0000001480)=@lang_id={0x4, 0x3, 0xc04}}]})
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program crashed: general protection fault in k_meta
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_connect$uac1-syz_usb_control_io
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x1, 0x0, 0x0, &(0x7f00000014c0)={0x0, 0x0, 0x76, &(0x7f0000001180)={0x5, 0xf, 0x76, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "339f80482a45695280984621292b8771"}, @ss_container_id={0x14, 0x10, 0x4, 0xb8, "5d346cf682fa447abebf5c7ef8a0cbcb"}, @generic={0x49, 0x10, 0xb, "0ffc063072b34f6b649638bf24a59f531b48fe4eeadad45376667d28cb8f2eba6dbb564524557f7a9fc299801e26618927fff92328dfffa7d4b773c7748db12396807e4ddefc"}]}, 0x5, [{0x4, &(0x7f0000001240)=@lang_id={0x4, 0x3, 0x820}}, {0x92, &(0x7f0000001280)=@string={0x92, 0x3, "b9369e6036ff25bb4924afb85bf9b6706bd37862f84b3534b2d0b230ed6e977e1eb02eb5ef5b958ded595bf7f9274e904145303984be9f806f03a94a31ee0d1f1a61115bbfc8bde0b0273f3ee96c687e6059bb06d40ddd10c0f00b4a7b4fa913d7faa6ba9c613f4a49e99e2ce95640a722e50b07afba6b9384f0c262280b054112ac5821671f19fde8aa654700331acb"}}, {0x4, &(0x7f0000001340)=@lang_id={0x4, 0x3, 0x410}}, {0xf0, &(0x7f0000001380)=@string={0xf0, 0x3, "12b5b073bc5c76760bdc15748c24129ead1c26e004cddee675090a7b082b1ea9f940321076593091fa4149b832728c944a72ce3ffda4c86f71a28942e55e45cce3d5278589811dd0b0e3d9cba8f21e183ec8e9006a4bb45737a426d15eeef6876ab0d175507eae3d079ce12654247d4f11b7929698a553f3f3124e66f06909029a8f1204086d5ef3dd5e50a7ef53d563266b80c7e86725c5041b87aeb80062c8dfbaaae1a146cb22040ff0108c083f1ee5a2693396974d03ee21cbb601bdb2db08e8005f3e0df002a5e0923b8edb7e7835a6eb7e1ad0f23d1d63f83b34a8617474710fedbb996afe8a1270fc6e67"}}, {0x4, &(0x7f0000001480)=@lang_id={0x4, 0x3, 0xc04}}]})
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_connect$uac1-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x1, 0x0, 0x0, &(0x7f00000014c0)={0x0, 0x0, 0x76, &(0x7f0000001180)={0x5, 0xf, 0x76, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x7, "339f80482a45695280984621292b8771"}, @ss_container_id={0x14, 0x10, 0x4, 0xb8, "5d346cf682fa447abebf5c7ef8a0cbcb"}, @generic={0x49, 0x10, 0xb, "0ffc063072b34f6b649638bf24a59f531b48fe4eeadad45376667d28cb8f2eba6dbb564524557f7a9fc299801e26618927fff92328dfffa7d4b773c7748db12396807e4ddefc"}]}, 0x5, [{0x4, &(0x7f0000001240)=@lang_id={0x4, 0x3, 0x820}}, {0x92, &(0x7f0000001280)=@string={0x92, 0x3, "b9369e6036ff25bb4924afb85bf9b6706bd37862f84b3534b2d0b230ed6e977e1eb02eb5ef5b958ded595bf7f9274e904145303984be9f806f03a94a31ee0d1f1a61115bbfc8bde0b0273f3ee96c687e6059bb06d40ddd10c0f00b4a7b4fa913d7faa6ba9c613f4a49e99e2ce95640a722e50b07afba6b9384f0c262280b054112ac5821671f19fde8aa654700331acb"}}, {0x4, &(0x7f0000001340)=@lang_id={0x4, 0x3, 0x410}}, {0xf0, &(0x7f0000001380)=@string={0xf0, 0x3, "12b5b073bc5c76760bdc15748c24129ead1c26e004cddee675090a7b082b1ea9f940321076593091fa4149b832728c944a72ce3ffda4c86f71a28942e55e45cce3d5278589811dd0b0e3d9cba8f21e183ec8e9006a4bb45737a426d15eeef6876ab0d175507eae3d079ce12654247d4f11b7929698a553f3f3124e66f06909029a8f1204086d5ef3dd5e50a7ef53d563266b80c7e86725c5041b87aeb80062c8dfbaaae1a146cb22040ff0108c083f1ee5a2693396974d03ee21cbb601bdb2db08e8005f3e0df002a5e0923b8edb7e7835a6eb7e1ad0f23d1d63f83b34a8617474710fedbb996afe8a1270fc6e67"}}, {0x4, &(0x7f0000001480)=@lang_id={0x4, 0x3, 0xc04}}]})
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program crashed: general protection fault in puts_queue
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, &(0x7f0000000200))

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
program crashed: general protection fault in puts_queue
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program crashed: general protection fault in puts_queue
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program crashed: general protection fault in puts_queue
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x2, {0x2, 0xa}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0xfffffdf6, &(0x7f0000000200)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c7807e8773eed7b94fa099ab84feadec2ea95f67aba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e9b8e4fb4634f8d4c0000000d75f34bb50d8f7084000000000000000000")

program crashed: general protection fault in puts_queue
validation run: crashed=true
reproducing took 59m31.076290245s
repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]
CPU: 0 UID: 0 PID: 5997 Comm: fido_id Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
RIP: 0010:__queue_work+0xa2/0xf90 kernel/workqueue.c:2269
Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
RSP: 0018:ffffc90000006eb8 EFLAGS: 00010002
RAX: 0000000000000038 RBX: 0000000000000008 RCX: ffff88802d29dac0
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff88813fe32017 R09: 1ffff11027fc6402
R10: dffffc0000000000 R11: ffffed1027fc6403 R12: dffffc0000000000
R13: ffff88813fe32010 R14: 00000000000001c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125063000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fec2da93438 CR3: 000000002c35e000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 queue_work_on+0x106/0x1d0 kernel/workqueue.c:2405
 puts_queue+0xa3/0xe0 drivers/tty/vt/keyboard.c:334
 k_fn+0x7c/0xd0 drivers/tty/vt/keyboard.c:763
 k_pad+0x79a/0xa90 drivers/tty/vt/keyboard.c:-1
 kbd_keycode drivers/tty/vt/keyboard.c:1497 [inline]
 kbd_event+0x2ec1/0x40d0 drivers/tty/vt/keyboard.c:1515
 input_handle_events_default+0xd4/0x1a0 drivers/input/input.c:2541
 input_pass_values+0x288/0x890 drivers/input/input.c:128
 input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
 input_event+0x89/0xe0 drivers/input/input.c:396
 hidinput_hid_event+0x1487/0x1e60 drivers/hid/hid-input.c:1747
 hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
 hid_input_array_field+0x41c/0x5f0 drivers/hid/hid-core.c:1677
 hid_process_report drivers/hid/hid-core.c:1719 [inline]
 hid_report_raw_event+0xdd7/0x1720 drivers/hid/hid-core.c:2074
 __hid_input_report drivers/hid/hid-core.c:2144 [inline]
 hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2166
 hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
 __usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
 dummy_timer+0xbbd/0x45d0 drivers/usb/gadget/udc/dummy_hcd.c:1995
 __run_hrtimer kernel/time/hrtimer.c:1785 [inline]
 __hrtimer_run_queues+0x529/0xc30 kernel/time/hrtimer.c:1849
 hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:vma_interval_tree_insert+0xfe/0x320 mm/interval_tree.c:23
Code: b6 01 4c 8d 7b 18 4d 89 fd 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 74 08 4c 89 ff e8 f5 9a 1e 00 49 8b 2f <48> 89 ef 4c 89 e6 e8 d7 23 b5 ff 4c 39 e5 73 24 e8 6d 21 b5 ff 48
RSP: 0018:ffffc900030d7230 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff8880710b6d30 RCX: ffff88802d29dac0
RDX: 0000000000000000 RSI: 0000000000000536 RDI: 000000000000053a
RBP: 0000000000000538 R08: ffff888034cef9cf R09: 1ffff1100699df39
R10: dffffc0000000000 R11: ffffed100699df3a R12: 000000000000053c
R13: 1ffff1100e216da9 R14: 1ffff1100699df00 R15: ffff8880710b6d48
 __vma_link_file mm/vma.c:234 [inline]
 vma_prepare+0x216/0x4b0 mm/vma.c:305
 __split_vma+0x8da/0xc20 mm/vma.c:548
 vms_gather_munmap_vmas+0x535/0x14b0 mm/vma.c:1429
 __mmap_setup mm/vma.c:2411 [inline]
 __mmap_region mm/vma.c:2741 [inline]
 mmap_region+0x85b/0x2370 mm/vma.c:2837
 do_mmap+0xc39/0x10c0 mm/mmap.c:558
 vm_mmap_pgoff+0x2c9/0x4f0 mm/util.c:581
 ksys_mmap_pgoff+0x51e/0x760 mm/mmap.c:604
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fec2db69242
Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
RSP: 002b:00007ffdc9714568 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007fec2d8d2000 RCX: 00007fec2db69242
RDX: 0000000000000003 RSI: 0000000000068000 RDI: 00007fec2d8d2000
RBP: 0000000000000812 R08: 0000000000000003 R09: 00000000004d1000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffdc9714628
R13: 00007fec2db3e580 R14: 00007ffdc97149a0 R15: 00000fffb92e28b0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__queue_work+0xa2/0xf90 kernel/workqueue.c:2269
Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
RSP: 0018:ffffc90000006eb8 EFLAGS: 00010002
RAX: 0000000000000038 RBX: 0000000000000008 RCX: ffff88802d29dac0
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff88813fe32017 R09: 1ffff11027fc6402
R10: dffffc0000000000 R11: ffffed1027fc6403 R12: dffffc0000000000
R13: ffff88813fe32010 R14: 00000000000001c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125063000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fec2da93438 CR3: 000000002c35e000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	31 ff                	xor    %edi,%edi
   2:	89 ee                	mov    %ebp,%esi
   4:	e8 4e f4 37 00       	call   0x37f457
   9:	85 ed                	test   %ebp,%ebp
   b:	0f 85 ef 0c 00 00    	jne    0xd00
  11:	e8 01 f0 37 00       	call   0x37f017
  16:	4d 8d b7 c0 01 00 00 	lea    0x1c0(%r15),%r14
  1d:	4c 89 f0             	mov    %r14,%rax
  20:	48 c1 e8 03          	shr    $0x3,%rax
  24:	48 89 44 24 28       	mov    %rax,0x28(%rsp)
* 29:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	0f 85 22 0d 00 00    	jne    0xd58
  36:	4c 89 34 24          	mov    %r14,(%rsp)
  3a:	41 8b 2e             	mov    (%r14),%ebp
  3d:	89 ee                	mov    %ebp,%esi

final repro crashed as (corrupted=false):
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]
CPU: 0 UID: 0 PID: 5997 Comm: fido_id Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
RIP: 0010:__queue_work+0xa2/0xf90 kernel/workqueue.c:2269
Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
RSP: 0018:ffffc90000006eb8 EFLAGS: 00010002
RAX: 0000000000000038 RBX: 0000000000000008 RCX: ffff88802d29dac0
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff88813fe32017 R09: 1ffff11027fc6402
R10: dffffc0000000000 R11: ffffed1027fc6403 R12: dffffc0000000000
R13: ffff88813fe32010 R14: 00000000000001c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125063000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fec2da93438 CR3: 000000002c35e000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 queue_work_on+0x106/0x1d0 kernel/workqueue.c:2405
 puts_queue+0xa3/0xe0 drivers/tty/vt/keyboard.c:334
 k_fn+0x7c/0xd0 drivers/tty/vt/keyboard.c:763
 k_pad+0x79a/0xa90 drivers/tty/vt/keyboard.c:-1
 kbd_keycode drivers/tty/vt/keyboard.c:1497 [inline]
 kbd_event+0x2ec1/0x40d0 drivers/tty/vt/keyboard.c:1515
 input_handle_events_default+0xd4/0x1a0 drivers/input/input.c:2541
 input_pass_values+0x288/0x890 drivers/input/input.c:128
 input_event_dispose+0x3e5/0x6b0 drivers/input/input.c:353
 input_event+0x89/0xe0 drivers/input/input.c:396
 hidinput_hid_event+0x1487/0x1e60 drivers/hid/hid-input.c:1747
 hid_process_event+0x4be/0x620 drivers/hid/hid-core.c:1565
 hid_input_array_field+0x41c/0x5f0 drivers/hid/hid-core.c:1677
 hid_process_report drivers/hid/hid-core.c:1719 [inline]
 hid_report_raw_event+0xdd7/0x1720 drivers/hid/hid-core.c:2074
 __hid_input_report drivers/hid/hid-core.c:2144 [inline]
 hid_input_report+0x44b/0x580 drivers/hid/hid-core.c:2166
 hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
 __usb_hcd_giveback_urb+0x376/0x540 drivers/usb/core/hcd.c:1657
 dummy_timer+0xbbd/0x45d0 drivers/usb/gadget/udc/dummy_hcd.c:1995
 __run_hrtimer kernel/time/hrtimer.c:1785 [inline]
 __hrtimer_run_queues+0x529/0xc30 kernel/time/hrtimer.c:1849
 hrtimer_run_softirq+0x182/0x5a0 kernel/time/hrtimer.c:1866
 handle_softirqs+0x22a/0x7c0 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:vma_interval_tree_insert+0xfe/0x320 mm/interval_tree.c:23
Code: b6 01 4c 8d 7b 18 4d 89 fd 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df 41 80 7c 05 00 00 74 08 4c 89 ff e8 f5 9a 1e 00 49 8b 2f <48> 89 ef 4c 89 e6 e8 d7 23 b5 ff 4c 39 e5 73 24 e8 6d 21 b5 ff 48
RSP: 0018:ffffc900030d7230 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff8880710b6d30 RCX: ffff88802d29dac0
RDX: 0000000000000000 RSI: 0000000000000536 RDI: 000000000000053a
RBP: 0000000000000538 R08: ffff888034cef9cf R09: 1ffff1100699df39
R10: dffffc0000000000 R11: ffffed100699df3a R12: 000000000000053c
R13: 1ffff1100e216da9 R14: 1ffff1100699df00 R15: ffff8880710b6d48
 __vma_link_file mm/vma.c:234 [inline]
 vma_prepare+0x216/0x4b0 mm/vma.c:305
 __split_vma+0x8da/0xc20 mm/vma.c:548
 vms_gather_munmap_vmas+0x535/0x14b0 mm/vma.c:1429
 __mmap_setup mm/vma.c:2411 [inline]
 __mmap_region mm/vma.c:2741 [inline]
 mmap_region+0x85b/0x2370 mm/vma.c:2837
 do_mmap+0xc39/0x10c0 mm/mmap.c:558
 vm_mmap_pgoff+0x2c9/0x4f0 mm/util.c:581
 ksys_mmap_pgoff+0x51e/0x760 mm/mmap.c:604
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fec2db69242
Code: 08 00 04 00 00 eb e2 90 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 33 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5e 5b 5d c3 0f 1f 00 c7 05 46 40 01 00 16 00
RSP: 002b:00007ffdc9714568 EFLAGS: 00000206 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007fec2d8d2000 RCX: 00007fec2db69242
RDX: 0000000000000003 RSI: 0000000000068000 RDI: 00007fec2d8d2000
RBP: 0000000000000812 R08: 0000000000000003 R09: 00000000004d1000
R10: 0000000000000812 R11: 0000000000000206 R12: 00007ffdc9714628
R13: 00007fec2db3e580 R14: 00007ffdc97149a0 R15: 00000fffb92e28b0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__queue_work+0xa2/0xf90 kernel/workqueue.c:2269
Code: 11 31 ff 89 ee e8 4e f4 37 00 85 ed 0f 85 ef 0c 00 00 e8 01 f0 37 00 4d 8d b7 c0 01 00 00 4c 89 f0 48 c1 e8 03 48 89 44 24 28 <42> 0f b6 04 20 84 c0 0f 85 22 0d 00 00 4c 89 34 24 41 8b 2e 89 ee
RSP: 0018:ffffc90000006eb8 EFLAGS: 00010002
RAX: 0000000000000038 RBX: 0000000000000008 RCX: ffff88802d29dac0
RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffff88813fe32017 R09: 1ffff11027fc6402
R10: dffffc0000000000 R11: ffffed1027fc6403 R12: dffffc0000000000
R13: ffff88813fe32010 R14: 00000000000001c0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125063000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fec2da93438 CR3: 000000002c35e000 CR4: 00000000003526f0
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	31 ff                	xor    %edi,%edi
   2:	89 ee                	mov    %ebp,%esi
   4:	e8 4e f4 37 00       	call   0x37f457
   9:	85 ed                	test   %ebp,%ebp
   b:	0f 85 ef 0c 00 00    	jne    0xd00
  11:	e8 01 f0 37 00       	call   0x37f017
  16:	4d 8d b7 c0 01 00 00 	lea    0x1c0(%r15),%r14
  1d:	4c 89 f0             	mov    %r14,%rax
  20:	48 c1 e8 03          	shr    $0x3,%rax
  24:	48 89 44 24 28       	mov    %rax,0x28(%rsp)
* 29:	42 0f b6 04 20       	movzbl (%rax,%r12,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	0f 85 22 0d 00 00    	jne    0xd58
  36:	4c 89 34 24          	mov    %r14,(%rsp)
  3a:	41 8b 2e             	mov    (%r14),%ebp
  3d:	89 ee                	mov    %ebp,%esi