Extracting prog: 16m59.439849891s
Minimizing prog: 32m45.321071328s
Simplifying prog options: 0s
Extracting C: 1m52.210629697s
Simplifying C: 11m53.607255093s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): landlock_create_ruleset-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_create_ruleset-landlock_restrict_self-landlock_restrict_self-mkdirat-landlock_create_ruleset-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_create_ruleset-landlock_create_ruleset-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-mkdirat-landlock_create_ruleset-landlock_restrict_self-mknodat-renameat2
detailed listing:
executing program 0:
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r2, 0x9)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000000)={0x1c48}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r3, 0x8)
landlock_restrict_self(r3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x1c0)
r5 = landlock_create_ruleset(&(0x7f0000000200)={0x6490, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r5, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$dsp-write$dsp-ioctl$SNDCTL_DSP_SYNC-ioctl$SNDCTL_DSP_STEREO
detailed listing:
executing program 0:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000100)=0x1)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-socket$nl_generic-prlimit64-setsockopt$SO_BINDTODEVICE-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-bind$inet-socket$nl_generic-sendmsg$nl_generic-sendto$inet-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_GEM_OPEN-ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-openat$dma_heap-ioctl$DMA_HEAP_IOCTL_ALLOC-syz_open_dev$dri-ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='pim6reg1\x00', 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000080)={0x0})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000))
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(0xffffffffffffffff, 0xc0106450, &(0x7f00000000c0)={0x0, 0x0, 0x3})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, <r4=>r2, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r4})

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet-prlimit64-socket$nl_generic-prlimit64-setsockopt$SO_BINDTODEVICE-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-bind$inet-socket$nl_generic-sendmsg$nl_generic-sendto$inet-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_GEM_OPEN-ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-openat$dma_heap-ioctl$DMA_HEAP_IOCTL_ALLOC-syz_open_dev$dri-ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE
detailed listing:
executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='pim6reg1\x00', 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000080)={0x0})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000))
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r0, 0xc0106450, &(0x7f00000000c0)={0x0, 0x0, 0x3})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x20004, <r5=>r3, 0x2})
r6 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5})

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [27, 29, 19, 19, 20, 12, 15, 11, 29, 11, 29, 21, 29, 14, 15, 5, 5, 20, 23, 14, 7, 20, 2, 23, 6, 25, 22, 5, 4, 25]
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0xc)
r4 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TCFLSH(r6, 0x80047437, 0x10004000000006)
setregid(0xffffffffffffffff, r5)
r7 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r8=>0x0}, 0x0)
setregid(0xffffffffffffffff, r8)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0xec, 0x21, 0x1, 0x0, 0x4, {{@in6=@mcast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x9c, 0x11, [{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@dev={0xfe, 0x80, '\x00', 0x35}, @in=@local, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x32, 0x0, 0x0, 0x0, 0xa, 0x8}, {@in=@private=0xa010102, @in6=@empty, @in=@local, @in6=@mcast2, 0x3c, 0x0, 0x0, 0x3505, 0x2, 0xa}]}]}, 0xec}}, 0x0)
executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002300)=ANY=[@ANYBLOB="b702000000001700bfa300000000000007030000f0ffffff720af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee2922bd165a5a68488e010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7f22b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d74bf0a305790c9d644735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f535447cc0facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf00000048d2570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f09f4db033e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e7f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754d98b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8cf632c2604eab3a62a28611da1cae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412e1bdebae06edb51a134301b4627d4927287daf9dcae6720334862f3a18094f1edd9e3503379815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2f09e99f4ab5546ba1e5ad6a329f24e73a9c38eec34bd4dcc1609f6150e2de72f6599a2310c3841f4bb7f39cabc82c9fdfff5587ed4fa84090635fa3445c4cc54478b2f98320944ac7cb1c4e414556f7b0b763a00a84327cec7e11b3470f0384b27bbfdd8b2472497e7fe8c5df7e0a00641872472efa21c9ad3979e642dcc85c17ca8e084aa9689b83426e2fdaa01f500000000000000000000f9fd84fa991466ff749afe900d02281b2bb60d458340c4f68ec34835760ceca945bf181a000000c000000000b4a76515564ae189de7c1765f0ff68a0388ca8dd2aa831d0e01f0d7ce74401a58cef60e63e97a50c18de54121ce66380224ab7b9c0d4710f2347bad2c9b3e41cc738c1092728687f33e5cdb077223dc82c2137b4e3ba6791a2cd764e654f904c9505b7c5e3b2897072e747534952dcda50cde3e4deb6ebf85a04c3e415112b01eed6515c845a8a20519cd21787d560e9d8283fa8ff0c17b63ba06577c26678ff45420a1f85df47dbfc44e534f71aae5693fb5df61c5096219091ce0cd8e1e2e79bf9d37779e52007c66a00e6ded1499ed3892ed1544d1577906b52e16c734d4aec07dd15faa768c97298be87dd34ce704ffe3da8b46708cf972de4f31c0705ac933db80bdcfcb35c0d4620d4ec270ff7c9ce1b78994dd2b28b9d1c5c469d4c1a61781dce2f1b54d6138bd3f7df9e9ca613bec407c1b8d1bd0c7cb9d76eebf2f17c"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioperm(0x0, 0x2, 0x7e)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x43)
open$dir(&(0x7f0000000000)='./file0\x00', 0x40000, 0x90)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r6, 0x29, 0x4e, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f00000005c0)=[@in6={0xa, 0x4e23, 0x0, @remote, 0x3}, @in6={0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, '\x00', 0x28}, 0x9}, @in6={0xa, 0x4e21, 0xfffffeff, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x8}], 0x54)
ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000100)=0x5)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="6c01000010001307fefffffffcdbdf2564010101000000000000000000000000ff020000000000000000000000000001000000004e2100020a000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe32000000ac1414bb000000000000000000000000ffffffffffffffff00000000000000000000000000000000080000000000000000000000000000000900000000000000000000000000000043050000000000000400000000000000ffffffffffffff7f000000000000000000000000000000800200000000000000000000002cbd7000003500000200010050000000000000001c00040007004e244e240000fe800000c3000000000000000000002d60001200726663343130362867636d28616573292900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eedb47700000060000000210466d38547aa140db9a200000000c538c7cb7ad988333652483f85d93d5f6c329943ab3353267b11fcb1b6dd345e3a213f46b884befd3f090eac59d527503a794b58f6d17de3025a773ce7c15d84618d6c12b47b010a954fe6dec7be38e6dedfddb6a5b73954c3059b0c30"], 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0, 0x0, 0x7}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}}, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(anubis)\x00'}, 0x58)
close(r8)
r9 = socket$kcm(0x29, 0x0, 0x0)
recvmsg$kcm(r9, &(0x7f0000001bc0)={&(0x7f0000000140)=@rc={0x1f, @none}, 0x80, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/4, 0x4}, {&(0x7f0000000200)=""/209, 0xd1}, {&(0x7f0000000300)=""/209, 0xd1}, {&(0x7f0000000400)=""/52, 0x34}], 0x4, &(0x7f0000000bc0)=""/4096, 0x1000}, 0x21)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000006c0)="b9ff05000000000c5c26fc000000", 0x0, 0x7fff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f0a000340110800450000380000000000019078ac1e0001ac1414aa0b00907812000228253d0000000000002f0400007f000001ffffffff000086ddffff0000"], 0x0)
executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect$midi(0x5, 0x40, &(0x7f0000000280)=ANY=[@ANYBLOB="120110030000002030144b4740000102030109022e00010118100409040000020103000609058e0b2000"], &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000540)=0x1, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r1, &(0x7f00000060c0)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000140)='@', 0x1}, {&(0x7f00000007c0)='y', 0x1}, {&(0x7f0000000340)="b9", 0x1}, {&(0x7f0000000940)="99", 0x1}, {&(0x7f00000008c0)='z', 0x1}, {&(0x7f00000009c0)='~', 0x1}, {&(0x7f0000000a00)='x', 0x1}, {&(0x7f0000000440)="06", 0x1}, {&(0x7f0000000580)='k', 0x1}, {&(0x7f00000006c0)="1d", 0x1}, {&(0x7f0000000800)='a', 0x1}, {&(0x7f0000000280)='$', 0x1}], 0xc}}, {{0x0, 0x0, &(0x7f00000035c0)=[{&(0x7f0000001080)="c9", 0x1}, {&(0x7f0000002180)='-', 0x1}, {&(0x7f0000002240)='R', 0x1}, {&(0x7f00000033c0)="c4", 0x1}], 0x4}}], 0x2, 0x4000000)
setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
executing program 1:
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c09425, &(0x7f0000000380)={"b8e50a31a002b94fcd8fc4db3056309d", 0x0, 0x0, {0x7, 0x100}, {0x0, 0x5}, 0x51, [0x7, 0x3, 0xe, 0x2, 0x9, 0x1, 0xd8e, 0x7fc0000, 0x5, 0x0, 0x6, 0x3, 0x5, 0x49, 0xfffffffffffffffe, 0xc]})
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0xfffffffffffffeef, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
chroot(&(0x7f0000000200)='./file0\x00')
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040)=0xce, 0x4)
executing program 1:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x400000009)
kexec_load(0xd0ffbf, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0xbfffd000, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000093c0)={0x2020}, 0x2020)
executing program 0:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a310000000014000480080002403cb140bb08000140000000030a000700726f75746500000014000000110001"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b040000000000000000020000004000048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000c08000340000000150900010073797a30000000000900020073797a320000000014000000110001"], 0x94}}, 0x0)
r4 = socket(0xa, 0x3, 0xff)
sendmsg$inet6(r4, &(0x7f0000001c00)={&(0x7f0000000140)={0xa, 0xa, 0x7, @mcast2}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000100)="671723d7c6012c", 0x7}, {&(0x7f0000000180)="9e91d91a92dc7c8f06c24fbe79d9284d0c66c92c658bb539e2ffb332c99223a7df", 0x21}], 0x2}, 0x20008b88)
executing program 3:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000535000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r3 = io_uring_setup(0xcd7, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x1000000, 0xc1})
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, &(0x7f0000000000)={0x17c04, 0xffffffffffffffff, 0x0, 0x100000001})
sendmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0)
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)
executing program 4:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r2 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_setup(0x20000000001005, &(0x7f0000000200)=<r3=>0x0)
sendmsg$alg(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24040004}, 0x24000090)
io_submit(r3, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, r2, 0x0}])
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002300)=ANY=[@ANYBLOB="b702000000001700bfa300000000000007030000f0ffffff720af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee2922bd165a5a68488e010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7f22b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d74bf0a305790c9d644735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f535447cc0facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf00000048d2570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f09f4db033e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e7f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754d98b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8cf632c2604eab3a62a28611da1cae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412e1bdebae06edb51a134301b4627d4927287daf9dcae6720334862f3a18094f1edd9e3503379815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2f09e99f4ab5546ba1e5ad6a329f24e73a9c38eec34bd4dcc1609f6150e2de72f6599a2310c3841f4bb7f39cabc82c9fdfff5587ed4fa84090635fa3445c4cc54478b2f98320944ac7cb1c4e414556f7b0b763a00a84327cec7e11b3470f0384b27bbfdd8b2472497e7fe8c5df7e0a00641872472efa21c9ad3979e642dcc85c17ca8e084aa9689b83426e2fdaa01f500000000000000000000f9fd84fa991466ff749afe900d02281b2bb60d458340c4f68ec34835760ceca945bf181a000000c000000000b4a76515564ae189de7c1765f0ff68a0388ca8dd2aa831d0e01f0d7ce74401a58cef60e63e97a50c18de54121ce66380224ab7b9c0d4710f2347bad2c9b3e41cc738c1092728687f33e5cdb077223dc82c2137b4e3ba6791a2cd764e654f904c9505b7c5e3b2897072e747534952dcda50cde3e4deb6ebf85a04c3e415112b01eed6515c845a8a20519cd21787d560e9d8283fa8ff0c17b63ba06577c26678ff45420a1f85df47dbfc44e534f71aae5693fb5df61c5096219091ce0cd8e1e2e79bf9d37779e52007c66a00e6ded1499ed3892ed1544d1577906b52e16c734d4aec07dd15faa768c97298be87dd34ce704ffe3da8b46708cf972de4f31c0705ac933db80bdcfcb35c0d4620d4ec270ff7c9ce1b78994dd2b28b9d1c5c469d4c1a61781dce2f1b54d6138bd3f7df9e9ca613bec407c1b8d1bd0c7cb9d76eebf2f17c"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioperm(0x0, 0x2, 0x7e)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x43)
open$dir(&(0x7f0000000000)='./file0\x00', 0x40000, 0x90)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r6, 0x29, 0x4e, &(0x7f0000000040)=0x2, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f00000005c0)=[@in6={0xa, 0x4e23, 0x0, @remote, 0x3}, @in6={0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, '\x00', 0x28}, 0x9}, @in6={0xa, 0x4e21, 0xfffffeff, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x8}], 0x54)
ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000100)=0x5)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="6c01000010001307fefffffffcdbdf2564010101000000000000000000000000ff020000000000000000000000000001000000004e2100020a0000001d00", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000000fe32000000ac1414bb000000000000000000000000ffffffffffffffff00000000000000000000000000000000080000000000000000000000000000000900000000000000000000000000000043050000000000000400000000000000ffffffffffffff7f000000000000000000000000000000800200000000000000000000002cbd7000003500000200010050000000000000001c00040007004e244e240000fe800000c3000000000000000000002d60001200726663343130362867636d28616573292900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eedb47700000060000000210466d38547aa140db9a200000000c538c7cb7ad988333652483f85d93d5f6c329943ab3353267b11fcb1b6dd345e3a213f46b884befd3f090eac59d527503a794b58f6d17de3025a773ce7c15d84618d6c12b47b010a954fe6dec7be38e6dedfddb6a5b73954c3059b0c30"], 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0, 0x0, 0x7}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x58}}, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(anubis)\x00'}, 0x58)
close(r8)
r9 = socket$kcm(0x29, 0x0, 0x0)
recvmsg$kcm(r9, &(0x7f0000001bc0)={&(0x7f0000000140)=@rc={0x1f, @none}, 0x80, &(0x7f0000000440)=[{&(0x7f00000001c0)=""/4, 0x4}, {&(0x7f0000000200)=""/209, 0xd1}, {&(0x7f0000000300)=""/209, 0xd1}, {&(0x7f0000000400)=""/52, 0x34}], 0x4, &(0x7f0000000bc0)=""/4096, 0x1000}, 0x21)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000006c0)="b9ff05000000000c5c26fc000000", 0x0, 0x7fff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa7f0a000340110800450000380000000000019078ac1e0001ac1414aa0b00907812000228253d0000000000002f0400007f000001ffffffff000086ddffff0000"], 0x0)
executing program 3:
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000))
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x18)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00004b2000/0x400000)=nil)
executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0ccb84000400"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000100000000"], 0x48)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_mr_cache\x00')
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f00000013c0), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000000)={0x29, 0x2, 0x40, "100000df00000000000000000000000000000000001000", 0x30314752})
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ptrace$peek(0x7, 0x0, &(0x7f0000000280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r3 = socket(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d520987f70e06d038e7ff7fc6e5539b0d47078b089b3907376d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r6 = socket(0x2, 0x80805, 0x0)
flistxattr(r6, &(0x7f0000000240)=""/53, 0x35)
sendmmsg$inet(r6, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{&(0x7f0000000840)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002a00)=[{&(0x7f0000000880)='*', 0x1}], 0x1}}], 0x2, 0x48000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000380), &(0x7f00000000c0)=0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r3, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c"], 0x48}}, 0x4084)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)
pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x41e)
executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r0, 0x800c5012, &(0x7f0000000100))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYRES64=0x0, @ANYBLOB="de3df83006820ec22153149afec3db206ff7ee7ae66dfdf74774fe728d42af59ee52bf18f60f848ad542b3e8078e0395509455e390887ea78d6529ea53e0d52ecb56fcc363847e1b8c961d202a31260a9695b4be99ebef3b6bfb52256734237141b2bccf80f604c950c74731ae593436a929d93b6a4dcf39fd9bcc58668cd616", @ANYRESOCT, @ANYRES8, @ANYRES32=r1], 0x78}}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0), 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x5, 0x7a1080)
ioctl$EVIOCSFF(r6, 0x402c4580, &(0x7f0000000140)={0x57, 0x1f, 0x0, {0x2, 0x7ff}, {0x200, 0xd}, @const={0x9, {0x5, 0x80, 0x8, 0x2}}})
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x7, 0x0, 0x0)
executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0ccb84000400"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000100000000"], 0x48)
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_mr_cache\x00')
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f00000013c0), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000000)={0x29, 0x2, 0x40, "100000df00000000000000000000000000000000001000", 0x30314752})
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ptrace$peek(0x7, 0x0, &(0x7f0000000280))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000000000)={0x7, {"a2e3ad21ed0d52f91b5d520987f70e06d038e7ff7fc6e5539b0d47078b089b3907376d090890e0878f0e1ac6e7049b334a959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07670936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70fe98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf1a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e470dea05918b41243513f000800000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3e3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14d9fdb8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a19000000000000006f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69b15c9f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d44400009a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc01008cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c16c02ed4b5d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaab1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106d26658b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6b14effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c110000a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b51028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6815d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3f3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51090840517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4e004a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6ce1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c817e9177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d543902113c4c859465c3c115c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc248850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafcc009fc074bb6b68a1f0c4649820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948998cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2fd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5dc4ff8f0104000000000000df72279fdb0d2b9e936e5a983c12fded79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d3700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa6e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9f07b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e3ebb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3fec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4cddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r7 = socket(0x2, 0x80805, 0x0)
flistxattr(r7, &(0x7f0000000240)=""/53, 0x35)
sendmmsg$inet(r7, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{&(0x7f0000000840)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002a00)=[{&(0x7f0000000880)='*', 0x1}], 0x1}}], 0x2, 0x48000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000380), &(0x7f00000000c0)=0x4)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r3, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c"], 0x48}}, 0x4084)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
pread64(r0, &(0x7f000001a240)=""/102400, 0x19000, 0x41e)
executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(0x3)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
close(r1)
listen(r2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmmsg$inet(r3, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000001c0)="07a2b0cebf5e75786f6d0e3c29d0d5432c3fb21e12bbca742e59b53c03da203a64bc722b81b93b9f4b4bab1b4cf8e129781e4e9a76ebd03f2a30066def57baf4452f6bdd5587534615259a657fb188ab8b8bdc928eea1a05c16e0ee35092c47e0aabfb1026c625b66205221dd29c1a177b1ce1e6548d0d8d88b353af1fd0976c4a7098b19857f4943377ae3b3527803c00b06d26cc7096b70d64b76f70304a39535f246f67ecf30e6a76562abe95ff85a949d15080952e6f7e1232f5a3213cb0156dedcad76deaee0133f2f59653b7095de2f10c2e791900cc190e73f7cb754c36a66282199d587d9672c2855c986673e4b4ed96fb05f2d810d3ba675a35f446914840d87339316f96da94f609d7846a9ea7039ccf3346293dfd59b53e9614bdc4658fa5ddf476f6833f1aeef148f0e374bbdb225aeb8e69ccedf12dc93d7a5be537a1d12725eb26df82523425d5eaea0ee9502f3d020051db473e70cc4d0dedd42fd574e572a34e96c9f0021fe1222b888c4fe226560c54e8c4c7d44881b9ed87adb8ae4947be4d86b76d20473683a71d904923c8580169fc72f70139cf075e9543d55cb9fc8bb95cece4309ddcfaae517dedc4879e2016bcbe76a4675575a9514933bd8ee876aca0b9061576426769babacfd88a27f75499e012b1cbafe404b9cdfed6a43f029a30d85106cf4397044954497ab4d775d3f021632a1d3f8b577d6abec1854445026258b11d867fb96955992d91128fa549db5ad33d693f09a70ca4caea6fcb073aba7594b54cd8139da243487e98d81ce8d5a597fc5b4149e2933c93e1a47d912b2ea3ed05f0f9297f66a123d00c3bf08b2b3a372ad4c7f4f28dbeb80f8db27b70beea836840a191392c874de72fb0e7d1a74b05f4dc3f1b86e7fab7d09c61f558a094df13cc29ab320cd6482e9a1986e87d8c245d78012bc8d6896e9eab1c9f178f97d776b2c17b92ea71d66446d4014c276acf34c3615a04594d8e138aac54831bdedb4840816df0c53330874b9c76fe60f36826e60daeb1da526b682f7ebc2acb481c48d84bece5b427f4cb473bf710fee748c1371a7ceb646ec4b067a8e5e04a464b21c01dc534a14fbb3f57b3b4c314944e543fc32fced7436305fffc7da77ccd50699020486689fdb0f86489cbd353c8e98c80c225494404c5611cf055b25a982bf495c2b52d9780d38ee69655a1ffe90a473ae53fbac7a679960a3dab8666bf31410159329399905b8842d4dcb86d18a0c2fe555f559fbc2d2adca6a66b11c23af73dcd239042c21d11bc2bcbc24692c1a95046849169aea770548640656acfc04a3263ec39b226b8aba1ab6d7a5ecd08a3c3bfaf50c1bfe6bcd7ea229815186cef15e68de290a92fb46a97013c47e3b223caf96ff59e7ee279ce09e9fcb6cd14b05c69b5cb42237533c131e8b99cc3495517e0a981298a83aec7d2f554fce317e59d31c8ce6951324c4e87bea19ec0eab27735c6167ed50c4a27cd5f547d1ba9c596a62dea88a71bed2df65117888e7f1b197525023488d355386723fbaca4cfb8cf17c66f9e8d7f7a3891c346d3bec24834201a3298554258d22c98b7fab00791c7f34f9554f4378b25b08786e139fd9a800b013e37637bca534a0e972e02cdec9b11f20298e73ac502f88e7c10a8be963986afb6ccd5a4c18f4d56fa663497b2a27ac5eb328c7eb3ab44126ca0a2fa9511275579f86b36455e1c1c2c65e236484554f9dbd70fa6166cbfbccae41b0c492f316d74dc487acc1660f0a2d027f67e4c762c7bcbe6ad7c9355f26788da2a8db288328b55b0c1214f604877517339fb17937293f3ffeeca82c91e1cbecc18db47f836221bf765bdf9a30bd97f79092b33e5268c4aae5c58e69dccbf48e6418fd34558073cf40f4a6ce9201c5fa4d65867055bda2928541a912f7822e3f46606d24c022bdd623ee6221d710e8c1fe08366f955bb825495990b86f0ad4c49054654f7c226d8b8fa3787a357035331a38dbbc8718b3ce75be0531f1e625f178e4daec05b37065e4956b558aae9153b9c5458eeb446379f638b57e4ef56e3717cd298e2358d91ab2388f156cb792cd1e3fcef44baee0a53f3791a3ad5894505a4349da4a99897043a82bc122acd8d1f12491652c1af37fa5a36f7e122373492d047c5d107952972560202d3ba5c3748255df09fc1e4b10d5c63cdbddba7455917fdbbc6e33452d9bbc6b4a56134352bbb2ec1d4dac6cb4babcf55fbe053bd329dd425a3dac40a2c272b62cf99828d5c979df988119a2ab227d07b54a3bce0a8faee3811878465add71bed86837405fbda03379a1b6b7c0fae8d6ee1bf0fce77d258b82c10d3908e9ebd676bda6dc8f60e9bed81e14bcef4a5272dd8bbdf91d34dbd03e0cba613103d9447771aca072fd05e65752ff9c586d881e7799e7ea8d784d17572214c9c79f736b7ef9cea06ea0243c6e7788982c937483878dcacb2296b6307f082f152861d47c328d1048c12f23f4590a64280d2ca3d7b4b8f3b764cb54cd0c6098e84dcbbe9844edb886bcc4573c28bbc3a22a826024615405bfe32de36844519b950e853ba7fe9ea40897ba25c52b4a2ba43f9ef27857170464f4275ea5f2e49b70e4518c22f459db07ab4b0e94a511ea6abb8a8bb805437225db8e949262b13664becd37731c4ccf43019a41181aba47a83537759e50ba342401dd621fb6dbc3762e1cca7307abb3f89d8a2063edfb95a82ede7845a332b23540985e1e045881e3fdd3f12114df51a84682bb4c25ebbf4cf672acec3bf99fdbf6d35a3aa67a00d5b036dfb9f59872b9d895bebcaca2ea3a1311303bca79ce9330b31573b890e51417c00bfec907c30de56b6272c797bbed9ae667166e18a311b1a5fa000a0c8ada0c9287f952535a47713a00d3b840d402de86712ce73a4bffae79edd55f7184ee645311759128e6c2ce22ecd7a3e34230d43616df555732f462db04001fc4d3abf7e7cab3aaf3ffd65628b8c3c21de80b1687c0fa4527dd2434bfb76bb51e7481802baab8e3bb16e6b8215dae9e710c573a74fa0350c6b124e48175fd864dff7533f192cff463fd86efb4b97f6d63488820eb121a310cd787126acc8a919a3c486a9194954f4b5b97feba77f69f2e0b3d167aebb66b40ad6c37e5664c54ae220a1a683185547349ff899706d3dc6d31d1c0a91dbdc5f6956a36fe11418da9ebf323fee7a6f971564df42a71ed81dd4dd45e7a32e98a7700d042b13ba07f71f8fce1642ade880ac9160ec78c41630998e34794b10f934a4dd7cfce415805cd1a9ba251e1f026a5eabaafc2b65c5cd809b181d8e6a9036bf4195984535befd3086a92a8a2595c759ff41386df5d0a83ecd0c8abbf7f7caeab54a1aae5c5245af635c6d52005e80dae89e89bebe01778b09f03f0401c1ce97b0a049b99a1f02a160adc662cf8a204df48ef0a569147b1f23f143679f9d6f8d8f1ae3e6abc63f8e43ce9ad0e06740c1482c2110f619c7bf4f7c2f649a9d8c1712716935cdab7c582b9fa5dfdf7f33a93bef6890d80f6ac4667419006823f88a75bccfbb6cdbfafd36ffe9b2c155979ef32e467620f3d13420ac1ac449ad9bba696e65238864613c13bb84f9b57b8ec2f47630dfd619c3ebeef7f9e5066d827e6cff958f232cb73df592a174ea6980604267d7e7aee0ae0072dbce28dbc69e5392b7db5366eed41ec21718dc7bfa0c679d984cbf71af39bc09340f9cf10720f8751aa1d96d969956de963509511d2c6f61c9eb28e9e15f86dd4bc47f2074033fd4cf3d6614b519c6724f21575d134f3bc392cf1733d95325aea40f335725fd4f93223e30a76561b5dfa16defa24edc6df2f1a66f22cda4c040ac4aaa7533e41204942897cb480010d85136dbf3d54efb829487431eb5bb42cbd3ef4614ecea45f78406c7693def6218a58e45ffaf63d1f8710867b1430f837f45b00b55d2230f0f19da0e1f399795bbcac563193e63543a5515e48d7a44140d7a693f606986648573cd94a521fbe48d957a113b4da22177056f03cce900d45a00237c504ad3d603b249ecff897e6d33b2ca489872dc0333d45efa2c84c2b164aabb4674226a1a6bc9ac06c768cec98a1f77bd8571b3b258619266ef9d30278a57e1460285c10aeb5dad00a846b20940026ae3818ad2aee9d1faa22ce236b5de8fdd8ce794d290d05cd705d53109dacfd92f34c91e7efc91cb8f34014fa32fc2695c64e66c3892b70ca003c2687c071dadfe4a09f50dcdb18d53e69943d409011755379cc26cff9ccb4e216320561cef9235bfd03439dfd4e72970dce45d12535b0d2de36e3df3ecdb57b42df1d153511a16917396936b3c312ad027e7f8e612eb2e5f01a55575c6a38ae28f0ad270b4b25949bf9312c254ed04a5a40fe56258a795e33534d717de46c1dcdec7e636d344b2e4d2e8e8c605492869dfd0be9f1a4d7613f6332d457198f8e75e8ec0d66ce9a370c203e45f909ba8821f8b54bdc084057d2b07f01fb1eef0b693a7da25b92bccccb083e60371c3445ce1574625e50e2b45aa20de6465c52561910101f8ccf76c5886f4fb70281c1c48b40fed120fde76203cea16f41632a4fcca9aa582c5f773ad8213db9a5ba2358ae422ef5953e12d1fbf0c35e29ceef4679bb30a4658236eb34bebfd30916be381fab74605c0fec68de4cd84cc011217d0d53e993cb4c04aaf7bc0db2fe4924b7a81d2b212ff9bc58bc458a8980064c9f61927f7d13748c6223550a1d80a4ee7a8974b4c9e43a4f96e35aad90a465ab56de29371fd08e7ec94939905cf89e6ad731fee4a667b844f08b6f6f8f7e0df5847a276667969e0b090525988689b877d8561a2a3cd51d62804da49676ad25d304da41b6fe1533a9640cace28682521f1bda0937b3525dca81c16835ae9b5bbaf44e660c57ad7af57c3b886241139c4bf52e553b365a2883ee17bf10e6639d423e3b183d87832869cfb92ef9c6f55a9999499fbc230d9a73d7633431dc7f809a3ded0962b2f5bbdc5afa992bb1fb49791214ad268e8d536af56471d7cce8d6970b8b3049115dff0338fab63ca159890471820786d5ca61125301bb452933c85950ee3fed9cfbffee6ce80d2255926534b623aed31f8e88c8063e5a24f3da458704ac9ee673b307964c9a36e89adf16fcb92513fa6c4591514d003d08df1abe09bdb64f1419b819116c39e4a6234280ab07f2e9b5c78659840b135a7cf4f0b25690d8f34125880ab1fe898ed0cbb57d703d45d897dc788e81ecc74a2e506aee7fdd08586ca4f79d8c17b05ff495f33de248f15a4ffe0c74dc24df7e6cc95aa31ab1ee0a52a204e46f900e460509f02e257436f054199fc3703c802820f4e5e46602c3b74207b5ba673edfa19478f8b3d66843617bb103e87026fcf88f721e4daf822234bca35df418f354b428da5eaa9b224c7a016a0f455106f79c258e1483d8d11b3c6fb335419bfa743f74fae35710f7a30d2572db1ec1da5dab5b5c1481bbae71544338a1b5740cb4fe2d3e0a887da6b010ff4283af6074997273b8bc00940a0d0eb7c5a84a3c49091dfff7184f75b1dad16034137461dda1b47e26299f201c9a7266c93c12cbb7501d680da9df3ce0158dbd356fc7a19549272f752160d44e567ce8785ae757db1667a726eed5c5a1cbed0ed46d4c9e07871fdf62a3f8c25c7057b1e69c078de15a7804e671c27b60dc083737bf6774bd34a4bca23fd332ffb5edee794d49378ce962beb356f500300c0b7aa465804c38a715403fd4a3b814ce5fb9192bf", 0x1000}, {&(0x7f0000000180)="57e16c4f00f1afc7d7068122a69dc4d70013c330ec040abbeb2e3b13caa0045ab5d8", 0x22}, {&(0x7f0000000000)='u', 0xfff6}], 0x3}}], 0x1, 0x4008004)
executing program 1:
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000180)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@local, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a4, &(0x7f0000000000)={{@any, 0xffff7dff}, @any, 0x0, 0xffffffffffffffff, 0x4000000f8, 0x8, 0x0, 0x4000002, 0x7})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x7fffffffffffffff, 0xfffffe0000000001, 0x4, 0xffffffff}, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc1105511, &(0x7f0000000040)={0x9})
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0xc1105511, &(0x7f0000000040))
executing program 2:
r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000000)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000100)={0x0, 0x1a, 0x4, 0x8, "f467df4f75efc50635b76ae00382441152e60a08c1548ee5e3edab8d45cbc708"})
executing program 4:
r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000000)={0x14, 0x0, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000200)=ANY=[])
r1 = syz_open_dev$evdev(0x0, 0x40, 0x0)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000000100)={0x0, 0x1a, 0x4, 0x8, "f467df4f75efc50635b76ae00382441152e60a08c1548ee5e3edab8d45cbc708"})
executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r3, 0x400455c8, 0x400000009)
kexec_load(0xd0ffbf, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0xbfffd000, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000093c0)={0x2020}, 0x2020)
executing program 0:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='pim6reg1\x00', 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000080)={0x0})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000))
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r0, 0xc0106450, &(0x7f00000000c0)={0x0, 0x0, 0x3})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x20004, <r5=>r3, 0x2})
r6 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5})
executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
close(r1)
listen(r2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r4, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
sendmmsg$inet(r3, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f00000001c0)="07a2b0cebf5e75786f6d0e3c29d0d5432c3fb21e12bbca742e59b53c03da203a64bc722b81b93b9f4b4bab1b4cf8e129781e4e9a76ebd03f2a30066def57baf4452f6bdd5587534615259a657fb188ab8b8bdc928eea1a05c16e0ee35092c47e0aabfb1026c625b66205221dd29c1a177b1ce1e6548d0d8d88b353af1fd0976c4a7098b19857f4943377ae3b3527803c00b06d26cc7096b70d64b76f70304a39535f246f67ecf30e6a76562abe95ff85a949d15080952e6f7e1232f5a3213cb0156dedcad76deaee0133f2f59653b7095de2f10c2e791900cc190e73f7cb754c36a66282199d587d9672c2855c986673e4b4ed96fb05f2d810d3ba675a35f446914840d87339316f96da94f609d7846a9ea7039ccf3346293dfd59b53e9614bdc4658fa5ddf476f6833f1aeef148f0e374bbdb225aeb8e69ccedf12dc93d7a5be537a1d12725eb26df82523425d5eaea0ee9502f3d020051db473e70cc4d0dedd42fd574e572a34e96c9f0021fe1222b888c4fe226560c54e8c4c7d44881b9ed87adb8ae4947be4d86b76d20473683a71d904923c8580169fc72f70139cf075e9543d55cb9fc8bb95cece4309ddcfaae517dedc4879e2016bcbe76a4675575a9514933bd8ee876aca0b9061576426769babacfd88a27f75499e012b1cbafe404b9cdfed6a43f029a30d85106cf4397044954497ab4d775d3f021632a1d3f8b577d6abec1854445026258b11d867fb96955992d91128fa549db5ad33d693f09a70ca4caea6fcb073aba7594b54cd8139da243487e98d81ce8d5a597fc5b4149e2933c93e1a47d912b2ea3ed05f0f9297f66a123d00c3bf08b2b3a372ad4c7f4f28dbeb80f8db27b70beea836840a191392c874de72fb0e7d1a74b05f4dc3f1b86e7fab7d09c61f558a094df13cc29ab320cd6482e9a1986e87d8c245d78012bc8d6896e9eab1c9f178f97d776b2c17b92ea71d66446d4014c276acf34c3615a04594d8e138aac54831bdedb4840816df0c53330874b9c76fe60f36826e60daeb1da526b682f7ebc2acb481c48d84bece5b427f4cb473bf710fee748c1371a7ceb646ec4b067a8e5e04a464b21c01dc534a14fbb3f57b3b4c314944e543fc32fced7436305fffc7da77ccd50699020486689fdb0f86489cbd353c8e98c80c225494404c5611cf055b25a982bf495c2b52d9780d38ee69655a1ffe90a473ae53fbac7a679960a3dab8666bf31410159329399905b8842d4dcb86d18a0c2fe555f559fbc2d2adca6a66b11c23af73dcd239042c21d11bc2bcbc24692c1a95046849169aea770548640656acfc04a3263ec39b226b8aba1ab6d7a5ecd08a3c3bfaf50c1bfe6bcd7ea229815186cef15e68de290a92fb46a97013c47e3b223caf96ff59e7ee279ce09e9fcb6cd14b05c69b5cb42237533c131e8b99cc3495517e0a981298a83aec7d2f554fce317e59d31c8ce6951324c4e87bea19ec0eab27735c6167ed50c4a27cd5f547d1ba9c596a62dea88a71bed2df65117888e7f1b197525023488d355386723fbaca4cfb8cf17c66f9e8d7f7a3891c346d3bec24834201a3298554258d22c98b7fab00791c7f34f9554f4378b25b08786e139fd9a800b013e37637bca534a0e972e02cdec9b11f20298e73ac502f88e7c10a8be963986afb6ccd5a4c18f4d56fa663497b2a27ac5eb328c7eb3ab44126ca0a2fa9511275579f86b36455e1c1c2c65e236484554f9dbd70fa6166cbfbccae41b0c492f316d74dc487acc1660f0a2d027f67e4c762c7bcbe6ad7c9355f26788da2a8db288328b55b0c1214f604877517339fb17937293f3ffeeca82c91e1cbecc18db47f836221bf765bdf9a30bd97f79092b33e5268c4aae5c58e69dccbf48e6418fd34558073cf40f4a6ce9201c5fa4d65867055bda2928541a912f7822e3f46606d24c022bdd623ee6221d710e8c1fe08366f955bb825495990b86f0ad4c49054654f7c226d8b8fa3787a357035331a38dbbc8718b3ce75be0531f1e625f178e4daec05b37065e4956b558aae9153b9c5458eeb446379f638b57e4ef56e3717cd298e2358d91ab2388f156cb792cd1e3fcef44baee0a53f3791a3ad5894505a4349da4a99897043a82bc122acd8d1f12491652c1af37fa5a36f7e122373492d047c5d107952972560202d3ba5c3748255df09fc1e4b10d5c63cdbddba7455917fdbbc6e33452d9bbc6b4a56134352bbb2ec1d4dac6cb4babcf55fbe053bd329dd425a3dac40a2c272b62cf99828d5c979df988119a2ab227d07b54a3bce0a8faee3811878465add71bed86837405fbda03379a1b6b7c0fae8d6ee1bf0fce77d258b82c10d3908e9ebd676bda6dc8f60e9bed81e14bcef4a5272dd8bbdf91d34dbd03e0cba613103d9447771aca072fd05e65752ff9c586d881e7799e7ea8d784d17572214c9c79f736b7ef9cea06ea0243c6e7788982c937483878dcacb2296b6307f082f152861d47c328d1048c12f23f4590a64280d2ca3d7b4b8f3b764cb54cd0c6098e84dcbbe9844edb886bcc4573c28bbc3a22a826024615405bfe32de36844519b950e853ba7fe9ea40897ba25c52b4a2ba43f9ef27857170464f4275ea5f2e49b70e4518c22f459db07ab4b0e94a511ea6abb8a8bb805437225db8e949262b13664becd37731c4ccf43019a41181aba47a83537759e50ba342401dd621fb6dbc3762e1cca7307abb3f89d8a2063edfb95a82ede7845a332b23540985e1e045881e3fdd3f12114df51a84682bb4c25ebbf4cf672acec3bf99fdbf6d35a3aa67a00d5b036dfb9f59872b9d895bebcaca2ea3a1311303bca79ce9330b31573b890e51417c00bfec907c30de56b6272c797bbed9ae667166e18a311b1a5fa000a0c8ada0c9287f952535a47713a00d3b840d402de86712ce73a4bffae79edd55f7184ee645311759128e6c2ce22ecd7a3e34230d43616df555732f462db04001fc4d3abf7e7cab3aaf3ffd65628b8c3c21de80b1687c0fa4527dd2434bfb76bb51e7481802baab8e3bb16e6b8215dae9e710c573a74fa0350c6b124e48175fd864dff7533f192cff463fd86efb4b97f6d63488820eb121a310cd787126acc8a919a3c486a9194954f4b5b97feba77f69f2e0b3d167aebb66b40ad6c37e5664c54ae220a1a683185547349ff899706d3dc6d31d1c0a91dbdc5f6956a36fe11418da9ebf323fee7a6f971564df42a71ed81dd4dd45e7a32e98a7700d042b13ba07f71f8fce1642ade880ac9160ec78c41630998e34794b10f934a4dd7cfce415805cd1a9ba251e1f026a5eabaafc2b65c5cd809b181d8e6a9036bf4195984535befd3086a92a8a2595c759ff41386df5d0a83ecd0c8abbf7f7caeab54a1aae5c5245af635c6d52005e80dae89e89bebe01778b09f03f0401c1ce97b0a049b99a1f02a160adc662cf8a204df48ef0a569147b1f23f143679f9d6f8d8f1ae3e6abc63f8e43ce9ad0e06740c1482c2110f619c7bf4f7c2f649a9d8c1712716935cdab7c582b9fa5dfdf7f33a93bef6890d80f6ac4667419006823f88a75bccfbb6cdbfafd36ffe9b2c155979ef32e467620f3d13420ac1ac449ad9bba696e65238864613c13bb84f9b57b8ec2f47630dfd619c3ebeef7f9e5066d827e6cff958f232cb73df592a174ea6980604267d7e7aee0ae0072dbce28dbc69e5392b7db5366eed41ec21718dc7bfa0c679d984cbf71af39bc09340f9cf10720f8751aa1d96d969956de963509511d2c6f61c9eb28e9e15f86dd4bc47f2074033fd4cf3d6614b519c6724f21575d134f3bc392cf1733d95325aea40f335725fd4f93223e30a76561b5dfa16defa24edc6df2f1a66f22cda4c040ac4aaa7533e41204942897cb480010d85136dbf3d54efb829487431eb5bb42cbd3ef4614ecea45f78406c7693def6218a58e45ffaf63d1f8710867b1430f837f45b00b55d2230f0f19da0e1f399795bbcac563193e63543a5515e48d7a44140d7a693f606986648573cd94a521fbe48d957a113b4da22177056f03cce900d45a00237c504ad3d603b249ecff897e6d33b2ca489872dc0333d45efa2c84c2b164aabb4674226a1a6bc9ac06c768cec98a1f77bd8571b3b258619266ef9d30278a57e1460285c10aeb5dad00a846b20940026ae3818ad2aee9d1faa22ce236b5de8fdd8ce794d290d05cd705d53109dacfd92f34c91e7efc91cb8f34014fa32fc2695c64e66c3892b70ca003c2687c071dadfe4a09f50dcdb18d53e69943d409011755379cc26cff9ccb4e216320561cef9235bfd03439dfd4e72970dce45d12535b0d2de36e3df3ecdb57b42df1d153511a16917396936b3c312ad027e7f8e612eb2e5f01a55575c6a38ae28f0ad270b4b25949bf9312c254ed04a5a40fe56258a795e33534d717de46c1dcdec7e636d344b2e4d2e8e8c605492869dfd0be9f1a4d7613f6332d457198f8e75e8ec0d66ce9a370c203e45f909ba8821f8b54bdc084057d2b07f01fb1eef0b693a7da25b92bccccb083e60371c3445ce1574625e50e2b45aa20de6465c52561910101f8ccf76c5886f4fb70281c1c48b40fed120fde76203cea16f41632a4fcca9aa582c5f773ad8213db9a5ba2358ae422ef5953e12d1fbf0c35e29ceef4679bb30a4658236eb34bebfd30916be381fab74605c0fec68de4cd84cc011217d0d53e993cb4c04aaf7bc0db2fe4924b7a81d2b212ff9bc58bc458a8980064c9f61927f7d13748c6223550a1d80a4ee7a8974b4c9e43a4f96e35aad90a465ab56de29371fd08e7ec94939905cf89e6ad731fee4a667b844f08b6f6f8f7e0df5847a276667969e0b090525988689b877d8561a2a3cd51d62804da49676ad25d304da41b6fe1533a9640cace28682521f1bda0937b3525dca81c16835ae9b5bbaf44e660c57ad7af57c3b886241139c4bf52e553b365a2883ee17bf10e6639d423e3b183d87832869cfb92ef9c6f55a9999499fbc230d9a73d7633431dc7f809a3ded0962b2f5bbdc5afa992bb1fb49791214ad268e8d536af56471d7cce8d6970b8b3049115dff0338fab63ca159890471820786d5ca61125301bb452933c85950ee3fed9cfbffee6ce80d2255926534b623aed31f8e88c8063e5a24f3da458704ac9ee673b307964c9a36e89adf16fcb92513fa6c4591514d003d08df1abe09bdb64f1419b819116c39e4a6234280ab07f2e9b5c78659840b135a7cf4f0b25690d8f34125880ab1fe898ed0cbb57d703d45d897dc788e81ecc74a2e506aee7fdd08586ca4f79d8c17b05ff495f33de248f15a4ffe0c74dc24df7e6cc95aa31ab1ee0a52a204e46f900e460509f02e257436f054199fc3703c802820f4e5e46602c3b74207b5ba673edfa19478f8b3d66843617bb103e87026fcf88f721e4daf822234bca35df418f354b428da5eaa9b224c7a016a0f455106f79c258e1483d8d11b3c6fb335419bfa743f74fae35710f7a30d2572db1ec1da5dab5b5c1481bbae71544338a1b5740cb4fe2d3e0a887da6b010ff4283af6074997273b8bc00940a0d0eb7c5a84a3c49091dfff7184f75b1dad16034137461dda1b47e26299f201c9a7266c93c12cbb7501d680da9df3ce0158dbd356fc7a19549272f752160d44e567ce8785ae757db1667a726eed5c5a1cbed0ed46d4c9e07871fdf62a3f8c25c7057b1e69c078de15a7804e671c27b60dc083737bf6774bd34a4bca23fd332ffb5edee794d49378ce962beb356f500300c0b7aa465804c38a715403fd4a3b814ce5fb9192bf", 0x1000}, {&(0x7f0000000180)="57e16c4f00f1afc7d7068122a69dc4d70013c330ec040abbeb2e3b13caa0045ab5d8", 0x22}, {&(0x7f0000000000)='u', 0xfff6}], 0x3}}], 0x1, 0x4008004)
executing program 4:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, r0, 0x0)
executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x100, 0x70bd28, 0x0, {0x60, 0x0, 0x0, 0x0, {0x5, 0xfff2}, {0xc, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_TARGET={0x8, 0x8, 0xfffffff7}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x881}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101800, 0x0)
setpriority(0x0, 0x1, 0xa7a8)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x86, 0xfffffffe, 0x0, 0x0, 0xfffffffc)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d)
socket(0x1e, 0x4, 0x0)
sendfile(0xffffffffffffffff, r3, 0x0, 0x8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0)
io_submit(0x0, 0x0, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r4, 0x107, 0xa, &(0x7f00000000c0)=0x2, 0x4)
ioprio_set$uid(0x3, 0x0, 0x4007)
r5 = syz_open_procfs(0x0, 0x0)
sendfile(r5, r5, 0x0, 0x100000000)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@ipv4_newroute={0x28, 0x18, 0x1, 0x0, 0x25dfdbfe, {0x2, 0x0, 0x14, 0x0, 0xfd, 0x0, 0x0, 0x5}, [@RTA_MULTIPATH={0xc, 0x9, {0x7, 0x0, 0x26}}]}, 0x28}}, 0x0)
executing program 2:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='pim6reg1\x00', 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000080)={0x0})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000))
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r0, 0xc0106450, &(0x7f00000000c0)={0x0, 0x0, 0x3})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x20004, <r5=>r3, 0x2})
r6 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5})
executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")
executing program 2:
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r2, 0x9)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000000)={0x1c48}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r3, 0x8)
landlock_restrict_self(r3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x1c0)
r5 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(r5, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
executing program 3:
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='pim6reg1\x00', 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000080)={0x0})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000))
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(0xffffffffffffffff, 0xc0106450, &(0x7f00000000c0)={0x0, 0x0, 0x3})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, <r4=>r2, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r4})
executing program 2:
r0 = gettid()
timer_create(0x3, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x1003ffffffc]}, 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000140)={0x1000001d})
timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x9}}, 0x0)
executing program 1:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000100)=0x1)
executing program 2:
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r2, 0x9)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000000)={0x1c48}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r3, 0x8)
landlock_restrict_self(r3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x1c0)
r5 = landlock_create_ruleset(&(0x7f0000000200)={0x6490, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r5, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): landlock_create_ruleset-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_create_ruleset-landlock_restrict_self-landlock_restrict_self-mkdirat-landlock_create_ruleset-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-landlock_create_ruleset-landlock_create_ruleset-landlock_restrict_self-landlock_restrict_self-landlock_restrict_self-mkdirat-landlock_create_ruleset-landlock_restrict_self-mknodat-renameat2
detailed listing:
executing program 0:
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
r2 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r2, 0x9)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000000)={0x1c48}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r3, 0x8)
landlock_restrict_self(r3, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x1c0)
r5 = landlock_create_ruleset(&(0x7f0000000200)={0x6490, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r5, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$dsp-write$dsp-ioctl$SNDCTL_DSP_SYNC-ioctl$SNDCTL_DSP_STEREO
detailed listing:
executing program 0:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000100)=0x1)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-socket$nl_generic-prlimit64-setsockopt$SO_BINDTODEVICE-sched_setscheduler-sched_setaffinity-prctl$PR_SCHED_CORE-syz_open_dev$MSR-read$msr-bind$inet-socket$nl_generic-sendmsg$nl_generic-sendto$inet-ioctl$DRM_IOCTL_MODE_GETRESOURCES-ioctl$DRM_IOCTL_MODE_GETCRTC-ioctl$DRM_IOCTL_GEM_OPEN-ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO-seccomp$SECCOMP_SET_MODE_FILTER_LISTENER-openat$dma_heap-ioctl$DMA_HEAP_IOCTL_ALLOC-syz_open_dev$dri-ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='pim6reg1\x00', 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000080)={0x0})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000))
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(0xffffffffffffffff, 0xc0106450, &(0x7f00000000c0)={0x0, 0x0, 0x3})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, <r4=>r2, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r4})

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
single: successfully extracted reproducer
found reproducer with 6 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_ep_read(0xffffffffffffffff, 0x2, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(0x0, 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x0, &(0x7f0000000000))

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
program did not crash
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
validation run: crashed=true
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program did not crash
validation run: crashed=false
testing program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect$hid-syz_usb_control_io-syz_usb_ep_read-syz_usb_control_io-syz_open_dev$hidraw-syz_usb_ep_write
detailed listing:
executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d0001000060000904008002030000000921080400012205000905810320000908070905"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)="f6")

program crashed: KASAN: slab-use-after-free Read in hidraw_report_event
validation run: crashed=true
reproducing took 1h14m29.319905371s
repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56
Read of size 1 at addr ffff888039a26d08 by task ktimers/0/16

CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description+0x55/0x1e0 mm/kasan/report.c:378
 print_report+0x58/0x70 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:574
 kasan_check_byte include/linux/kasan.h:402 [inline]
 lock_acquire+0x84/0x350 kernel/locking/lockdep.c:5844
 rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56
 spin_lock include/linux/spinlock_rt.h:45 [inline]
 hidraw_report_event+0x5d/0x3a0 drivers/hid/hidraw.c:577
 hid_report_raw_event+0x311/0x1730 drivers/hid/hid-core.c:2076
 __hid_input_report drivers/hid/hid-core.c:2152 [inline]
 hid_input_report+0x44e/0x580 drivers/hid/hid-core.c:2174
 hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
 __usb_hcd_giveback_urb+0x3b3/0x5e0 drivers/usb/core/hcd.c:1657
 dummy_timer+0x8a9/0x47d0 drivers/usb/gadget/udc/dummy_hcd.c:2005
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x405/0xb10 kernel/time/hrtimer.c:1994
 hrtimer_run_softirq+0x18f/0x260 kernel/time/hrtimer.c:2011
 handle_softirqs+0x1de/0x6d0 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 run_ktimerd+0x69/0x100 kernel/softirq.c:1155
 smpboot_thread_fn+0x541/0xa50 kernel/smpboot.c:160
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Allocated by task 10:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __kmalloc_cache_noprof+0x3a6/0x690 mm/slub.c:5415
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 hidraw_connect+0x57/0x430 drivers/hid/hidraw.c:606
 hid_connect+0x5bf/0x19d0 drivers/hid/hid-core.c:2277
 hid_hw_start+0xa8/0x120 drivers/hid/hid-core.c:2387
 corsairpsu_probe+0xd9/0x3c0 drivers/hwmon/corsair-psu.c:782
 __hid_device_probe drivers/hid/hid-core.c:2783 [inline]
 hid_device_probe+0x416/0x7a0 drivers/hid/hid-core.c:2820
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 hid_add_device+0x272/0x3e0 drivers/hid/hid-core.c:2964
 usbhid_probe+0xbb3/0x1080 drivers/hid/usbhid/hid-core.c:1448
 usb_probe_interface+0x659/0xc70 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_set_configuration+0x1a87/0x2110 drivers/usb/core/message.c:2268
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c4/0x3b0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_new_device+0x9f8/0x16e0 drivers/usb/core/hub.c:2695
 hub_port_connect drivers/usb/core/hub.c:5567 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x2a49/0x4f60 drivers/usb/core/hub.c:5953
 process_one_work+0x9a3/0x1710 kernel/workqueue.c:3312
 process_scheduled_works kernel/workqueue.c:3403 [inline]
 worker_thread+0xba8/0x11e0 kernel/workqueue.c:3489
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 10:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6246 [inline]
 kfree+0x1c5/0x6c0 mm/slub.c:6561
 hidraw_disconnect+0x4f/0x60 drivers/hid/hidraw.c:662
 hid_disconnect drivers/hid/hid-core.c:2362 [inline]
 hid_hw_stop+0x101/0x1e0 drivers/hid/hid-core.c:2407
 corsairpsu_probe+0x327/0x3c0 drivers/hwmon/corsair-psu.c:826
 __hid_device_probe drivers/hid/hid-core.c:2783 [inline]
 hid_device_probe+0x416/0x7a0 drivers/hid/hid-core.c:2820
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 hid_add_device+0x272/0x3e0 drivers/hid/hid-core.c:2964
 usbhid_probe+0xbb3/0x1080 drivers/hid/usbhid/hid-core.c:1448
 usb_probe_interface+0x659/0xc70 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_set_configuration+0x1a87/0x2110 drivers/usb/core/message.c:2268
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c4/0x3b0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_new_device+0x9f8/0x16e0 drivers/usb/core/hub.c:2695
 hub_port_connect drivers/usb/core/hub.c:5567 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x2a49/0x4f60 drivers/usb/core/hub.c:5953
 process_one_work+0x9a3/0x1710 kernel/workqueue.c:3312
 process_scheduled_works kernel/workqueue.c:3403 [inline]
 worker_thread+0xba8/0x11e0 kernel/workqueue.c:3489
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff888039a26c00
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 264 bytes inside of
 freed 512-byte region [ffff888039a26c00, ffff888039a26e00)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x39a24
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x80000000000040(head|node=0|zone=1)
page_type: f5(slab)
raw: 0080000000000040 ffff88813fe14c80 dead000000000100 dead000000000122
raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
head: 0080000000000040 ffff88813fe14c80 dead000000000100 dead000000000122
head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
head: 0080000000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5865, tgid 5865 (syz-executor), ts 158390292947, free_ts 156250708543
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x22d/0x280 mm/page_alloc.c:1858
 prep_new_page mm/page_alloc.c:1866 [inline]
 get_page_from_freelist+0x27d6/0x2850 mm/page_alloc.c:3946
 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5226
 alloc_slab_page mm/slub.c:3278 [inline]
 allocate_slab+0x77/0x660 mm/slub.c:3467
 new_slab mm/slub.c:3525 [inline]
 refill_objects+0x33c/0x3d0 mm/slub.c:7251
 refill_sheaf mm/slub.c:2816 [inline]
 __pcs_replace_empty_main+0x373/0x720 mm/slub.c:4651
 alloc_from_pcs mm/slub.c:4749 [inline]
 slab_alloc_node mm/slub.c:4883 [inline]
 __kmalloc_cache_noprof+0x44e/0x690 mm/slub.c:5410
 kmalloc_noprof include/linux/slab.h:950 [inline]
 tc_action_net_init include/net/act_api.h:163 [inline]
 nat_init_net+0x65/0x1a0 net/sched/act_nat.c:332
 ops_init+0x35c/0x5c0 net/core/net_namespace.c:137
 setup_net+0x118/0x340 net/core/net_namespace.c:446
 copy_net_ns+0x50e/0x730 net/core/net_namespace.c:579
 create_new_namespaces+0x3e7/0x6a0 kernel/nsproxy.c:132
 unshare_nsproxy_namespaces+0x149/0x190 kernel/nsproxy.c:234
 ksys_unshare+0x57d/0x9f0 kernel/fork.c:3244
 __do_sys_unshare kernel/fork.c:3318 [inline]
 __se_sys_unshare kernel/fork.c:3316 [inline]
 __x64_sys_unshare+0x38/0x50 kernel/fork.c:3316
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
page last free pid 5848 tgid 5848 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1402 [inline]
 __free_frozen_pages+0xf9b/0x10f0 mm/page_alloc.c:2943
 __folio_put+0x2eb/0x3a0 mm/swap.c:112
 folio_put include/linux/mm.h:2090 [inline]
 put_page include/linux/mm.h:2159 [inline]
 put_netmem include/net/netmem.h:394 [inline]
 skb_page_unref include/linux/skbuff_ref.h:43 [inline]
 __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]
 skb_release_data+0x544/0xa60 net/core/skbuff.c:1108
 skb_release_all net/core/skbuff.c:1189 [inline]
 __kfree_skb+0x5d/0x210 net/core/skbuff.c:1203
 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3698 [inline]
 tcp_ack+0x284f/0x7e00 net/ipv4/tcp_input.c:4370
 tcp_rcv_established+0x8c4/0x2800 net/ipv4/tcp_input.c:6645
 tcp_v4_do_rcv+0x755/0x13f0 net/ipv4/tcp_ipv4.c:1852
 sk_backlog_rcv include/net/sock.h:1190 [inline]
 __release_sock+0x285/0x3d0 net/core/sock.c:3216
 __sk_flush_backlog+0x4b/0xe0 net/core/sock.c:3239
 sk_flush_backlog include/net/sock.h:1253 [inline]
 tcp_sendmsg_locked+0x4167/0x5370 net/ipv4/tcp.c:1256
 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1455
 sock_sendmsg_nosec+0xf9/0x150 net/socket.c:797
 __sock_sendmsg net/socket.c:812 [inline]
 sock_write_iter+0x308/0x410 net/socket.c:1269
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0x629/0xba0 fs/read_write.c:688
 ksys_write+0x156/0x270 fs/read_write.c:740
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94

Memory state around the buggy address:
 ffff888039a26c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888039a26c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888039a26d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                      ^
 ffff888039a26d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888039a26e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
==================================================================
BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56
Read of size 1 at addr ffff888039a26d08 by task ktimers/0/16

CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 print_address_description+0x55/0x1e0 mm/kasan/report.c:378
 print_report+0x58/0x70 mm/kasan/report.c:482
 kasan_report+0x117/0x150 mm/kasan/report.c:595
 __kasan_check_byte+0x2a/0x40 mm/kasan/common.c:574
 kasan_check_byte include/linux/kasan.h:402 [inline]
 lock_acquire+0x84/0x350 kernel/locking/lockdep.c:5844
 rt_spin_lock+0x83/0x400 kernel/locking/spinlock_rt.c:56
 spin_lock include/linux/spinlock_rt.h:45 [inline]
 hidraw_report_event+0x5d/0x3a0 drivers/hid/hidraw.c:577
 hid_report_raw_event+0x311/0x1730 drivers/hid/hid-core.c:2076
 __hid_input_report drivers/hid/hid-core.c:2152 [inline]
 hid_input_report+0x44e/0x580 drivers/hid/hid-core.c:2174
 hid_irq_in+0x47e/0x6d0 drivers/hid/usbhid/hid-core.c:286
 __usb_hcd_giveback_urb+0x3b3/0x5e0 drivers/usb/core/hcd.c:1657
 dummy_timer+0x8a9/0x47d0 drivers/usb/gadget/udc/dummy_hcd.c:2005
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x405/0xb10 kernel/time/hrtimer.c:1994
 hrtimer_run_softirq+0x18f/0x260 kernel/time/hrtimer.c:2011
 handle_softirqs+0x1de/0x6d0 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 run_ktimerd+0x69/0x100 kernel/softirq.c:1155
 smpboot_thread_fn+0x541/0xa50 kernel/smpboot.c:160
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>

Allocated by task 10:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
 __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:415
 kasan_kmalloc include/linux/kasan.h:263 [inline]
 __kmalloc_cache_noprof+0x3a6/0x690 mm/slub.c:5415
 kmalloc_noprof include/linux/slab.h:950 [inline]
 kzalloc_noprof include/linux/slab.h:1188 [inline]
 hidraw_connect+0x57/0x430 drivers/hid/hidraw.c:606
 hid_connect+0x5bf/0x19d0 drivers/hid/hid-core.c:2277
 hid_hw_start+0xa8/0x120 drivers/hid/hid-core.c:2387
 corsairpsu_probe+0xd9/0x3c0 drivers/hwmon/corsair-psu.c:782
 __hid_device_probe drivers/hid/hid-core.c:2783 [inline]
 hid_device_probe+0x416/0x7a0 drivers/hid/hid-core.c:2820
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 hid_add_device+0x272/0x3e0 drivers/hid/hid-core.c:2964
 usbhid_probe+0xbb3/0x1080 drivers/hid/usbhid/hid-core.c:1448
 usb_probe_interface+0x659/0xc70 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_set_configuration+0x1a87/0x2110 drivers/usb/core/message.c:2268
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c4/0x3b0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_new_device+0x9f8/0x16e0 drivers/usb/core/hub.c:2695
 hub_port_connect drivers/usb/core/hub.c:5567 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x2a49/0x4f60 drivers/usb/core/hub.c:5953
 process_one_work+0x9a3/0x1710 kernel/workqueue.c:3312
 process_scheduled_works kernel/workqueue.c:3403 [inline]
 worker_thread+0xba8/0x11e0 kernel/workqueue.c:3489
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Freed by task 10:
 kasan_save_stack mm/kasan/common.c:57 [inline]
 kasan_save_track+0x3e/0x80 mm/kasan/common.c:78
 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:584
 poison_slab_object mm/kasan/common.c:253 [inline]
 __kasan_slab_free+0x5c/0x80 mm/kasan/common.c:285
 kasan_slab_free include/linux/kasan.h:235 [inline]
 slab_free_hook mm/slub.c:2689 [inline]
 slab_free mm/slub.c:6246 [inline]
 kfree+0x1c5/0x6c0 mm/slub.c:6561
 hidraw_disconnect+0x4f/0x60 drivers/hid/hidraw.c:662
 hid_disconnect drivers/hid/hid-core.c:2362 [inline]
 hid_hw_stop+0x101/0x1e0 drivers/hid/hid-core.c:2407
 corsairpsu_probe+0x327/0x3c0 drivers/hwmon/corsair-psu.c:826
 __hid_device_probe drivers/hid/hid-core.c:2783 [inline]
 hid_device_probe+0x416/0x7a0 drivers/hid/hid-core.c:2820
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 hid_add_device+0x272/0x3e0 drivers/hid/hid-core.c:2964
 usbhid_probe+0xbb3/0x1080 drivers/hid/usbhid/hid-core.c:1448
 usb_probe_interface+0x659/0xc70 drivers/usb/core/driver.c:396
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_set_configuration+0x1a87/0x2110 drivers/usb/core/message.c:2268
 usb_generic_driver_probe+0x8d/0x150 drivers/usb/core/generic.c:250
 usb_probe_device+0x1c4/0x3b0 drivers/usb/core/driver.c:291
 call_driver_probe drivers/base/dd.c:-1 [inline]
 really_probe+0x267/0xaf0 drivers/base/dd.c:709
 __driver_probe_device+0x1ef/0x380 drivers/base/dd.c:871
 driver_probe_device+0x4f/0x240 drivers/base/dd.c:901
 __device_attach_driver+0x279/0x430 drivers/base/dd.c:1029
 bus_for_each_drv+0x25b/0x2f0 drivers/base/bus.c:500
 __device_attach+0x2c8/0x450 drivers/base/dd.c:1101
 device_initial_probe+0xa1/0xd0 drivers/base/dd.c:1156
 bus_probe_device+0x12d/0x220 drivers/base/bus.c:613
 device_add+0x7e9/0xbb0 drivers/base/core.c:3706
 usb_new_device+0x9f8/0x16e0 drivers/usb/core/hub.c:2695
 hub_port_connect drivers/usb/core/hub.c:5567 [inline]
 hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
 port_event drivers/usb/core/hub.c:5871 [inline]
 hub_event+0x2a49/0x4f60 drivers/usb/core/hub.c:5953
 process_one_work+0x9a3/0x1710 kernel/workqueue.c:3312
 process_scheduled_works kernel/workqueue.c:3403 [inline]
 worker_thread+0xba8/0x11e0 kernel/workqueue.c:3489
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

The buggy address belongs to the object at ffff888039a26c00
 which belongs to the cache kmalloc-512 of size 512
The buggy address is located 264 bytes inside of
 freed 512-byte region [ffff888039a26c00, ffff888039a26e00)

The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x39a24
head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0x80000000000040(head|node=0|zone=1)
page_type: f5(slab)
raw: 0080000000000040 ffff88813fe14c80 dead000000000100 dead000000000122
raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
head: 0080000000000040 ffff88813fe14c80 dead000000000100 dead000000000122
head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
head: 0080000000000002 ffffffffffffff01 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5865, tgid 5865 (syz-executor), ts 158390292947, free_ts 156250708543
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x22d/0x280 mm/page_alloc.c:1858
 prep_new_page mm/page_alloc.c:1866 [inline]
 get_page_from_freelist+0x27d6/0x2850 mm/page_alloc.c:3946
 __alloc_frozen_pages_noprof+0x18d/0x380 mm/page_alloc.c:5226
 alloc_slab_page mm/slub.c:3278 [inline]
 allocate_slab+0x77/0x660 mm/slub.c:3467
 new_slab mm/slub.c:3525 [inline]
 refill_objects+0x33c/0x3d0 mm/slub.c:7251
 refill_sheaf mm/slub.c:2816 [inline]
 __pcs_replace_empty_main+0x373/0x720 mm/slub.c:4651
 alloc_from_pcs mm/slub.c:4749 [inline]
 slab_alloc_node mm/slub.c:4883 [inline]
 __kmalloc_cache_noprof+0x44e/0x690 mm/slub.c:5410
 kmalloc_noprof include/linux/slab.h:950 [inline]
 tc_action_net_init include/net/act_api.h:163 [inline]
 nat_init_net+0x65/0x1a0 net/sched/act_nat.c:332
 ops_init+0x35c/0x5c0 net/core/net_namespace.c:137
 setup_net+0x118/0x340 net/core/net_namespace.c:446
 copy_net_ns+0x50e/0x730 net/core/net_namespace.c:579
 create_new_namespaces+0x3e7/0x6a0 kernel/nsproxy.c:132
 unshare_nsproxy_namespaces+0x149/0x190 kernel/nsproxy.c:234
 ksys_unshare+0x57d/0x9f0 kernel/fork.c:3244
 __do_sys_unshare kernel/fork.c:3318 [inline]
 __se_sys_unshare kernel/fork.c:3316 [inline]
 __x64_sys_unshare+0x38/0x50 kernel/fork.c:3316
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94
page last free pid 5848 tgid 5848 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 __free_pages_prepare mm/page_alloc.c:1402 [inline]
 __free_frozen_pages+0xf9b/0x10f0 mm/page_alloc.c:2943
 __folio_put+0x2eb/0x3a0 mm/swap.c:112
 folio_put include/linux/mm.h:2090 [inline]
 put_page include/linux/mm.h:2159 [inline]
 put_netmem include/net/netmem.h:394 [inline]
 skb_page_unref include/linux/skbuff_ref.h:43 [inline]
 __skb_frag_unref include/linux/skbuff_ref.h:56 [inline]
 skb_release_data+0x544/0xa60 net/core/skbuff.c:1108
 skb_release_all net/core/skbuff.c:1189 [inline]
 __kfree_skb+0x5d/0x210 net/core/skbuff.c:1203
 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3698 [inline]
 tcp_ack+0x284f/0x7e00 net/ipv4/tcp_input.c:4370
 tcp_rcv_established+0x8c4/0x2800 net/ipv4/tcp_input.c:6645
 tcp_v4_do_rcv+0x755/0x13f0 net/ipv4/tcp_ipv4.c:1852
 sk_backlog_rcv include/net/sock.h:1190 [inline]
 __release_sock+0x285/0x3d0 net/core/sock.c:3216
 __sk_flush_backlog+0x4b/0xe0 net/core/sock.c:3239
 sk_flush_backlog include/net/sock.h:1253 [inline]
 tcp_sendmsg_locked+0x4167/0x5370 net/ipv4/tcp.c:1256
 tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1455
 sock_sendmsg_nosec+0xf9/0x150 net/socket.c:797
 __sock_sendmsg net/socket.c:812 [inline]
 sock_write_iter+0x308/0x410 net/socket.c:1269
 new_sync_write fs/read_write.c:595 [inline]
 vfs_write+0x629/0xba0 fs/read_write.c:688
 ksys_write+0x156/0x270 fs/read_write.c:740
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x15f/0xf80 arch/x86/entry/syscall_64.c:94

Memory state around the buggy address:
 ffff888039a26c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888039a26c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888039a26d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                      ^
 ffff888039a26d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff888039a26e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================