Extracting prog: 25m5.699370795s
Minimizing prog: 17m43.231729442s
Simplifying prog options: 0s
Extracting C: 1m13.931453823s
Simplifying C: 34m16.325912612s


extracting reproducer from 30 programs
testing a last program of every proc
single: executing 5 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-exit-syz_open_procfs-recvmmsg-prctl$PR_SCHED_CORE-sendmsg-sched_setattr-brk-syz_mount_image$fuse-ioctl$sock_SIOCGIFINDEX-removexattr-ioctl$FS_IOC_RESVSP-fsopen-syz_genetlink_get_family_id$ethtool-getsockname$packet-ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL-ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL-sendmsg$ETHTOOL_MSG_PAUSE_GET-unshare-bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
exit(0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
brk(0x400000ffc000)
r3 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
removexattr(0x0, &(0x7f00000000c0)=@random={'security.', '/dev/fuse\x00'})
ioctl$FS_IOC_RESVSP(r3, 0x80086601, 0x0)
fsopen(&(0x7f0000000000)='ufs\x00', 0x1)
r4 = syz_genetlink_get_family_id$ethtool(0x0, r2)
getsockname$packet(r2, 0x0, &(0x7f0000000380))
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000003c0)={'gretap0\x00', &(0x7f0000000440)={'erspan0\x00', <r5=>0x0, 0x10, 0x80, 0xdd7, 0x2, {{0x18, 0x4, 0x1, 0x9, 0x60, 0x67, 0x0, 0x2, 0x4, 0x0, @local, @rand_addr=0x64010101, {[@timestamp_prespec={0x44, 0xc, 0x9, 0x3, 0x9, [{@multicast1, 0x2}]}, @cipso={0x86, 0x40, 0x0, [{0x5, 0x11, "61853379342bf9bc837101084905ae"}, {0x2, 0x6, "9b2f6985"}, {0x7, 0x6, "29d6b434"}, {0x2, 0x9, "4107220cb4ea41"}, {0x2, 0x8, "5c99b53f102e"}, {0x1, 0xc, "434c36e509a5c1062086"}]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000600)={'syztnl0\x00', 0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000780)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xb0, r4, 0x20, 0x70bd25, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4}, 0x14)
unshare(0xc040400)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000040000000800000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x5, 0x4, 0x7, 0x0, r6, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000340), 0xffff, r7}, 0x38)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-ioctl$SIOCSIFMTU-sendmmsg$inet
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000000)={'lo\x00'})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005b40)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x20}}], 0x1, 0xc080)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$alg-syz_usb_connect-socket$kcm-bpf$BPF_PROG_WITH_BTFID_LOAD-socket$inet6-setsockopt$sock_attach_bpf-bind$alg-accept4-sendmmsg$inet
detailed listing:
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x52, 0xe8, 0xe5, 0x10, 0x13b1, 0x42, 0xdcc4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x44, 0x0, 0x1, 0x2e, 0xaf, 0xb2, 0x0, [], [{{0x9, 0x5, 0x81, 0x2, 0x3ff}}]}}]}}]}}, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x84)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_ext={0x1c, 0x1e, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000004000000000000000008000018110000", @ANYBLOB, @ANYBLOB="0000000004000000b7124fffffffffff54730400ffffffff18120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000b291000000000000b70200b70000000000000095000000000000007aee0f96a964c9849c8f1fb83237e00ca2ac7a51e698126e4e5894ea5395a87a8ecdc5df1b6550a90f5bad75c338bdb52cc87a0050771912f905acf178a9be0e11ed016d4f9488ef17b067473bfa6213d2b8551cb68ea385a3049d75"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0xcd, &(0x7f0000000180)=""/205, 0x41000, 0x51, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x5, 0x140, 0xfffffffe}, 0x10, 0x4564, 0xffffffffffffffff, 0x1, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000340)=[{0x3, 0x5, 0x4}], 0x10, 0x31, @void, @value}, 0x94)
socket$inet6(0xa, 0x4, 0x2)
setsockopt$sock_attach_bpf(r1, 0x84, 0x84, &(0x7f0000000000)=r2, 0xfeb2)
bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58)
r3 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000840)="baa035bfcaf6b5f2182d3b5050872b6064ca2db4971cef5858c82c9664cf5926a68d066e5aab8d701ea9fb9b8221a093718df80420f4e00dbfc2f8a8b47bad6e4d0b01b90f60f11a67a766a15d30ba7dde0789080e6e675f4779e11e48f7c52e0577ec91ef9e37b57305502ec59fadede73efe692148513e9c4330edc21d56", 0x7f}, {&(0x7f0000000000)='0', 0x1}], 0x2}}], 0x1, 0x0)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$adsp1-ioctl$SNDCTL_DSP_SETFMT-ppoll-openat$audio1-write$dsp
detailed listing:
executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x40000)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
write$dsp(r1, &(0x7f0000000280)="3f3ebf96496a790c1a90be2dc1f4f354874823223d84a059c0965274226d8615ef6db50148787dea82a0d6ceafba54d8a1bb4c021dae906675370cb828fb2b39d793815a60315f1a2c516b44fe84da111f9a24a265148ee0b345a915d7d651736563e62863e45a0ada9d51cf88eae940d2770cc5892be40bde7cb251be69ed71fc48f9df1574b43fd4b8782fc9c9512f34a1df4cf795c4df2145a82d24733685caa2c47a7f191d4dfdb6d16cdddfb3183687b4e8800895566e1e90a21b3d24a382c617104bf4bcdab75edd04d849680d079bed2daa190c23489bcb8f705fdd2195f6abe775ea3f8d280c5875afd303816fbedc65b9859964b6ffbb7fc4f702abeb03adc885e85752144a76ba9504848be70f4d7cd865dfe7495345791ed721c93f9d17b4a78a9b3e3f467adabf03efac22dd1d78151e4845dacceffc1cb1b42f4482f2d251649a9d5af02697b7a1b0abb808f6cb75c22f7bcfd92668672e75c1edf39ca05737def4d603abd0358e4e129af84062fd64401530f00304e6ec889507aeec17a5311e3aa426f805a8a92518176dfd0a32297cda2a7fb693c81bfc5cdcae8ea131d1411144308106666e5be8f56ea8b3ff8c28b09e9773c8085c5392a4750cced5202228261bc00765c30f0b5caf4438a3157764c3d3bbeb82c5265dd82f40a95b33d08e569cc79465e85e8c8bf15952ac6493147e007d19d79935a44061621f73aca555d2e142dcd6f356c86e70b8b577c81c93acc0509819dbe268e579761e9155fe74a969d14197ac7b552307acaa547d967685546530b7c6ad617c8e12d46e8bb281442de856e02b965c41cf1c9479ccee57b694aa531ad505efea789f3f36eecf490b8d06e75d5b83fc091116da24f7909f8a2877ce3dbba33e804ff988da7a4ec3b506beb2bf3ac52a5153b10ac636979472b1df2100d3e3fcab98c85e3b9143a82c95c3b517a32c1cf60150f4b6c0b1f557ed4659dcb8e2c14bdb960b985996024ef067fcb3f29c2609b03a95faba2c01a5d86d7f7152340c54568e5aac57554b1d3c0385b4d3f45afeb77b373e2012f2d3ffcaec079b6e282f506cd96bcab291ca506c5bf88bb26c2cf449e2270902147462835d19fb96d98e858003aa33a3d3f28ac428e182e8e903d2a621389d78470f75f942a175cd104cceef2295930bbf83deca1403bb471c1f59f4cc5a07ef6980ffacad4de3d7825fef97a27dd01e02a12c4e3f589f61edff38f577a515d6189d500724bf7f25c39921c6be65c036d0e5050237d12d68c61c9ec80fa722bf288fa503da63746a0aac4326026e61d3f185984896c2b07f9c04a2643d216b0c128152fe2be48d641a1093a2a82b94b488f802bd7ce72bcb7db98b3e9470d96ec6f352f54de83b87a3d5f6c8e0c619f5d0279edd1629966b4c795160c08329327fcad3cfcca0b12fd1098d58ad09803257235505305a63846397d7036b65937a50283e1874b74c1d57e238c31e034931292f346ae8212906f388d3be2319219767a7ad7547ee07e0c119437b0254092bcfe4d70a5f2bff015901a6219c8629a88abf01f7a1ae3960877d82796878ff5dc14ac3db83a0a3ac45f217a40e6b9964cbc2f2c5681b3a074666755786cca48980826f929ed03ad448ca46cb1a3cfb37bb254a35bafd7e8ee5552e72369a5aa4035677fbe405fad0abd9c9d89fce5cb88a862fec636cc8a06915a4e19a2cf1b517a0883a5c8667896d2b276dc6a0bc333fb070d0fb388b6a4bcdb314190ebe9c24cdb105b487ae65d8f786008e175ead678207bfdee90c9316e541b09b51c6d25e148d89e76fcdcd26d259820e6dba7589446aafe2e93c24d03f2de39cc5fc96c9418f3acc67537327071dcdbdd92f4bd7019db4dc3b56355b49172d6a7b6e6cb4a3aa322a1be262df78947bba2367fbffceaec411fb992831a96d7f8d6638ba72da2c5cf02c61a58c7cc765a0717b13d124ce21f57e367c3acb721b4f420f6d5755871ba7ea04240a190d968f2345eb99f67cb133139e4a2017ba6861ae48bbbb99ef5f3976459aae3e49facd3e89c32503032548c7dc7c309a706c5670ed5f5ab7d56f4502ceb69fa20a1b87b002095268a8acf9dbab2a238ff2e5d287d68d1944b3a7a128a05186e995c2bb3ccee72bc9d08b6929f2b9111c1d886ff0ea503200ca9d828f69a897b9497ed1075ed953b113b86d74d4e7deba7501ada321436d8c02e6970db5bade5c7ec1547534c3891b36dd2307eef6481dcffd94d7ce007375dfb3dd73a6a2aeaca9d8b094aeed37887376d3dc4bb46b6cd142843a56be1f55d4df1e747ffdbf08add9e520e089e3b1f3a1143d4ab887c43fe668eaa3a443068fb6421e8529050d89963570da761404cbcf09aecac53d4d9510eb984f14cf7100dbdc3315f84cc63956ef8a56d27bbc91910d72d6cc1831b7b273cc9b4b0ee8df86c5ec73226e483f7fd7efd5b8214c7c3d8a7f09151d14f990e82b3a838cc2fa467d34aff4f5695b0d22cebf92b2647a6ea520b785a7b45ccb5d15e0d13ea3c5b49163fa9e92dbf4bd56cca975d662ec2d0a4a2fd2bd3c9ae4abc2bc757adceb6f3fd5fe421305273ba26ad761f4de5dfd1f22780087917097d0131158903b20eb65d26dc7edcf1d5e14f38435827a35be9de906bd87ef5d452a77660d02c5115be6a0aa7287c5eee0af3fafe0038904b6c85b994f3dedec499ee1b7aaca73ebbf0867b072bfa492fdbf98357aa6e0bb6bf29954e0731c3bf412a3dd8f1abf37f6eaec11aa3dd2c94f3452944ee37e3511d6765b46a1ba46c6bc2845c9ada71981bd6e176348e0965824efdf6d6fdc09d404fc69aeede1648ec2e65d2d0ea96823288ea4132e2aab89b32d17d47909732e5a1c7fd00cb0d2bcbb6b897a2ca1c4b3e4eaba66c4f1af2909e6d905d441c80e7c6ee02a3903474b2e432b032cacd2322fd800ce75c7582195adcc0fdd2288e54bea0021d105eaf9c378f7f1a5a786fe26bf74feea1c542bd39efa3d2260c68914578b7fe30b578c4fff43b7364d18b74d06929e76d16e2e4c8851babf157e7fd0bb88882cfcc79c84d1821d6c056f9bc47d1577abbbaf40bed2a441c500500fc6f75ef98f8fa226d48e99a8ef869498de983b028d1cf5eb88c19115188d350ad235a07c160f144d8a8a10b3a3b75d548656741a4f4f932be79db1287aa0482dbe08279e2888c6ff42c7942274fe934cf38a266fbc767899ff9c5d7132d97871d2f353e261c33b97210342e74679e450617014cb974506c247123e0437bd32d125bbb7d3977ca323f6a532e7eeb4c78efbef904f7378831f3a04fc4c50a8e95db138ee1de36e58404dcf3159d1d869061afbdff58b2c120dc7830aa9551f152c1fdd451bb347e7b241b37038e1e81558ed0ef51d5ad8c9ae59f8741a1a237a22027cd950da11b619f109fdcc96aa85bd54cefd9c8d533869065b3276fcc9038ebe3c7e9d091c537f53d02b357ce6ecb6e133be4cc8adeeb61959c31b2324443182e555c3f2ea611f63eece94da2ae91cab7ca7274105efc48c3a6a133ca86e26b020a6b2083c98310d9f477b9c665f51946f7ae643ba85869878413a032f6a85e6476a998cf76a8a3ddd2c773069d0625de39d91b52a136fe9b65126657c8bbbc7bdb6b686de0cc3ea8ddbebab503ff0403c1f00b32ed4c712d513a1c4f788cc8b659e7d31d807450697310af6b8cb12ec564c1c488ff70c6d64a3aa624507c32399cbeba55ee9ce7951fd364b19d3fa16d944090c6271f1981ab94579aaf691c6ce392e21a223f7f284fca0c6ed55aafb024b4e1832324bc7bd18dbef1f90d0a854f0cfa2784dfce1fe4cd81e83c8294e323b69b95e48261e4e0d4e95436f000d6cb2a157203a3db65d11fa693bdc91371583cb956119aea7b5a88daa59a9b9d73404d32408a273950f58d719ac4332a4c698526eb77d5704b2e00d7ced752648f3690a76e5e15a14312131c197c8491d224af8b681e3f24bcff244056674a298fe5fb4a0ca779dfafa69f5ddc2d012123bd706051a09f3609bb6558bf47dfef967db47887a2e178fa6f887a057447c56b1d45af4a97207e2630963e46e2a9e054038addf8426190fb04cea244795683338656330ac2030e0b75534f47eebf8b6ceaddc85b0866796cb02a7f94138f281561eada7a5c15efbeed14c49b04a07e3e9202ebc7072801bf817eab45825aacb874a7cfbb586157feca8a2f834afe707934eeeb1a11089da8f87ef36ab9b5d0f038a0d7a21ce93362b782b1de35dde0e10655edc4c7b0ab7a5813e382f17fd87d4d092265c71a8cfc88655a01c3b016f2363a26ec137d0272fe75df369a35659063f31b8659cfab3d84d445606c84a2e73e53ce218a046e11a63cd6eee83201e3f26a1b9908e04d8640ea69d4ce98132b8eee0439e4c1792a81752bcea45126d744e1f020e00c68fd1e1fbb70add2bc4c04b61515e33b0e40fdb3acdb4d18781a3d1eed8f3f30fcf60d6b166af035c25eaeeeb413d6f0bbdbba20185336f2c35d5ce610a5a77993daa6cc69f820dc3571fd44f85afeac7f62df8c70515c2375d2f0669beb47ce0e5bfa3792fbb1c49449772efdae483ff667d22f4bccb2ec6c14c9d5b512392a9a493d401992d3d612c4932abaf9e18c01832cc3e19738e59e1595f7d900f9742c8d081715dc900c05278a3720a745853a71ba1a4d868468a34aa8c1d00b6e7551f357d7da06369b0c30ca89752f3a25358c5d2b68032970060b23f7b9dfcc648fc89a80d2617a75a5423134aaa5b042414313b2752e17f8d47cb0b5c97c0f550c973b5943f31108d05d77fc504e36814f8b102a3937f53fa4d0eb901e234517f7fd653e0a142576985e15772b84f91ee0a3856b47437c21598fdf1f4064b30cfa773112df502316994111d57db3971073f36310c1de4ff63752c79c8f8f7b7cd2b0090dd362fb3c87796dde5ede4cd8b9131a9c7c1c5245081a9fba39cfb1564b6bcb11772a7c3e4946e28220bd78a2974a73ace42d21fbeb84af6d95070fc14aee97e15ef637a724301881bed0390b33be0bb35ca8373cc479cf59f279089d73f4fbd99d888504d1d82993ebe1140c1e4a624b3283cc079b34d1a22b82087d87ed0f1f09ade10a610c5101cc719077eed7ec8e03d3e152f2f24b63aa61b04d3ed9a86dc438ee2efb0ab6d7a1dce911c7fb0d1a8fde2886a934509372aa1de1cec45f658a95bca826e334b9c19837b3299e3a3c2cf246276a9ac8211034654695318dff4005db8f5ce87dd34925262c377bec6cd183b159fdde3301f65dbff01d82132e917fb0fc324c08dcb262ca79bdd063a5d9207b7346b4985b5d9e1f49cec67e21077c4224a3b70953ce00b06d31f58bd374ae2d4f9ba63cf337d8370c8d3e16dd951509677de8c997c893b38f241a7b0842ab29ad8a2496b46d06ae47572df59ebf1e6ccb863ba8ccf84aa8ff05462437965074e1199bbddea6151bbe555b9a8bee1659decc2e6f9c9c0d1e19f0b4a0f0a632937f1ff6f42a12c5f5cd04f6eef26a93dfe68a8d396c0aeff6facee8e3f5f45891816993dc86e310524b052fd2d710b67934b773cdd5b2bcdf436e1bffc768b415b2a34aeaee998e0cb77bc41f1cada767eb699bcf62c6c076b699b8f3f32d57feb00c0d9e375f488a22c372d5305ff28c81b765ca83502cdf0f8b3dac5c5686bf55cd2ddc170ff78ab277231e7db9fe9703d15c3bc3d056acffed5431b57473ad9ba482c649b8811dbad473186b33a7c4b680ad7baab6c", 0x1000)

program did not crash
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program did not crash
single: failed to extract reproducer
bisect: bisecting 30 programs with base timeout 30s
testing program (duration=37s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): [10, 2, 4, 10, 12, 22, 5, 16, 4, 5, 5, 2, 2, 5, 18, 20, 2, 14, 16, 12, 14, 18, 2, 7, 18, 10, 5, 9, 5, 23]
detailed listing:
executing program 4:
mknod$loop(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x8003, 0x1, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='htcp\x00', 0x5)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x1000000, 0x0, 0x0)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14}}, 0x9c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
executing program 4:
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
syz_usb_disconnect(r0)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect(0x2, 0x4a, &(0x7f0000000000)=ANY=[], 0x0)
executing program 1:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000062d14406d0470084761000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000840)={0x44, &(0x7f00000004c0)={0x40, 0x18, 0x17, "10d833788ef11aa395b593b95b3b52c4317c48a84008ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 4:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer], 0x0, 0x0, 0x0})
executing program 4:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket(0x22, 0x2, 0x24)
close(r2)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000000)=<r3=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000f, 0x810, 0xffffffffffffffff, 0xc45f3000)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xe)
ftruncate(r4, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r5, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r5, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, 0x0)
shutdown(r5, 0x1)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
fsopen(0x0, 0x0)
executing program 0:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="1f0033"], 0x3c}}, 0x10)
executing program 0:
ioctl$HIDIOCSREPORT(0xffffffffffffffff, 0x400c4808, 0x0)
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x18, 0x2d, 0x9c, 0x10, 0x930, 0xa13, 0x7644, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf, 0x2, 0x2, 0xff, 0xff, 0x0, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x5509, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x5, 0x36, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000a40)={0x84, &(0x7f0000000700)=ANY=[@ANYBLOB="40156200000044dbe11bc4be4ed02a6d98d895b4dc62042ac72e1ed7f570f6382cb1ad63ddd210c8713ac9fd1b0cb26fe901165ff4db7d71bee41f9d031d37f01f4ac3c9502a9e7525a26e5f1782"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
executing program 1:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x2, 0x400000000000003, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfbffffff}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
executing program 0:
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x903d01)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
write$char_usb(r0, 0x0, 0x0)
executing program 4:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)
executing program 1:
syz_usb_connect(0x5, 0x8f, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x96, 0x6d, 0xf, 0x8, 0x8087, 0xa5a, 0x5f2c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7d, 0x2, 0xa2, 0x0, 0x0, 0x3f, [{{0x9, 0x4, 0xf6, 0x4, 0x3, 0x7e, 0x84, 0xe5, 0x5b, [@uac_control={{0xa, 0x24, 0x1, 0xa, 0x6}, [@extension_unit={0xc, 0x24, 0x8, 0x5, 0x6, 0x7, "0d0a329ce2"}]}], [{{0x9, 0x5, 0x86, 0x10, 0x400, 0xf4, 0x8, 0x4}}, {{0x9, 0x5, 0x0, 0x0, 0x40, 0x81, 0x3, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x10, 0x6000}]}}, {{0x9, 0x5, 0x9, 0x1b, 0x8, 0xc, 0x27, 0x80}}]}}, {{0x9, 0x4, 0xf5, 0x1, 0x4, 0x37, 0xb0, 0x8b, 0x3, [], [{{0x9, 0x5, 0x9, 0x0, 0x0, 0x3, 0x0, 0x4}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0xf7, 0x81, 0x6}}, {{0x9, 0x5, 0x3, 0x3, 0x3ff, 0x8, 0x40, 0x4, [@generic={0x7, 0x5, "a6c6415a9f"}]}}, {{0x9, 0x5, 0x85, 0x3, 0x40, 0xb, 0x2, 0xb}}]}}]}}]}}, 0x0)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)
executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xb0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
executing program 3:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x40000)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
write$dsp(r1, &(0x7f0000000280)="3f3ebf96496a790c1a90be2dc1f4f354874823223d84a059c0965274226d8615ef6db50148787dea82a0d6ceafba54d8a1bb4c021dae906675370cb828fb2b39d793815a60315f1a2c516b44fe84da111f9a24a265148ee0b345a915d7d651736563e62863e45a0ada9d51cf88eae940d2770cc5892be40bde7cb251be69ed71fc48f9df1574b43fd4b8782fc9c9512f34a1df4cf795c4df2145a82d24733685caa2c47a7f191d4dfdb6d16cdddfb3183687b4e8800895566e1e90a21b3d24a382c617104bf4bcdab75edd04d849680d079bed2daa190c23489bcb8f705fdd2195f6abe775ea3f8d280c5875afd303816fbedc65b9859964b6ffbb7fc4f702abeb03adc885e85752144a76ba9504848be70f4d7cd865dfe7495345791ed721c93f9d17b4a78a9b3e3f467adabf03efac22dd1d78151e4845dacceffc1cb1b42f4482f2d251649a9d5af02697b7a1b0abb808f6cb75c22f7bcfd92668672e75c1edf39ca05737def4d603abd0358e4e129af84062fd64401530f00304e6ec889507aeec17a5311e3aa426f805a8a92518176dfd0a32297cda2a7fb693c81bfc5cdcae8ea131d1411144308106666e5be8f56ea8b3ff8c28b09e9773c8085c5392a4750cced5202228261bc00765c30f0b5caf4438a3157764c3d3bbeb82c5265dd82f40a95b33d08e569cc79465e85e8c8bf15952ac6493147e007d19d79935a44061621f73aca555d2e142dcd6f356c86e70b8b577c81c93acc0509819dbe268e579761e9155fe74a969d14197ac7b552307acaa547d967685546530b7c6ad617c8e12d46e8bb281442de856e02b965c41cf1c9479ccee57b694aa531ad505efea789f3f36eecf490b8d06e75d5b83fc091116da24f7909f8a2877ce3dbba33e804ff988da7a4ec3b506beb2bf3ac52a5153b10ac636979472b1df2100d3e3fcab98c85e3b9143a82c95c3b517a32c1cf60150f4b6c0b1f557ed4659dcb8e2c14bdb960b985996024ef067fcb3f29c2609b03a95faba2c01a5d86d7f7152340c54568e5aac57554b1d3c0385b4d3f45afeb77b373e2012f2d3ffcaec079b6e282f506cd96bcab291ca506c5bf88bb26c2cf449e2270902147462835d19fb96d98e858003aa33a3d3f28ac428e182e8e903d2a621389d78470f75f942a175cd104cceef2295930bbf83deca1403bb471c1f59f4cc5a07ef6980ffacad4de3d7825fef97a27dd01e02a12c4e3f589f61edff38f577a515d6189d500724bf7f25c39921c6be65c036d0e5050237d12d68c61c9ec80fa722bf288fa503da63746a0aac4326026e61d3f185984896c2b07f9c04a2643d216b0c128152fe2be48d641a1093a2a82b94b488f802bd7ce72bcb7db98b3e9470d96ec6f352f54de83b87a3d5f6c8e0c619f5d0279edd1629966b4c795160c08329327fcad3cfcca0b12fd1098d58ad09803257235505305a63846397d7036b65937a50283e1874b74c1d57e238c31e034931292f346ae8212906f388d3be2319219767a7ad7547ee07e0c119437b0254092bcfe4d70a5f2bff015901a6219c8629a88abf01f7a1ae3960877d82796878ff5dc14ac3db83a0a3ac45f217a40e6b9964cbc2f2c5681b3a074666755786cca48980826f929ed03ad448ca46cb1a3cfb37bb254a35bafd7e8ee5552e72369a5aa4035677fbe405fad0abd9c9d89fce5cb88a862fec636cc8a06915a4e19a2cf1b517a0883a5c8667896d2b276dc6a0bc333fb070d0fb388b6a4bcdb314190ebe9c24cdb105b487ae65d8f786008e175ead678207bfdee90c9316e541b09b51c6d25e148d89e76fcdcd26d259820e6dba7589446aafe2e93c24d03f2de39cc5fc96c9418f3acc67537327071dcdbdd92f4bd7019db4dc3b56355b49172d6a7b6e6cb4a3aa322a1be262df78947bba2367fbffceaec411fb992831a96d7f8d6638ba72da2c5cf02c61a58c7cc765a0717b13d124ce21f57e367c3acb721b4f420f6d5755871ba7ea04240a190d968f2345eb99f67cb133139e4a2017ba6861ae48bbbb99ef5f3976459aae3e49facd3e89c32503032548c7dc7c309a706c5670ed5f5ab7d56f4502ceb69fa20a1b87b002095268a8acf9dbab2a238ff2e5d287d68d1944b3a7a128a05186e995c2bb3ccee72bc9d08b6929f2b9111c1d886ff0ea503200ca9d828f69a897b9497ed1075ed953b113b86d74d4e7deba7501ada321436d8c02e6970db5bade5c7ec1547534c3891b36dd2307eef6481dcffd94d7ce007375dfb3dd73a6a2aeaca9d8b094aeed37887376d3dc4bb46b6cd142843a56be1f55d4df1e747ffdbf08add9e520e089e3b1f3a1143d4ab887c43fe668eaa3a443068fb6421e8529050d89963570da761404cbcf09aecac53d4d9510eb984f14cf7100dbdc3315f84cc63956ef8a56d27bbc91910d72d6cc1831b7b273cc9b4b0ee8df86c5ec73226e483f7fd7efd5b8214c7c3d8a7f09151d14f990e82b3a838cc2fa467d34aff4f5695b0d22cebf92b2647a6ea520b785a7b45ccb5d15e0d13ea3c5b49163fa9e92dbf4bd56cca975d662ec2d0a4a2fd2bd3c9ae4abc2bc757adceb6f3fd5fe421305273ba26ad761f4de5dfd1f22780087917097d0131158903b20eb65d26dc7edcf1d5e14f38435827a35be9de906bd87ef5d452a77660d02c5115be6a0aa7287c5eee0af3fafe0038904b6c85b994f3dedec499ee1b7aaca73ebbf0867b072bfa492fdbf98357aa6e0bb6bf29954e0731c3bf412a3dd8f1abf37f6eaec11aa3dd2c94f3452944ee37e3511d6765b46a1ba46c6bc2845c9ada71981bd6e176348e0965824efdf6d6fdc09d404fc69aeede1648ec2e65d2d0ea96823288ea4132e2aab89b32d17d47909732e5a1c7fd00cb0d2bcbb6b897a2ca1c4b3e4eaba66c4f1af2909e6d905d441c80e7c6ee02a3903474b2e432b032cacd2322fd800ce75c7582195adcc0fdd2288e54bea0021d105eaf9c378f7f1a5a786fe26bf74feea1c542bd39efa3d2260c68914578b7fe30b578c4fff43b7364d18b74d06929e76d16e2e4c8851babf157e7fd0bb88882cfcc79c84d1821d6c056f9bc47d1577abbbaf40bed2a441c500500fc6f75ef98f8fa226d48e99a8ef869498de983b028d1cf5eb88c19115188d350ad235a07c160f144d8a8a10b3a3b75d548656741a4f4f932be79db1287aa0482dbe08279e2888c6ff42c7942274fe934cf38a266fbc767899ff9c5d7132d97871d2f353e261c33b97210342e74679e450617014cb974506c247123e0437bd32d125bbb7d3977ca323f6a532e7eeb4c78efbef904f7378831f3a04fc4c50a8e95db138ee1de36e58404dcf3159d1d869061afbdff58b2c120dc7830aa9551f152c1fdd451bb347e7b241b37038e1e81558ed0ef51d5ad8c9ae59f8741a1a237a22027cd950da11b619f109fdcc96aa85bd54cefd9c8d533869065b3276fcc9038ebe3c7e9d091c537f53d02b357ce6ecb6e133be4cc8adeeb61959c31b2324443182e555c3f2ea611f63eece94da2ae91cab7ca7274105efc48c3a6a133ca86e26b020a6b2083c98310d9f477b9c665f51946f7ae643ba85869878413a032f6a85e6476a998cf76a8a3ddd2c773069d0625de39d91b52a136fe9b65126657c8bbbc7bdb6b686de0cc3ea8ddbebab503ff0403c1f00b32ed4c712d513a1c4f788cc8b659e7d31d807450697310af6b8cb12ec564c1c488ff70c6d64a3aa624507c32399cbeba55ee9ce7951fd364b19d3fa16d944090c6271f1981ab94579aaf691c6ce392e21a223f7f284fca0c6ed55aafb024b4e1832324bc7bd18dbef1f90d0a854f0cfa2784dfce1fe4cd81e83c8294e323b69b95e48261e4e0d4e95436f000d6cb2a157203a3db65d11fa693bdc91371583cb956119aea7b5a88daa59a9b9d73404d32408a273950f58d719ac4332a4c698526eb77d5704b2e00d7ced752648f3690a76e5e15a14312131c197c8491d224af8b681e3f24bcff244056674a298fe5fb4a0ca779dfafa69f5ddc2d012123bd706051a09f3609bb6558bf47dfef967db47887a2e178fa6f887a057447c56b1d45af4a97207e2630963e46e2a9e054038addf8426190fb04cea244795683338656330ac2030e0b75534f47eebf8b6ceaddc85b0866796cb02a7f94138f281561eada7a5c15efbeed14c49b04a07e3e9202ebc7072801bf817eab45825aacb874a7cfbb586157feca8a2f834afe707934eeeb1a11089da8f87ef36ab9b5d0f038a0d7a21ce93362b782b1de35dde0e10655edc4c7b0ab7a5813e382f17fd87d4d092265c71a8cfc88655a01c3b016f2363a26ec137d0272fe75df369a35659063f31b8659cfab3d84d445606c84a2e73e53ce218a046e11a63cd6eee83201e3f26a1b9908e04d8640ea69d4ce98132b8eee0439e4c1792a81752bcea45126d744e1f020e00c68fd1e1fbb70add2bc4c04b61515e33b0e40fdb3acdb4d18781a3d1eed8f3f30fcf60d6b166af035c25eaeeeb413d6f0bbdbba20185336f2c35d5ce610a5a77993daa6cc69f820dc3571fd44f85afeac7f62df8c70515c2375d2f0669beb47ce0e5bfa3792fbb1c49449772efdae483ff667d22f4bccb2ec6c14c9d5b512392a9a493d401992d3d612c4932abaf9e18c01832cc3e19738e59e1595f7d900f9742c8d081715dc900c05278a3720a745853a71ba1a4d868468a34aa8c1d00b6e7551f357d7da06369b0c30ca89752f3a25358c5d2b68032970060b23f7b9dfcc648fc89a80d2617a75a5423134aaa5b042414313b2752e17f8d47cb0b5c97c0f550c973b5943f31108d05d77fc504e36814f8b102a3937f53fa4d0eb901e234517f7fd653e0a142576985e15772b84f91ee0a3856b47437c21598fdf1f4064b30cfa773112df502316994111d57db3971073f36310c1de4ff63752c79c8f8f7b7cd2b0090dd362fb3c87796dde5ede4cd8b9131a9c7c1c5245081a9fba39cfb1564b6bcb11772a7c3e4946e28220bd78a2974a73ace42d21fbeb84af6d95070fc14aee97e15ef637a724301881bed0390b33be0bb35ca8373cc479cf59f279089d73f4fbd99d888504d1d82993ebe1140c1e4a624b3283cc079b34d1a22b82087d87ed0f1f09ade10a610c5101cc719077eed7ec8e03d3e152f2f24b63aa61b04d3ed9a86dc438ee2efb0ab6d7a1dce911c7fb0d1a8fde2886a934509372aa1de1cec45f658a95bca826e334b9c19837b3299e3a3c2cf246276a9ac8211034654695318dff4005db8f5ce87dd34925262c377bec6cd183b159fdde3301f65dbff01d82132e917fb0fc324c08dcb262ca79bdd063a5d9207b7346b4985b5d9e1f49cec67e21077c4224a3b70953ce00b06d31f58bd374ae2d4f9ba63cf337d8370c8d3e16dd951509677de8c997c893b38f241a7b0842ab29ad8a2496b46d06ae47572df59ebf1e6ccb863ba8ccf84aa8ff05462437965074e1199bbddea6151bbe555b9a8bee1659decc2e6f9c9c0d1e19f0b4a0f0a632937f1ff6f42a12c5f5cd04f6eef26a93dfe68a8d396c0aeff6facee8e3f5f45891816993dc86e310524b052fd2d710b67934b773cdd5b2bcdf436e1bffc768b415b2a34aeaee998e0cb77bc41f1cada767eb699bcf62c6c076b699b8f3f32d57feb00c0d9e375f488a22c372d5305ff28c81b765ca83502cdf0f8b3dac5c5686bf55cd2ddc170ff78ab277231e7db9fe9703d15c3bc3d056acffed5431b57473ad9ba482c649b8811dbad473186b33a7c4b680ad7baab6c", 0x1000)
executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
epoll_create1(0x80000)
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x58}}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x69)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
write$tun(r3, 0x0, 0x0)
executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x4c}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000580)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
ftruncate(r3, 0x7f)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f00000001c0)=0x1)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x3}, 0x1c)
openat$binder_debug(0xffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="60000000100001042cbd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="7b01000001c80400400012800b0001006272696467650000300002800c002000040000000000000006000800a80900000c0021000500fcff010000000c001e00000000e0ad57e202"], 0x60}, 0x1, 0x0, 0x0, 0x20008880}, 0x20040844)
executing program 1:
syz_usb_connect(0x0, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x1, 0x8b, 0x3a, 0x20, 0x711, 0x210, 0x7c8a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0xd3, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x62, 0x1, 0x2, 0x5b, 0x37, 0xe1, 0x4, [], [{{0x9, 0x5, 0xc, 0x6, 0x200, 0xa, 0x7f, 0x4}}, {{0x9, 0x5, 0x2, 0x2, 0x8, 0x4, 0xdc, 0x9}}]}}]}}]}}, 0x0)
syz_usb_connect$uac1(0x5, 0xe0, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xce, 0x3, 0x1, 0x6, 0x40, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8, 0x8}, [@feature_unit={0x9, 0x24, 0x6, 0x2, 0x3, 0x1, [0x1], 0x9}, @selector_unit={0x9, 0x24, 0x5, 0x2, 0x40, "20559392"}, @output_terminal={0x9, 0x24, 0x3, 0x3, 0x306, 0x5, 0x4, 0x10}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x4, 0x1, 0xd, 0x3}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x4, 0x0, 0x6, "a8"}, @as_header={0x7, 0x24, 0x1, 0x9, 0x9, 0x1}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x7f, 0x1, 0x8, 0x9d, "caa5", "e7"}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x6, 0x3, 0x7f, 0x0, "90"}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x8, 0x5, 0x9, {0x7, 0x25, 0x1, 0x0, 0x7, 0xfaed}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x4, 0x6, 0x66, "916fd8bf"}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x7, 0x1, 0x4, 0x8, "b53b9a0f01"}, @as_header={0x7, 0x24, 0x1, 0xd0, 0x8b, 0x3}, @as_header={0x7, 0x24, 0x1, 0xd, 0x5, 0x4}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x95, 0x5, 0xe1, {0x7, 0x25, 0x1, 0x0, 0x6, 0x3}}}}}}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x300, 0x19, 0x2, 0x4, 0x60, 0xd9}, 0x37, &(0x7f0000000180)={0x5, 0xf, 0x37, 0x5, [@wireless={0xb, 0x10, 0x1, 0x4, 0x2, 0x4, 0x2, 0x8000, 0xe7}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xc, 0x0, 0x3}, @ssp_cap={0xc, 0x10, 0xa, 0xfc, 0x0, 0x3, 0x0, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x5, 0xc, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x81, 0x2, 0x4}]}, 0x5, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x843}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0xf09f}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x3401}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x429}}]})
executing program 3:
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc003, 0x3, 0x5, 0x0, 0x4, 0x7, 0xd, 0xb9, 0x0, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xff, 0x2, 0xff, 0x0, 0x4, 0x4, 0x7b, 0x20c}, {0x1, 0x6, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x7}], 0xfbffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x8, 0x81, 0x1, 0x43, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1, 0x6904, 0x4, 0x9, 0x7, 0x0, 0x0, 0x8000000057], 0x1, 0x41707})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000080)=@arm64={0x3, 0xc, 0xf, '\x00', 0x10001})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000480)={[{0x9570000, 0x3, 0x0, 0x0, 0x85, 0x1, 0xff, 0x2, 0x6, 0x4, 0x47, 0xf, 0x1}, {0x9f83, 0x7, 0xe, 0x5a, 0x1, 0x3, 0x9, 0x81, 0x7, 0x5, 0x6, 0x3, 0x6}, {0x6, 0x1005, 0x81, 0xa, 0x6, 0x46, 0xf8, 0x4f, 0xc, 0x98, 0x1a, 0x1, 0x8}], 0x3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
executing program 3:
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x10001}, 0x18)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000044d564b"])
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
syz_open_dev$I2C(&(0x7f0000000300), 0xc, 0x20c40)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xb, 0x9, &(0x7f0000001280)=ANY=[], &(0x7f0000000540)='syzkaller\x00', 0x520e854a, 0x1000, &(0x7f0000002400)=""/4096, 0x41000, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, &(0x7f0000000640)={0x1, 0x5}, 0x8, 0x10, &(0x7f00000007c0)={0x3, 0x3, 0x7, 0x9}, 0x10, 0x0, 0xffffffffffffffff, 0x5, &(0x7f0000000800), &(0x7f0000000840)=[{0x0, 0x2, 0x1, 0x1}, {0x4, 0x5, 0x7, 0x8}, {0x1, 0x5, 0x6, 0x8}, {0x5, 0x1, 0xd, 0x9}, {0x5, 0x4, 0x5, 0x9}], 0x10, 0x7, @void, @value}, 0x94)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
executing program 2:
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer={0x40086303, r3}], 0x0, 0x0, 0x0})
executing program 2:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00'}, 0x18)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
executing program 3:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
epoll_create1(0x80000)
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x58}}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x69)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
write$tun(r3, 0x0, 0x0)
executing program 2:
semtimedop(0x0, &(0x7f0000000300)=[{0x3, 0xfff7, 0x1000}], 0x1f4, 0x0)
semctl$SETVAL(0x0, 0x3, 0x10, &(0x7f0000000040)=0x4)
executing program 2:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xf, 0x9}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x4}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000012c0)=@newtfilter={0x54, 0x2c, 0xd2d, 0x0, 0x4000000, {0x0, 0x0, 0x0, r3, {}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8847}, @TCA_FLOWER_KEY_MPLS_OPTS={0x18, 0x63, 0x0, 0x1, @TCA_FLOWER_KEY_MPLS_OPTS_LSE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL={0x8, 0x5, {0x400, 0x0, 0x1}}, @TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH={0x5, 0x1, 0x7}]}}]}}]}, 0x54}}, 0x20000000)
executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f00000020c0)={0x2020}, 0x2020)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x200, 0x0, 0xffffffff, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20004040}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c00028005000100000000000800084000000008140005"], 0x5c}}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2a8802, 0x0)
write$tun(r5, &(0x7f0000000580)=ANY=[@ANYBLOB="00030900050009000100c6aa5a91527b379e717e2471228b44745dabc400ade5ae5fd1c5140b66739c2f797eedb0f6af05093213a2b68a5c80fe15195547fd8433c055d0e8afb98f2e5a06347349d28fd7a8d5b7dc785d7db2f58b5c3e48d75677276b6c325f61f2816740b2b2a0aa45d5d3438ae903b512c94c7a29c48553be8769680a02e772d703523ec2ae8b7c5a2f5c34479a4dc97a85187c942756a9204ce9e3bd9429ae3b1c1478239619461b3736454352089ca5a7a18002eade717c627d48e0be4dc66c48d4ec30c254b4dd84e9b31399cc3a351876dc16d482739e3c8f78e042fa6010e2fd282ed857d80d55a5667d2d23f8e4e9367df282809912c2eae08d74aa96af117470e2ebdbac3d5060b27b526a0c71a5b8944d92cb83c859f514085f7bd28d5587c51809d7f947ae9c30e37cfd3ec94889192e3b7f4df419fdfef4596bb94767646f7cdf32596d8e7016d0ce77ac5b8907845586c1c678c79cb99afd6db1ffab02afabe8195fa928102d"], 0xf8)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x200)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4})
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x3, 0x7fff0000}]})
close_range(r7, 0xffffffffffffffff, 0x0)
executing program 2:
mknod$loop(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00'})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='htcp\x00', 0x5)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x1000000, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x40000)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
write$dsp(r1, &(0x7f0000000280)="3f3ebf96496a790c1a90be2dc1f4f354874823223d84a059c0965274226d8615ef6db50148787dea82a0d6ceafba54d8a1bb4c021dae906675370cb828fb2b39d793815a60315f1a2c516b44fe84da111f9a24a265148ee0b345a915d7d651736563e62863e45a0ada9d51cf88eae940d2770cc5892be40bde7cb251be69ed71fc48f9df1574b43fd4b8782fc9c9512f34a1df4cf795c4df2145a82d24733685caa2c47a7f191d4dfdb6d16cdddfb3183687b4e8800895566e1e90a21b3d24a382c617104bf4bcdab75edd04d849680d079bed2daa190c23489bcb8f705fdd2195f6abe775ea3f8d280c5875afd303816fbedc65b9859964b6ffbb7fc4f702abeb03adc885e85752144a76ba9504848be70f4d7cd865dfe7495345791ed721c93f9d17b4a78a9b3e3f467adabf03efac22dd1d78151e4845dacceffc1cb1b42f4482f2d251649a9d5af02697b7a1b0abb808f6cb75c22f7bcfd92668672e75c1edf39ca05737def4d603abd0358e4e129af84062fd64401530f00304e6ec889507aeec17a5311e3aa426f805a8a92518176dfd0a32297cda2a7fb693c81bfc5cdcae8ea131d1411144308106666e5be8f56ea8b3ff8c28b09e9773c8085c5392a4750cced5202228261bc00765c30f0b5caf4438a3157764c3d3bbeb82c5265dd82f40a95b33d08e569cc79465e85e8c8bf15952ac6493147e007d19d79935a44061621f73aca555d2e142dcd6f356c86e70b8b577c81c93acc0509819dbe268e579761e9155fe74a969d14197ac7b552307acaa547d967685546530b7c6ad617c8e12d46e8bb281442de856e02b965c41cf1c9479ccee57b694aa531ad505efea789f3f36eecf490b8d06e75d5b83fc091116da24f7909f8a2877ce3dbba33e804ff988da7a4ec3b506beb2bf3ac52a5153b10ac636979472b1df2100d3e3fcab98c85e3b9143a82c95c3b517a32c1cf60150f4b6c0b1f557ed4659dcb8e2c14bdb960b985996024ef067fcb3f29c2609b03a95faba2c01a5d86d7f7152340c54568e5aac57554b1d3c0385b4d3f45afeb77b373e2012f2d3ffcaec079b6e282f506cd96bcab291ca506c5bf88bb26c2cf449e2270902147462835d19fb96d98e858003aa33a3d3f28ac428e182e8e903d2a621389d78470f75f942a175cd104cceef2295930bbf83deca1403bb471c1f59f4cc5a07ef6980ffacad4de3d7825fef97a27dd01e02a12c4e3f589f61edff38f577a515d6189d500724bf7f25c39921c6be65c036d0e5050237d12d68c61c9ec80fa722bf288fa503da63746a0aac4326026e61d3f185984896c2b07f9c04a2643d216b0c128152fe2be48d641a1093a2a82b94b488f802bd7ce72bcb7db98b3e9470d96ec6f352f54de83b87a3d5f6c8e0c619f5d0279edd1629966b4c795160c08329327fcad3cfcca0b12fd1098d58ad09803257235505305a63846397d7036b65937a50283e1874b74c1d57e238c31e034931292f346ae8212906f388d3be2319219767a7ad7547ee07e0c119437b0254092bcfe4d70a5f2bff015901a6219c8629a88abf01f7a1ae3960877d82796878ff5dc14ac3db83a0a3ac45f217a40e6b9964cbc2f2c5681b3a074666755786cca48980826f929ed03ad448ca46cb1a3cfb37bb254a35bafd7e8ee5552e72369a5aa4035677fbe405fad0abd9c9d89fce5cb88a862fec636cc8a06915a4e19a2cf1b517a0883a5c8667896d2b276dc6a0bc333fb070d0fb388b6a4bcdb314190ebe9c24cdb105b487ae65d8f786008e175ead678207bfdee90c9316e541b09b51c6d25e148d89e76fcdcd26d259820e6dba7589446aafe2e93c24d03f2de39cc5fc96c9418f3acc67537327071dcdbdd92f4bd7019db4dc3b56355b49172d6a7b6e6cb4a3aa322a1be262df78947bba2367fbffceaec411fb992831a96d7f8d6638ba72da2c5cf02c61a58c7cc765a0717b13d124ce21f57e367c3acb721b4f420f6d5755871ba7ea04240a190d968f2345eb99f67cb133139e4a2017ba6861ae48bbbb99ef5f3976459aae3e49facd3e89c32503032548c7dc7c309a706c5670ed5f5ab7d56f4502ceb69fa20a1b87b002095268a8acf9dbab2a238ff2e5d287d68d1944b3a7a128a05186e995c2bb3ccee72bc9d08b6929f2b9111c1d886ff0ea503200ca9d828f69a897b9497ed1075ed953b113b86d74d4e7deba7501ada321436d8c02e6970db5bade5c7ec1547534c3891b36dd2307eef6481dcffd94d7ce007375dfb3dd73a6a2aeaca9d8b094aeed37887376d3dc4bb46b6cd142843a56be1f55d4df1e747ffdbf08add9e520e089e3b1f3a1143d4ab887c43fe668eaa3a443068fb6421e8529050d89963570da761404cbcf09aecac53d4d9510eb984f14cf7100dbdc3315f84cc63956ef8a56d27bbc91910d72d6cc1831b7b273cc9b4b0ee8df86c5ec73226e483f7fd7efd5b8214c7c3d8a7f09151d14f990e82b3a838cc2fa467d34aff4f5695b0d22cebf92b2647a6ea520b785a7b45ccb5d15e0d13ea3c5b49163fa9e92dbf4bd56cca975d662ec2d0a4a2fd2bd3c9ae4abc2bc757adceb6f3fd5fe421305273ba26ad761f4de5dfd1f22780087917097d0131158903b20eb65d26dc7edcf1d5e14f38435827a35be9de906bd87ef5d452a77660d02c5115be6a0aa7287c5eee0af3fafe0038904b6c85b994f3dedec499ee1b7aaca73ebbf0867b072bfa492fdbf98357aa6e0bb6bf29954e0731c3bf412a3dd8f1abf37f6eaec11aa3dd2c94f3452944ee37e3511d6765b46a1ba46c6bc2845c9ada71981bd6e176348e0965824efdf6d6fdc09d404fc69aeede1648ec2e65d2d0ea96823288ea4132e2aab89b32d17d47909732e5a1c7fd00cb0d2bcbb6b897a2ca1c4b3e4eaba66c4f1af2909e6d905d441c80e7c6ee02a3903474b2e432b032cacd2322fd800ce75c7582195adcc0fdd2288e54bea0021d105eaf9c378f7f1a5a786fe26bf74feea1c542bd39efa3d2260c68914578b7fe30b578c4fff43b7364d18b74d06929e76d16e2e4c8851babf157e7fd0bb88882cfcc79c84d1821d6c056f9bc47d1577abbbaf40bed2a441c500500fc6f75ef98f8fa226d48e99a8ef869498de983b028d1cf5eb88c19115188d350ad235a07c160f144d8a8a10b3a3b75d548656741a4f4f932be79db1287aa0482dbe08279e2888c6ff42c7942274fe934cf38a266fbc767899ff9c5d7132d97871d2f353e261c33b97210342e74679e450617014cb974506c247123e0437bd32d125bbb7d3977ca323f6a532e7eeb4c78efbef904f7378831f3a04fc4c50a8e95db138ee1de36e58404dcf3159d1d869061afbdff58b2c120dc7830aa9551f152c1fdd451bb347e7b241b37038e1e81558ed0ef51d5ad8c9ae59f8741a1a237a22027cd950da11b619f109fdcc96aa85bd54cefd9c8d533869065b3276fcc9038ebe3c7e9d091c537f53d02b357ce6ecb6e133be4cc8adeeb61959c31b2324443182e555c3f2ea611f63eece94da2ae91cab7ca7274105efc48c3a6a133ca86e26b020a6b2083c98310d9f477b9c665f51946f7ae643ba85869878413a032f6a85e6476a998cf76a8a3ddd2c773069d0625de39d91b52a136fe9b65126657c8bbbc7bdb6b686de0cc3ea8ddbebab503ff0403c1f00b32ed4c712d513a1c4f788cc8b659e7d31d807450697310af6b8cb12ec564c1c488ff70c6d64a3aa624507c32399cbeba55ee9ce7951fd364b19d3fa16d944090c6271f1981ab94579aaf691c6ce392e21a223f7f284fca0c6ed55aafb024b4e1832324bc7bd18dbef1f90d0a854f0cfa2784dfce1fe4cd81e83c8294e323b69b95e48261e4e0d4e95436f000d6cb2a157203a3db65d11fa693bdc91371583cb956119aea7b5a88daa59a9b9d73404d32408a273950f58d719ac4332a4c698526eb77d5704b2e00d7ced752648f3690a76e5e15a14312131c197c8491d224af8b681e3f24bcff244056674a298fe5fb4a0ca779dfafa69f5ddc2d012123bd706051a09f3609bb6558bf47dfef967db47887a2e178fa6f887a057447c56b1d45af4a97207e2630963e46e2a9e054038addf8426190fb04cea244795683338656330ac2030e0b75534f47eebf8b6ceaddc85b0866796cb02a7f94138f281561eada7a5c15efbeed14c49b04a07e3e9202ebc7072801bf817eab45825aacb874a7cfbb586157feca8a2f834afe707934eeeb1a11089da8f87ef36ab9b5d0f038a0d7a21ce93362b782b1de35dde0e10655edc4c7b0ab7a5813e382f17fd87d4d092265c71a8cfc88655a01c3b016f2363a26ec137d0272fe75df369a35659063f31b8659cfab3d84d445606c84a2e73e53ce218a046e11a63cd6eee83201e3f26a1b9908e04d8640ea69d4ce98132b8eee0439e4c1792a81752bcea45126d744e1f020e00c68fd1e1fbb70add2bc4c04b61515e33b0e40fdb3acdb4d18781a3d1eed8f3f30fcf60d6b166af035c25eaeeeb413d6f0bbdbba20185336f2c35d5ce610a5a77993daa6cc69f820dc3571fd44f85afeac7f62df8c70515c2375d2f0669beb47ce0e5bfa3792fbb1c49449772efdae483ff667d22f4bccb2ec6c14c9d5b512392a9a493d401992d3d612c4932abaf9e18c01832cc3e19738e59e1595f7d900f9742c8d081715dc900c05278a3720a745853a71ba1a4d868468a34aa8c1d00b6e7551f357d7da06369b0c30ca89752f3a25358c5d2b68032970060b23f7b9dfcc648fc89a80d2617a75a5423134aaa5b042414313b2752e17f8d47cb0b5c97c0f550c973b5943f31108d05d77fc504e36814f8b102a3937f53fa4d0eb901e234517f7fd653e0a142576985e15772b84f91ee0a3856b47437c21598fdf1f4064b30cfa773112df502316994111d57db3971073f36310c1de4ff63752c79c8f8f7b7cd2b0090dd362fb3c87796dde5ede4cd8b9131a9c7c1c5245081a9fba39cfb1564b6bcb11772a7c3e4946e28220bd78a2974a73ace42d21fbeb84af6d95070fc14aee97e15ef637a724301881bed0390b33be0bb35ca8373cc479cf59f279089d73f4fbd99d888504d1d82993ebe1140c1e4a624b3283cc079b34d1a22b82087d87ed0f1f09ade10a610c5101cc719077eed7ec8e03d3e152f2f24b63aa61b04d3ed9a86dc438ee2efb0ab6d7a1dce911c7fb0d1a8fde2886a934509372aa1de1cec45f658a95bca826e334b9c19837b3299e3a3c2cf246276a9ac8211034654695318dff4005db8f5ce87dd34925262c377bec6cd183b159fdde3301f65dbff01d82132e917fb0fc324c08dcb262ca79bdd063a5d9207b7346b4985b5d9e1f49cec67e21077c4224a3b70953ce00b06d31f58bd374ae2d4f9ba63cf337d8370c8d3e16dd951509677de8c997c893b38f241a7b0842ab29ad8a2496b46d06ae47572df59ebf1e6ccb863ba8ccf84aa8ff05462437965074e1199bbddea6151bbe555b9a8bee1659decc2e6f9c9c0d1e19f0b4a0f0a632937f1ff6f42a12c5f5cd04f6eef26a93dfe68a8d396c0aeff6facee8e3f5f45891816993dc86e310524b052fd2d710b67934b773cdd5b2bcdf436e1bffc768b415b2a34aeaee998e0cb77bc41f1cada767eb699bcf62c6c076b699b8f3f32d57feb00c0d9e375f488a22c372d5305ff28c81b765ca83502cdf0f8b3dac5c5686bf55cd2ddc170ff78ab277231e7db9fe9703d15c3bc3d056acffed5431b57473ad9ba482c649b8811dbad473186b33a7c4b680ad7baab6c", 0x1000)
executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x52, 0xe8, 0xe5, 0x10, 0x13b1, 0x42, 0xdcc4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x44, 0x0, 0x1, 0x2e, 0xaf, 0xb2, 0x0, [], [{{0x9, 0x5, 0x81, 0x2, 0x3ff}}]}}]}}]}}, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x84)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_ext={0x1c, 0x1e, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000004000000000000000008000018110000", @ANYBLOB, @ANYBLOB="0000000004000000b7124fffffffffff54730400ffffffff18120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000b291000000000000b70200b70000000000000095000000000000007aee0f96a964c9849c8f1fb83237e00ca2ac7a51e698126e4e5894ea5395a87a8ecdc5df1b6550a90f5bad75c338bdb52cc87a0050771912f905acf178a9be0e11ed016d4f9488ef17b067473bfa6213d2b8551cb68ea385a3049d75"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0xcd, &(0x7f0000000180)=""/205, 0x41000, 0x51, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x5, 0x140, 0xfffffffe}, 0x10, 0x4564, 0xffffffffffffffff, 0x1, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000340)=[{0x3, 0x5, 0x4}], 0x10, 0x31, @void, @value}, 0x94)
socket$inet6(0xa, 0x4, 0x2)
setsockopt$sock_attach_bpf(r1, 0x84, 0x84, &(0x7f0000000000)=r2, 0xfeb2)
bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58)
r3 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000840)="baa035bfcaf6b5f2182d3b5050872b6064ca2db4971cef5858c82c9664cf5926a68d066e5aab8d701ea9fb9b8221a093718df80420f4e00dbfc2f8a8b47bad6e4d0b01b90f60f11a67a766a15d30ba7dde0789080e6e675f4779e11e48f7c52e0577ec91ef9e37b57305502ec59fadede73efe692148513e9c4330edc21d56", 0x7f}, {&(0x7f0000000000)='0', 0x1}], 0x2}}], 0x1, 0x0)
executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000000)={'lo\x00'})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005b40)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x20}}], 0x1, 0xc080)
executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
exit(0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
brk(0x400000ffc000)
r3 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
removexattr(0x0, &(0x7f00000000c0)=@random={'security.', '/dev/fuse\x00'})
ioctl$FS_IOC_RESVSP(r3, 0x80086601, 0x0)
fsopen(&(0x7f0000000000)='ufs\x00', 0x1)
r4 = syz_genetlink_get_family_id$ethtool(0x0, r2)
getsockname$packet(r2, 0x0, &(0x7f0000000380))
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000003c0)={'gretap0\x00', &(0x7f0000000440)={'erspan0\x00', <r5=>0x0, 0x10, 0x80, 0xdd7, 0x2, {{0x18, 0x4, 0x1, 0x9, 0x60, 0x67, 0x0, 0x2, 0x4, 0x0, @local, @rand_addr=0x64010101, {[@timestamp_prespec={0x44, 0xc, 0x9, 0x3, 0x9, [{@multicast1, 0x2}]}, @cipso={0x86, 0x40, 0x0, [{0x5, 0x11, "61853379342bf9bc837101084905ae"}, {0x2, 0x6, "9b2f6985"}, {0x7, 0x6, "29d6b434"}, {0x2, 0x9, "4107220cb4ea41"}, {0x2, 0x8, "5c99b53f102e"}, {0x1, 0xc, "434c36e509a5c1062086"}]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000600)={'syztnl0\x00', 0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000780)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xb0, r4, 0x20, 0x70bd25, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4}, 0x14)
unshare(0xc040400)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000040000000800000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x5, 0x4, 0x7, 0x0, r6, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000340), 0xffff, r7}, 0x38)

program did not crash
replaying the whole log did not cause a kernel crash
single: executing 5 programs separately with timeout 1m40s
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socketpair$unix-connect$unix-exit-syz_open_procfs-recvmmsg-prctl$PR_SCHED_CORE-sendmsg-sched_setattr-brk-syz_mount_image$fuse-ioctl$sock_SIOCGIFINDEX-removexattr-ioctl$FS_IOC_RESVSP-fsopen-syz_genetlink_get_family_id$ethtool-getsockname$packet-ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL-ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL-sendmsg$ETHTOOL_MSG_PAUSE_GET-unshare-bpf$MAP_CREATE-bpf$MAP_CREATE-bpf$MAP_UPDATE_BATCH
detailed listing:
executing program 0:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
exit(0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
brk(0x400000ffc000)
r3 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
removexattr(0x0, &(0x7f00000000c0)=@random={'security.', '/dev/fuse\x00'})
ioctl$FS_IOC_RESVSP(r3, 0x80086601, 0x0)
fsopen(&(0x7f0000000000)='ufs\x00', 0x1)
r4 = syz_genetlink_get_family_id$ethtool(0x0, r2)
getsockname$packet(r2, 0x0, &(0x7f0000000380))
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000003c0)={'gretap0\x00', &(0x7f0000000440)={'erspan0\x00', <r5=>0x0, 0x10, 0x80, 0xdd7, 0x2, {{0x18, 0x4, 0x1, 0x9, 0x60, 0x67, 0x0, 0x2, 0x4, 0x0, @local, @rand_addr=0x64010101, {[@timestamp_prespec={0x44, 0xc, 0x9, 0x3, 0x9, [{@multicast1, 0x2}]}, @cipso={0x86, 0x40, 0x0, [{0x5, 0x11, "61853379342bf9bc837101084905ae"}, {0x2, 0x6, "9b2f6985"}, {0x7, 0x6, "29d6b434"}, {0x2, 0x9, "4107220cb4ea41"}, {0x2, 0x8, "5c99b53f102e"}, {0x1, 0xc, "434c36e509a5c1062086"}]}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000600)={'syztnl0\x00', 0x0})
sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000780)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)={0xb0, r4, 0x20, 0x70bd25, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4}, 0x14)
unshare(0xc040400)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000040000000800000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x5, 0x4, 0x7, 0x0, r6, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000340), 0xffff, r7}, 0x38)

program crashed: lost connection to test machine
suppressed program crash: lost connection to test machine
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_xfrm-sendmsg$nl_xfrm-socket$pppl2tp-ioctl$SIOCSIFMTU-sendmmsg$inet
detailed listing:
executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000000)={'lo\x00'})
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005b40)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x20}}], 0x1, 0xc080)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$alg-syz_usb_connect-socket$kcm-bpf$BPF_PROG_WITH_BTFID_LOAD-socket$inet6-setsockopt$sock_attach_bpf-bind$alg-accept4-sendmmsg$inet
detailed listing:
executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x52, 0xe8, 0xe5, 0x10, 0x13b1, 0x42, 0xdcc4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x44, 0x0, 0x1, 0x2e, 0xaf, 0xb2, 0x0, [], [{{0x9, 0x5, 0x81, 0x2, 0x3ff}}]}}]}}]}}, 0x0)
r1 = socket$kcm(0x2, 0x5, 0x84)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_ext={0x1c, 0x1e, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000004000000000000000008000018110000", @ANYBLOB, @ANYBLOB="0000000004000000b7124fffffffffff54730400ffffffff18120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000b291000000000000b70200b70000000000000095000000000000007aee0f96a964c9849c8f1fb83237e00ca2ac7a51e698126e4e5894ea5395a87a8ecdc5df1b6550a90f5bad75c338bdb52cc87a0050771912f905acf178a9be0e11ed016d4f9488ef17b067473bfa6213d2b8551cb68ea385a3049d75"], &(0x7f0000000140)='syzkaller\x00', 0x2, 0xcd, &(0x7f0000000180)=""/205, 0x41000, 0x51, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x5, 0x140, 0xfffffffe}, 0x10, 0x4564, 0xffffffffffffffff, 0x1, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000340)=[{0x3, 0x5, 0x4}], 0x10, 0x31, @void, @value}, 0x94)
socket$inet6(0xa, 0x4, 0x2)
setsockopt$sock_attach_bpf(r1, 0x84, 0x84, &(0x7f0000000000)=r2, 0xfeb2)
bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58)
r3 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000840)="baa035bfcaf6b5f2182d3b5050872b6064ca2db4971cef5858c82c9664cf5926a68d066e5aab8d701ea9fb9b8221a093718df80420f4e00dbfc2f8a8b47bad6e4d0b01b90f60f11a67a766a15d30ba7dde0789080e6e675f4779e11e48f7c52e0577ec91ef9e37b57305502ec59fadede73efe692148513e9c4330edc21d56", 0x7f}, {&(0x7f0000000000)='0', 0x1}], 0x2}}], 0x1, 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$adsp1-ioctl$SNDCTL_DSP_SETFMT-ppoll-openat$audio1-write$dsp
detailed listing:
executing program 0:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x40000)
ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
write$dsp(r1, &(0x7f0000000280)="3f3ebf96496a790c1a90be2dc1f4f354874823223d84a059c0965274226d8615ef6db50148787dea82a0d6ceafba54d8a1bb4c021dae906675370cb828fb2b39d793815a60315f1a2c516b44fe84da111f9a24a265148ee0b345a915d7d651736563e62863e45a0ada9d51cf88eae940d2770cc5892be40bde7cb251be69ed71fc48f9df1574b43fd4b8782fc9c9512f34a1df4cf795c4df2145a82d24733685caa2c47a7f191d4dfdb6d16cdddfb3183687b4e8800895566e1e90a21b3d24a382c617104bf4bcdab75edd04d849680d079bed2daa190c23489bcb8f705fdd2195f6abe775ea3f8d280c5875afd303816fbedc65b9859964b6ffbb7fc4f702abeb03adc885e85752144a76ba9504848be70f4d7cd865dfe7495345791ed721c93f9d17b4a78a9b3e3f467adabf03efac22dd1d78151e4845dacceffc1cb1b42f4482f2d251649a9d5af02697b7a1b0abb808f6cb75c22f7bcfd92668672e75c1edf39ca05737def4d603abd0358e4e129af84062fd64401530f00304e6ec889507aeec17a5311e3aa426f805a8a92518176dfd0a32297cda2a7fb693c81bfc5cdcae8ea131d1411144308106666e5be8f56ea8b3ff8c28b09e9773c8085c5392a4750cced5202228261bc00765c30f0b5caf4438a3157764c3d3bbeb82c5265dd82f40a95b33d08e569cc79465e85e8c8bf15952ac6493147e007d19d79935a44061621f73aca555d2e142dcd6f356c86e70b8b577c81c93acc0509819dbe268e579761e9155fe74a969d14197ac7b552307acaa547d967685546530b7c6ad617c8e12d46e8bb281442de856e02b965c41cf1c9479ccee57b694aa531ad505efea789f3f36eecf490b8d06e75d5b83fc091116da24f7909f8a2877ce3dbba33e804ff988da7a4ec3b506beb2bf3ac52a5153b10ac636979472b1df2100d3e3fcab98c85e3b9143a82c95c3b517a32c1cf60150f4b6c0b1f557ed4659dcb8e2c14bdb960b985996024ef067fcb3f29c2609b03a95faba2c01a5d86d7f7152340c54568e5aac57554b1d3c0385b4d3f45afeb77b373e2012f2d3ffcaec079b6e282f506cd96bcab291ca506c5bf88bb26c2cf449e2270902147462835d19fb96d98e858003aa33a3d3f28ac428e182e8e903d2a621389d78470f75f942a175cd104cceef2295930bbf83deca1403bb471c1f59f4cc5a07ef6980ffacad4de3d7825fef97a27dd01e02a12c4e3f589f61edff38f577a515d6189d500724bf7f25c39921c6be65c036d0e5050237d12d68c61c9ec80fa722bf288fa503da63746a0aac4326026e61d3f185984896c2b07f9c04a2643d216b0c128152fe2be48d641a1093a2a82b94b488f802bd7ce72bcb7db98b3e9470d96ec6f352f54de83b87a3d5f6c8e0c619f5d0279edd1629966b4c795160c08329327fcad3cfcca0b12fd1098d58ad09803257235505305a63846397d7036b65937a50283e1874b74c1d57e238c31e034931292f346ae8212906f388d3be2319219767a7ad7547ee07e0c119437b0254092bcfe4d70a5f2bff015901a6219c8629a88abf01f7a1ae3960877d82796878ff5dc14ac3db83a0a3ac45f217a40e6b9964cbc2f2c5681b3a074666755786cca48980826f929ed03ad448ca46cb1a3cfb37bb254a35bafd7e8ee5552e72369a5aa4035677fbe405fad0abd9c9d89fce5cb88a862fec636cc8a06915a4e19a2cf1b517a0883a5c8667896d2b276dc6a0bc333fb070d0fb388b6a4bcdb314190ebe9c24cdb105b487ae65d8f786008e175ead678207bfdee90c9316e541b09b51c6d25e148d89e76fcdcd26d259820e6dba7589446aafe2e93c24d03f2de39cc5fc96c9418f3acc67537327071dcdbdd92f4bd7019db4dc3b56355b49172d6a7b6e6cb4a3aa322a1be262df78947bba2367fbffceaec411fb992831a96d7f8d6638ba72da2c5cf02c61a58c7cc765a0717b13d124ce21f57e367c3acb721b4f420f6d5755871ba7ea04240a190d968f2345eb99f67cb133139e4a2017ba6861ae48bbbb99ef5f3976459aae3e49facd3e89c32503032548c7dc7c309a706c5670ed5f5ab7d56f4502ceb69fa20a1b87b002095268a8acf9dbab2a238ff2e5d287d68d1944b3a7a128a05186e995c2bb3ccee72bc9d08b6929f2b9111c1d886ff0ea503200ca9d828f69a897b9497ed1075ed953b113b86d74d4e7deba7501ada321436d8c02e6970db5bade5c7ec1547534c3891b36dd2307eef6481dcffd94d7ce007375dfb3dd73a6a2aeaca9d8b094aeed37887376d3dc4bb46b6cd142843a56be1f55d4df1e747ffdbf08add9e520e089e3b1f3a1143d4ab887c43fe668eaa3a443068fb6421e8529050d89963570da761404cbcf09aecac53d4d9510eb984f14cf7100dbdc3315f84cc63956ef8a56d27bbc91910d72d6cc1831b7b273cc9b4b0ee8df86c5ec73226e483f7fd7efd5b8214c7c3d8a7f09151d14f990e82b3a838cc2fa467d34aff4f5695b0d22cebf92b2647a6ea520b785a7b45ccb5d15e0d13ea3c5b49163fa9e92dbf4bd56cca975d662ec2d0a4a2fd2bd3c9ae4abc2bc757adceb6f3fd5fe421305273ba26ad761f4de5dfd1f22780087917097d0131158903b20eb65d26dc7edcf1d5e14f38435827a35be9de906bd87ef5d452a77660d02c5115be6a0aa7287c5eee0af3fafe0038904b6c85b994f3dedec499ee1b7aaca73ebbf0867b072bfa492fdbf98357aa6e0bb6bf29954e0731c3bf412a3dd8f1abf37f6eaec11aa3dd2c94f3452944ee37e3511d6765b46a1ba46c6bc2845c9ada71981bd6e176348e0965824efdf6d6fdc09d404fc69aeede1648ec2e65d2d0ea96823288ea4132e2aab89b32d17d47909732e5a1c7fd00cb0d2bcbb6b897a2ca1c4b3e4eaba66c4f1af2909e6d905d441c80e7c6ee02a3903474b2e432b032cacd2322fd800ce75c7582195adcc0fdd2288e54bea0021d105eaf9c378f7f1a5a786fe26bf74feea1c542bd39efa3d2260c68914578b7fe30b578c4fff43b7364d18b74d06929e76d16e2e4c8851babf157e7fd0bb88882cfcc79c84d1821d6c056f9bc47d1577abbbaf40bed2a441c500500fc6f75ef98f8fa226d48e99a8ef869498de983b028d1cf5eb88c19115188d350ad235a07c160f144d8a8a10b3a3b75d548656741a4f4f932be79db1287aa0482dbe08279e2888c6ff42c7942274fe934cf38a266fbc767899ff9c5d7132d97871d2f353e261c33b97210342e74679e450617014cb974506c247123e0437bd32d125bbb7d3977ca323f6a532e7eeb4c78efbef904f7378831f3a04fc4c50a8e95db138ee1de36e58404dcf3159d1d869061afbdff58b2c120dc7830aa9551f152c1fdd451bb347e7b241b37038e1e81558ed0ef51d5ad8c9ae59f8741a1a237a22027cd950da11b619f109fdcc96aa85bd54cefd9c8d533869065b3276fcc9038ebe3c7e9d091c537f53d02b357ce6ecb6e133be4cc8adeeb61959c31b2324443182e555c3f2ea611f63eece94da2ae91cab7ca7274105efc48c3a6a133ca86e26b020a6b2083c98310d9f477b9c665f51946f7ae643ba85869878413a032f6a85e6476a998cf76a8a3ddd2c773069d0625de39d91b52a136fe9b65126657c8bbbc7bdb6b686de0cc3ea8ddbebab503ff0403c1f00b32ed4c712d513a1c4f788cc8b659e7d31d807450697310af6b8cb12ec564c1c488ff70c6d64a3aa624507c32399cbeba55ee9ce7951fd364b19d3fa16d944090c6271f1981ab94579aaf691c6ce392e21a223f7f284fca0c6ed55aafb024b4e1832324bc7bd18dbef1f90d0a854f0cfa2784dfce1fe4cd81e83c8294e323b69b95e48261e4e0d4e95436f000d6cb2a157203a3db65d11fa693bdc91371583cb956119aea7b5a88daa59a9b9d73404d32408a273950f58d719ac4332a4c698526eb77d5704b2e00d7ced752648f3690a76e5e15a14312131c197c8491d224af8b681e3f24bcff244056674a298fe5fb4a0ca779dfafa69f5ddc2d012123bd706051a09f3609bb6558bf47dfef967db47887a2e178fa6f887a057447c56b1d45af4a97207e2630963e46e2a9e054038addf8426190fb04cea244795683338656330ac2030e0b75534f47eebf8b6ceaddc85b0866796cb02a7f94138f281561eada7a5c15efbeed14c49b04a07e3e9202ebc7072801bf817eab45825aacb874a7cfbb586157feca8a2f834afe707934eeeb1a11089da8f87ef36ab9b5d0f038a0d7a21ce93362b782b1de35dde0e10655edc4c7b0ab7a5813e382f17fd87d4d092265c71a8cfc88655a01c3b016f2363a26ec137d0272fe75df369a35659063f31b8659cfab3d84d445606c84a2e73e53ce218a046e11a63cd6eee83201e3f26a1b9908e04d8640ea69d4ce98132b8eee0439e4c1792a81752bcea45126d744e1f020e00c68fd1e1fbb70add2bc4c04b61515e33b0e40fdb3acdb4d18781a3d1eed8f3f30fcf60d6b166af035c25eaeeeb413d6f0bbdbba20185336f2c35d5ce610a5a77993daa6cc69f820dc3571fd44f85afeac7f62df8c70515c2375d2f0669beb47ce0e5bfa3792fbb1c49449772efdae483ff667d22f4bccb2ec6c14c9d5b512392a9a493d401992d3d612c4932abaf9e18c01832cc3e19738e59e1595f7d900f9742c8d081715dc900c05278a3720a745853a71ba1a4d868468a34aa8c1d00b6e7551f357d7da06369b0c30ca89752f3a25358c5d2b68032970060b23f7b9dfcc648fc89a80d2617a75a5423134aaa5b042414313b2752e17f8d47cb0b5c97c0f550c973b5943f31108d05d77fc504e36814f8b102a3937f53fa4d0eb901e234517f7fd653e0a142576985e15772b84f91ee0a3856b47437c21598fdf1f4064b30cfa773112df502316994111d57db3971073f36310c1de4ff63752c79c8f8f7b7cd2b0090dd362fb3c87796dde5ede4cd8b9131a9c7c1c5245081a9fba39cfb1564b6bcb11772a7c3e4946e28220bd78a2974a73ace42d21fbeb84af6d95070fc14aee97e15ef637a724301881bed0390b33be0bb35ca8373cc479cf59f279089d73f4fbd99d888504d1d82993ebe1140c1e4a624b3283cc079b34d1a22b82087d87ed0f1f09ade10a610c5101cc719077eed7ec8e03d3e152f2f24b63aa61b04d3ed9a86dc438ee2efb0ab6d7a1dce911c7fb0d1a8fde2886a934509372aa1de1cec45f658a95bca826e334b9c19837b3299e3a3c2cf246276a9ac8211034654695318dff4005db8f5ce87dd34925262c377bec6cd183b159fdde3301f65dbff01d82132e917fb0fc324c08dcb262ca79bdd063a5d9207b7346b4985b5d9e1f49cec67e21077c4224a3b70953ce00b06d31f58bd374ae2d4f9ba63cf337d8370c8d3e16dd951509677de8c997c893b38f241a7b0842ab29ad8a2496b46d06ae47572df59ebf1e6ccb863ba8ccf84aa8ff05462437965074e1199bbddea6151bbe555b9a8bee1659decc2e6f9c9c0d1e19f0b4a0f0a632937f1ff6f42a12c5f5cd04f6eef26a93dfe68a8d396c0aeff6facee8e3f5f45891816993dc86e310524b052fd2d710b67934b773cdd5b2bcdf436e1bffc768b415b2a34aeaee998e0cb77bc41f1cada767eb699bcf62c6c076b699b8f3f32d57feb00c0d9e375f488a22c372d5305ff28c81b765ca83502cdf0f8b3dac5c5686bf55cd2ddc170ff78ab277231e7db9fe9703d15c3bc3d056acffed5431b57473ad9ba482c649b8811dbad473186b33a7c4b680ad7baab6c", 0x1000)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program crashed: stack segment fault in __usb_hcd_giveback_urb
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_disconnect(r1)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
syz_usb_disconnect(0xffffffffffffffff)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000680)=ANY=[], 0x0)

program did not crash
testing program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
detailed listing:
executing program 0:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000ad183840f30c0210"], 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=1m40s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
simplifying C reproducer
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:namespace SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program crashed: stack segment fault in __usb_hcd_giveback_urb
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:true UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:false Swap:true UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program did not crash
testing compiled C program (duration=1m40s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:true Cgroups:false BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_usb_connect_ath9k-syz_usb_disconnect-syz_usb_connect-syz_usb_disconnect-syz_usb_connect$hid
program did not crash
reproducing took 1h18m19.188539903s
repro crashed as (corrupted=false):
Oops: stack segment: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 5873 Comm: kworker/0:3 Not tainted 6.15.0-syzkaller-11061-g7f9039c524a3 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events request_firmware_work_func
RIP: 0010:__queue_work+0x9e/0xfe0 kernel/workqueue.c:2256
Code: 8b 1d de 93 11 11 31 ff 89 de e8 fd 95 35 00 85 db 0f 85 fc 0c 00 00 e8 b0 91 35 00 49 8d 97 c0 01 00 00 48 89 d5 48 c1 ed 03 <42> 0f b6 44 25 00 84 c0 48 89 54 24 08 0f 85 44 0d 00 00 8b 1a 89
RSP: 0018:ffffc900000077a8 EFLAGS: 00010002
RAX: ffffffff818ac930 RBX: 0000000000000000 RCX: ffff88802f2a3c00
RDX: 00000000000001c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000038 R08: ffff88807e3a3bf7 R09: 1ffff1100fc7477e
R10: dffffc0000000000 R11: ffffed100fc7477f R12: dffffc0000000000
R13: ffff88807e3a3bf0 R14: 0000000000000008 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125c5e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005645b14fb168 CR3: 000000000df38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 queue_work_on+0x181/0x270 kernel/workqueue.c:2392
 __usb_hcd_giveback_urb+0x41a/0x690 drivers/usb/core/hcd.c:1650
 dummy_timer+0x862/0x4550 drivers/usb/gadget/udc/dummy_hcd.c:1994
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x52c/0xc60 kernel/time/hrtimer.c:1825
 hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1842
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 do_softirq+0xec/0x180 kernel/softirq.c:480
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:407
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 carl9170_usb_stop+0x170/0x220 drivers/net/wireless/ath/carl9170/usb.c:783
 carl9170_usb_init_device+0x6f5/0x840 drivers/net/wireless/ath/carl9170/usb.c:960
 carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]
 carl9170_usb_firmware_step2+0x9f/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028
 request_firmware_work_func+0x105/0x1c0 drivers/base/firmware_loader/main.c:1170
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__queue_work+0x9e/0xfe0 kernel/workqueue.c:2256
Code: 8b 1d de 93 11 11 31 ff 89 de e8 fd 95 35 00 85 db 0f 85 fc 0c 00 00 e8 b0 91 35 00 49 8d 97 c0 01 00 00 48 89 d5 48 c1 ed 03 <42> 0f b6 44 25 00 84 c0 48 89 54 24 08 0f 85 44 0d 00 00 8b 1a 89
RSP: 0018:ffffc900000077a8 EFLAGS: 00010002
RAX: ffffffff818ac930 RBX: 0000000000000000 RCX: ffff88802f2a3c00
RDX: 00000000000001c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000038 R08: ffff88807e3a3bf7 R09: 1ffff1100fc7477e
R10: dffffc0000000000 R11: ffffed100fc7477f R12: dffffc0000000000
R13: ffff88807e3a3bf0 R14: 0000000000000008 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125c5e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005645b14fb168 CR3: 000000000df38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	8b 1d de 93 11 11    	mov    0x111193de(%rip),%ebx        # 0x111193e4
   6:	31 ff                	xor    %edi,%edi
   8:	89 de                	mov    %ebx,%esi
   a:	e8 fd 95 35 00       	call   0x35960c
   f:	85 db                	test   %ebx,%ebx
  11:	0f 85 fc 0c 00 00    	jne    0xd13
  17:	e8 b0 91 35 00       	call   0x3591cc
  1c:	49 8d 97 c0 01 00 00 	lea    0x1c0(%r15),%rdx
  23:	48 89 d5             	mov    %rdx,%rbp
  26:	48 c1 ed 03          	shr    $0x3,%rbp
* 2a:	42 0f b6 44 25 00    	movzbl 0x0(%rbp,%r12,1),%eax <-- trapping instruction
  30:	84 c0                	test   %al,%al
  32:	48 89 54 24 08       	mov    %rdx,0x8(%rsp)
  37:	0f 85 44 0d 00 00    	jne    0xd81
  3d:	8b 1a                	mov    (%rdx),%ebx
  3f:	89                   	.byte 0x89

final repro crashed as (corrupted=false):
Oops: stack segment: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 5873 Comm: kworker/0:3 Not tainted 6.15.0-syzkaller-11061-g7f9039c524a3 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events request_firmware_work_func
RIP: 0010:__queue_work+0x9e/0xfe0 kernel/workqueue.c:2256
Code: 8b 1d de 93 11 11 31 ff 89 de e8 fd 95 35 00 85 db 0f 85 fc 0c 00 00 e8 b0 91 35 00 49 8d 97 c0 01 00 00 48 89 d5 48 c1 ed 03 <42> 0f b6 44 25 00 84 c0 48 89 54 24 08 0f 85 44 0d 00 00 8b 1a 89
RSP: 0018:ffffc900000077a8 EFLAGS: 00010002
RAX: ffffffff818ac930 RBX: 0000000000000000 RCX: ffff88802f2a3c00
RDX: 00000000000001c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000038 R08: ffff88807e3a3bf7 R09: 1ffff1100fc7477e
R10: dffffc0000000000 R11: ffffed100fc7477f R12: dffffc0000000000
R13: ffff88807e3a3bf0 R14: 0000000000000008 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125c5e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005645b14fb168 CR3: 000000000df38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 queue_work_on+0x181/0x270 kernel/workqueue.c:2392
 __usb_hcd_giveback_urb+0x41a/0x690 drivers/usb/core/hcd.c:1650
 dummy_timer+0x862/0x4550 drivers/usb/gadget/udc/dummy_hcd.c:1994
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x52c/0xc60 kernel/time/hrtimer.c:1825
 hrtimer_run_softirq+0x187/0x2b0 kernel/time/hrtimer.c:1842
 handle_softirqs+0x283/0x870 kernel/softirq.c:579
 do_softirq+0xec/0x180 kernel/softirq.c:480
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x17d/0x1c0 kernel/softirq.c:407
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 carl9170_usb_stop+0x170/0x220 drivers/net/wireless/ath/carl9170/usb.c:783
 carl9170_usb_init_device+0x6f5/0x840 drivers/net/wireless/ath/carl9170/usb.c:960
 carl9170_usb_firmware_finish drivers/net/wireless/ath/carl9170/usb.c:999 [inline]
 carl9170_usb_firmware_step2+0x9f/0x240 drivers/net/wireless/ath/carl9170/usb.c:1028
 request_firmware_work_func+0x105/0x1c0 drivers/base/firmware_loader/main.c:1170
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x3f9/0x770 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__queue_work+0x9e/0xfe0 kernel/workqueue.c:2256
Code: 8b 1d de 93 11 11 31 ff 89 de e8 fd 95 35 00 85 db 0f 85 fc 0c 00 00 e8 b0 91 35 00 49 8d 97 c0 01 00 00 48 89 d5 48 c1 ed 03 <42> 0f b6 44 25 00 84 c0 48 89 54 24 08 0f 85 44 0d 00 00 8b 1a 89
RSP: 0018:ffffc900000077a8 EFLAGS: 00010002
RAX: ffffffff818ac930 RBX: 0000000000000000 RCX: ffff88802f2a3c00
RDX: 00000000000001c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000038 R08: ffff88807e3a3bf7 R09: 1ffff1100fc7477e
R10: dffffc0000000000 R11: ffffed100fc7477f R12: dffffc0000000000
R13: ffff88807e3a3bf0 R14: 0000000000000008 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125c5e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005645b14fb168 CR3: 000000000df38000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	8b 1d de 93 11 11    	mov    0x111193de(%rip),%ebx        # 0x111193e4
   6:	31 ff                	xor    %edi,%edi
   8:	89 de                	mov    %ebx,%esi
   a:	e8 fd 95 35 00       	call   0x35960c
   f:	85 db                	test   %ebx,%ebx
  11:	0f 85 fc 0c 00 00    	jne    0xd13
  17:	e8 b0 91 35 00       	call   0x3591cc
  1c:	49 8d 97 c0 01 00 00 	lea    0x1c0(%r15),%rdx
  23:	48 89 d5             	mov    %rdx,%rbp
  26:	48 c1 ed 03          	shr    $0x3,%rbp
* 2a:	42 0f b6 44 25 00    	movzbl 0x0(%rbp,%r12,1),%eax <-- trapping instruction
  30:	84 c0                	test   %al,%al
  32:	48 89 54 24 08       	mov    %rdx,0x8(%rsp)
  37:	0f 85 44 0d 00 00    	jne    0xd81
  3d:	8b 1a                	mov    (%rdx),%ebx
  3f:	89                   	.byte 0x89