last executing test programs: 42.737187603s ago: executing program 3 (id=1878): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x400}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3000003, 0x200000006c832, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 41.402773309s ago: executing program 3 (id=1882): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f00000066c0)=[{{&(0x7f0000000180)={0xa, 0x4e20, 0x1ff, @loopback, 0x12b6e182}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000f80)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000f00)=[{0x0}], 0x1}}], 0x2, 0x24000045) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mknodat$loop(0xffffffffffffff9c, 0x0, 0x1000, 0x1) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x10040) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) sendfile(r2, r1, 0x0, 0x2) 41.218961987s ago: executing program 3 (id=1883): pipe(&(0x7f00000000c0)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x80, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='timerslack_ns\x00') write$tun(r1, 0x0, 0xfce) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYRESOCT=r1, @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2) readv(r3, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x34, r5, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x21, 0x0, @l2={'eth', 0x3a, 'ip6gre0\x00'}}}}}, 0x34}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) unshare(0x62040200) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x20000000) r6 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000080)=0x80000003) r7 = dup2(r6, r6) read$FUSE(r7, &(0x7f00000063c0)={0x2020}, 0x2020) syz_fuse_handle_req(r7, 0x0, 0x0, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) 38.397665475s ago: executing program 3 (id=1900): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffc, 0xfe, 0x1, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000880)="5ca86304000000f0099af29e96c8d42bf351039697e1d4c1d8edc7399bed9c4584dd57963ddceee7af02f304286e50ffc3e59e635cf000000081f8ac2e86da524ae2ad5deb90ac06b044097359492e6fa240fc9d250c5ff8d080e2659439694cd1ecc032b04249a12c0d69e173f387a090b59226e9804aa251ed0c76014cf17b90f39e40a0389b9fc3644415bb6861be988e7af22fb4d27f3eb4a7c82698fd23a2015f954fb3e9c2b4629ec47b845de19989a6b38b0b6e26c74a680d6f04222f7fd8b490d59e132d5a52c398ff819b237f4a684bd42527f0694996bc7112497cdc9f33fdf2130a7d31f2da822d3ca832ba3100"/254, 0x0, 0x6, 0x0, 0x3, 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r3, 0x0, 0x0, 0x200000000}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)=0x7) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20) openat$adsp1(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r5, 0x40184150, &(0x7f0000001600)={0x0, 0x0}) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2125099, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 36.949439279s ago: executing program 3 (id=1906): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f00000066c0)=[{{&(0x7f0000000180)={0xa, 0x4e20, 0x1ff, @loopback, 0x12b6e182}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000000f80)="ea", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000f00)=[{0x0}], 0x1}}], 0x2, 0x24000045) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) name_to_handle_at(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x10040) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) sendfile(r2, r1, 0x0, 0x2) 36.242585547s ago: executing program 3 (id=1909): r0 = socket$packet(0x11, 0x2, 0x300) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x20000100) shutdown(0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x80}}, 0x4814) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[], 0x32600) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1e0, 0x194, 0x194, 0x1e0, 0x194, 0x3, 0x0, {[{{@ip={@broadcast, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f00000001c0)={'ip6erspan0\x00', {0x2, 0x4e24, @multicast1}}) 35.330730001s ago: executing program 32 (id=1909): r0 = socket$packet(0x11, 0x2, 0x300) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x20000100) shutdown(0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x80}}, 0x4814) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000200)=ANY=[], 0x32600) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x208, 0x98, 0x8, 0xfa04, 0x98, 0x6c02, 0x1e0, 0x194, 0x194, 0x1e0, 0x194, 0x3, 0x0, {[{{@ip={@broadcast, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'batadv_slave_0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x268) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f00000001c0)={'ip6erspan0\x00', {0x2, 0x4e24, @multicast1}}) 11.716249363s ago: executing program 1 (id=1966): socket$rxrpc(0x21, 0x2, 0xa) syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xa) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x141083, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_INTERFACE(r1, &(0x7f00000001c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x40008d0) r2 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c00000002030300006b000000000000000000000800010001000000443c398d35a0c61c2d6868a38f1046400430e69b5d71be50d7e00ee08c90484c9cd5337f0f3d9bd154762641572a3d575386c3db96ba866679fad1c7a8893ef464105a770f37a86f738844bc86e9a062cb2300065040c9fcaceb183b7d176884fe3181ee33fe00cd9aa9c67a36439332"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x4001, 0x3, 0x2b8, 0x180, 0x0, 0x148, 0x0, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x88}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) 11.224611319s ago: executing program 1 (id=1969): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000a536ee82a03b9af56799f3ca5d3329438fae0474893eb0f5e64bcc87c017aff404d3ef99ef8d717d01bcc0252a100c57ae1b76a394c91cb3cb3bceaff9470301bc85595731a60f0aa45290d674841168af1cab4693f58ae4dc4220f865c8db3298b500"/133], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r1, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000680)={r0, 0x20, &(0x7f0000000380)={&(0x7f0000000280)=""/53, 0x35, 0x0, &(0x7f0000000580)=""/227, 0xe3}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=r2, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, r3, 0x0, '\x00', 0x0, r0, 0x1, 0x5, 0x3, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1d, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x19, 0x76}, [@call={0x27}]}, &(0x7f0000000040)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x20, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 10.98114548s ago: executing program 1 (id=1970): openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000003c0), 0xc0001, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000000400)='{', 0x1}], 0x1) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socket(0x10, 0x3, 0x3b7) r3 = dup(r2) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$6lowpan_enable(r3, &(0x7f0000000100)='1', 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) shmctl$SHM_STAT(0x0, 0xd, 0x0) r4 = memfd_create(&(0x7f00000008c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f0000000840)={0x2, {{0x2, 0x0, @multicast2}}, 0x0, 0x3, [{{0x2, 0x0, @multicast2}}, {{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x4e21, @empty}}]}, 0x210) syz_emit_vhci(&(0x7f0000001e00)=ANY=[@ANYBLOB="2136077dfa7a74abaaaa"], 0xa) ftruncate(r4, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xf, 0x2012, r4, 0x2000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) sendfile(r4, r4, 0x0, 0x80000000200001) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0xe) ioctl$TCFLSH(r6, 0x540b, 0xfffffffffffeffff) connect$inet6(r1, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x19}, 0x7}, 0x1c) ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000001e40)={0xa0f, 0x7, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) pselect6(0x40, &(0x7f0000000040)={0xc, 0x1, 0xfffffffffffffff3, 0x0, 0x0, 0x0, 0x400000000000, 0x400}, 0x0, 0x0, 0x0, 0x0) 9.324991741s ago: executing program 0 (id=1974): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_io_uring_setup(0x893, &(0x7f00000003c0)={0x0, 0xaee1, 0x400, 0x0, 0xb}, 0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001400)={0x0, 0x0, 0x0}, 0x0, 0x40000000, 0x1}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='nr_inodes=M']) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) io_uring_enter(r3, 0x5361, 0xfffffffd, 0x2, 0x0, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000600)={'#! ', './file0'}, 0xb) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r5, @ANYRES16=r5], 0x48) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x50009405, &(0x7f0000001440)) io_uring_register$IORING_UNREGISTER_BUFFERS(r5, 0x1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0503000000000000000007000000"], 0x1c}}, 0x20000000) r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDCTL_FM_4OP_ENABLE(r8, 0x4004510f, &(0x7f0000000280)=0x8) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x80, 0x0, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x14}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfc1}]}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x40041) 7.695006572s ago: executing program 0 (id=1977): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r2, &(0x7f0000002a80)=[{&(0x7f0000000a00)="1b", 0x1}], 0x1) splice(r4, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x80, 0x6) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48) write(r3, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8) sendto$inet6(r5, &(0x7f0000000700)='|t\'', 0x3, 0x200088c5, &(0x7f0000000a80)={0xa, 0x2, 0x1000, @empty}, 0x1c) sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x44800}, 0x830) shutdown(r5, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) syz_clone(0x80048080, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_usb_connect(0x0, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001b3ebd40d80483009c00010203010902290001000000000904000000020201000502000000"], 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6300249d020000000100", @ANYRES32=0x0, @ANYBLOB="15440100438104002c0012800b000100697036746e6c00001c000280060011004e2400000600100028ab000006000f0002000000"], 0x4c}}, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0x13) write$binfmt_misc(0xffffffffffffffff, &(0x7f00000000c0)="e752237d89f7e14cf5ecee7ee590ae2b3719736b1c65fc24ead340869e9a5ca4971c31b0bf203cce10af7a", 0x2b) 7.199737227s ago: executing program 5 (id=1981): openat$smackfs_ptrace(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000220edf104c05c10687c201020301090224"], 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'}) r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x44}}, 0x0) 6.320603834s ago: executing program 4 (id=1983): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/protocols\x00') preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000b00)=""/152, 0x98}, {&(0x7f0000000340)=""/204, 0xcc}], 0x2, 0x7000000, 0x3) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000380)={0x51b78582, 0x7, 0x10, 0x6, 0xfffffffb}, 0x14) 6.009678889s ago: executing program 4 (id=1984): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000000000010941200000000010902240001000000000904000011129e9400092100000001220800090581030000000000000000"], 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) (async) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x18000, 0x0) (async) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) (async) r4 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r7, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x11, 0x86dd, r8, 0x1, 0x7, 0x6, @broadcast}, 0x14) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f00000002c0)={'ip6gre0\x00', 0x0, 0x4, 0x80, 0x8, 0x5, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @private1, 0x7, 0x0, 0xfffffffe, 0xfd}}) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={0xffffffffffffffff, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000380)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0], 0x0, 0x7f, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x2b, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) (async) r11 = socket(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000500)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000029c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r13, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x7f, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x8001, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) (async) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000580)={@local, @broadcast, 0x0}, &(0x7f0000000700)=0xc) (async) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000740)={'wg1\x00', 0x0}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000780)={'veth1_to_hsr\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000007c0)={'team0\x00', 0x0}) (async) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000880)={'syztnl2\x00', &(0x7f0000000800)={'ip6tnl0\x00', 0x0, 0x29, 0x81, 0x1, 0x6, 0x10, @mcast1, @empty, 0x10, 0x7800, 0x5, 0xd89d}}) (async) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000008c0)={0x0, @multicast1, @broadcast}, &(0x7f0000000900)=0xc) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000009c0)={'gre0\x00', &(0x7f0000000940)={'sit0\x00', 0x0, 0x7, 0x10, 0xfffffff6, 0x7, {{0x12, 0x4, 0x2, 0x8, 0x48, 0x67, 0x0, 0x9, 0x29, 0x0, @rand_addr=0x64010102, @private=0xa010101, {[@ssrr={0x89, 0x13, 0xa4, [@multicast2, @dev={0xac, 0x14, 0x14, 0x23}, @multicast2, @empty]}, @generic={0x0, 0x8, "9f76138b6b78"}, @noop, @generic={0x89, 0x9, "1778b1181ab82c"}, @timestamp_addr={0x44, 0xc, 0xcf, 0x1, 0x9, [{@remote, 0x6}]}]}}}}}) sendmsg$TEAM_CMD_NOOP(r3, &(0x7f0000001080)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001040)={&(0x7f0000000a00)={0x628, r4, 0x8, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r5}, {0x16c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x1ac, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x3, 0x1, 0x7f, 0x401}, {0xae4, 0xb, 0xb, 0x1}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x58ab}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r15}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r16}}}]}}, {{0x8, 0x1, r17}, {0x1ec, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x100}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x28}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r18}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}}]}}, {{0x8, 0x1, r19}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r20}}}, {0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x108, 0x81, 0x6, 0xffffffff}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}]}}]}, 0x628}, 0x1, 0x0, 0x0, 0x8000}, 0x24008001) inotify_init1(0x0) r21 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r21, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) (async) socket$pppoe(0x18, 0x1, 0x0) 5.900936709s ago: executing program 1 (id=1985): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000b00)=@newqdisc={0x88, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xa}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_STAB={0x48, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1a, 0x1, {0x6, 0x9, 0x0, 0x0, 0x2, 0x0, 0x80000000, 0x1}}, {0x6, 0x2, [0x0]}}]}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}]}, 0x88}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendto$inet6(r2, &(0x7f0000001f00)="d2670398de705864e8ca71c308cb536351f2d786e9488801912db96721d982701f0aedeb31df61c3f82ed37af8c3a61701bcf12a9a33a1f4408a627188946de67deca8e9301eb5c4a72088b8960718f57333a361b2becf80cf9f3139d5683f6c9466486bc1657b91d785511b2792696650f8390d42d912282799c3c7a22bb932525ef761443184e8bea1c2914c2e40cb67a0dc9b80e68b10974256216e36d6b40d66cd8f8580322ca08dbe7abcd06116", 0xb0, 0x8000, &(0x7f0000001fc0)={0xa, 0x4e20, 0x8001, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0xffff0ac2}, 0x1c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001ec0)={&(0x7f0000001e40)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001e80)={&(0x7f0000004080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x1c, 0x6, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELRULE={0x16d4, 0x8, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x9}, [@NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_RULE_COMPAT={0x1c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x88}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_FLAGS={0x8}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0x24, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x80f3}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2c}, @NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFTA_RULE_EXPRESSIONS={0x1648, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SIZE={0x8, 0x5, 0x1, 0x0, 0xe}, @NFTA_BYTEORDER_DREG={0x8, 0x2, 0x1, 0x0, 0x4}]}}}, {0x150c, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x1500, 0x2, 0x0, 0x1, [@NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_CMP_DATA={0x22c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFTA_DATA_VALUE={0x12, 0x1, "729cd5a2c908bfdcaa65361afdd8"}, @NFTA_DATA_VALUE={0x40, 0x1, "06370f52a69f490c12256be0811427dcdcfe6dfde8f7f5f6e57de6eeeafb404c06043255a6ecbb0c895706262fd9cf6742ac8fa6db084dfb3dbcbc65"}, @NFTA_DATA_VALUE={0x6a, 0x1, "a53407617fd47fa0f6ce2b021075dc4f5234c96258977ed91507245f9388a3c42f51fec01ca8d7ebcde5b44b90acbe424580569fe6da51036679b8a23ec10b55791064a2d509702a504b5311bf6270f7d67fd822ea8f8e60effd48f73be798f5b43fd8289152"}, @NFTA_DATA_VERDICT={0x1c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}]}, @NFTA_DATA_VALUE={0xeb, 0x1, "9ce48e97656686065a28998bf27fcf8ac5add05e39b40cf9fcaed4cb36be380d0e4cb049c5fc5833a3297fbeaf21614e986a52bed23e6b12b5ed79c3acd4c37313a643082bb84cc7ffa0fba94cb054fde19dd539062ba1278fd5ed97406b9270b8bd340b8d32dbbec8ad4ae17c380cb6df59d02444b73909c80c2b690e2c2322180c1555af7361c2e350ecf3acf008caa3ee50e8d506ec42a6568d3bd7ff203b8a9d433afe9d30e4a2331e7922570c9c305e006ef0efd2e4520368b5426ad42cfd07ddd396d46e4636ff02d2bb7ac370b2d86377dd271737c2b701e50ab3758d768e26e17527d3"}]}, @NFTA_CMP_DATA={0x12c8, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x27, 0x1, "75c620a95b7d16cee4f93ab1c00588687854564188353390fc65fe7578b5b538d1ef60"}, @NFTA_DATA_VALUE={0x6d, 0x1, "3c0a93a2282407deabc0df93febdabbc096e804861c6ecea1df9ecaa454a9afb422aa0d71cbfdcc017dbc90b5fdca69233a297b0de92807a9349a222007b0f98f8cc5cd00c802ce7d69ac44d6f6837f3ed1f1c36880bc730d1e02ffbe37ea457af179636e41d25d9ab"}, @NFTA_DATA_VALUE={0x1e, 0x1, "b2cab31a3f488ef98d2a7d8c506030e039e4e8a3d585b192d94b"}, @NFTA_DATA_VALUE={0x1004, 0x1, "fd79f6e4887742b0cc1d0966e0dc73490f26c61d94c8589521a6536fe13989870aca3417ea7423cb33dfe30bb1bd986ac8642a53f89d86b9fdc30b65cbdb6714b5c201b28a605b5c43727122e615a77a6aa69f95cb3607c5dc1704e2b4b1f6263387cf4422ea55d4bc8913b8b17f0cb3691e508e03d8a4b281c82a48561d0605bc91ce5c193259978f98e52b21ab7bdaccb94028a690f5e3f11be82d5f043b832e0be7f0bbf27f83f04d6e8f806234a492f457147f4cc22017e0f9d0a97c28149b8b789ce795ba518b218aa7bd4a1d3c0329ac582945d4bc10f5cd38639e0dfe6306d178e5ce4f70e3ace9e292725e91de5f9f768e53eed102b9e2c9534f012b8a85943da0b72387cbdf76c94a9bc662933de58855413577bc5a4fe425a88abd2a8b5ed3d4732128ba655e8c78aa45b5f019f6573a02803920e25245ce940e845e7555321e9c8cd6a1d2c9f8a87132f44f8dc122ee15fe9e964210a2068949c5f38cfdab31fb940733cc07d6c607b45fdb76f2a3701ff133a7525d82fee87f0e85259913feb5b1082a5ef0427f19d407eac74443e990c1807904bfb88d1cbf8294883372c8f1b46aa912c544aa75d2207d69bda8f6435bf7d8478ff6c5b4f3300a9169d0c934859310789e22226f619151a51e1bc50b9d98fd4c011da67af6da4571aaf5baef31bfd909e2787ead3808418da7a995a4aa0f87bf75f5426f19f1c480f64f5420d369654c5b04c9cf5e9a2457e2654a21e40a5d66a3c439b2d3ba50b35a1c11600866489c894ac8a44de16d422194b8f199fbd430e51cfd91c5f780a43436a0c8fc0e639e6ea3a5fe74476846192bb8cf2e6521c9f4d5e81e6c2f6e46714a9a31c6cabb9fa8f07f7ad258ecbaaa92748a91b5ae863ce810508ebf29108ddc1893ea24128b5e0f3f97534873af7892b1846eaecb35c4bb1de72d8ac9ec7acfa444ed04f3ea26a5ce35962929341effa8cfb79081adf47af5a19c05a84caddf924c171781ecff4176d1675c4f5a1f6da86ee6075c3ac0f53f28751d231f01384d1ea32c30e27722c92155c29385995085afd223dbc236427cba316714297e629b14289b5df54ff5577613abe51c95759c1740ea495e1c0581f2e3fa259df3c9fa0473702ce80e610e56eed6e3fc0b8361e61c195c16d5ece9d6a2b0e83fbb066307617da7bd13788f5b22a357201ac2898f9afec84567c2f3a729ffccfd84b9e2db57f94598933f71af80006d53cfc68bd0a882240b84ce980937fde34b8d7e0695b34b1a0d13b59355067fd92067c8df99cc0b0765d02ca34d1bb1bdc8e2972e3d5b0f80942d6d2c4fdb7d188b0e69e4a2e38347038d2d2f17fb8ab527e04ffa3dd7ea5d8984bb81aa00787b9aef1efe847fbf6adf6efe29f5dfec82e96d1e22597711664c7d400e14305fe56863ebc90f9f1c31f09b053f88a4e94bc7f86242391a7c36a006e1b74edaaed0d2d175a6f70c00e2ecec14a94aa71d3d4fec5fa921ab5063e8803e74e283349f44b8b8d5989c70bc2e06b4db043034488ef1c67393a6f6233f8e549a22dee33d90e850ab0e17e93d1db255e7a84ce7244e706fe35cf9ff4a244a319151414e56af62cedbc7e6b560e95cccf1456ad1b3c76fe0279436f01fae554d72e5eba54005e045709f91877c00291146584d87240d560891dba82faa7509762a189484f8d6f49a665ca37cd9756a168b997f49c38ad5a99aaa6d9f23eff40ca7016fe74560b954d98cf286719972940c10692a88097607b2e9a9924ac8eead957d3d539cfb7b1ea3910843472b089a273c9ff94c5f37082fb613920758966a3ad5b1ce1d69c6a032f9ca9c292a1afc82535482fa7eb163c1be0e8eece22d62e511a7f7775cbc95cd9029088b24ddc067e9ffa754a07c06d679c5cd533451cfd631c7c4b9e2de777645b781b85a810a0ecb89f30dbcf28465d3a974df8c120accfb543204b9c30c872447425e6629cb23744b66eb49785dd34e37129d6e4a6b22e01c4ecebf4ad1c743ad9206f49b3f231596d4e4fb0c434dd21c39448f78b86c69fca4a73ed0e0972bd970751137fc1d541761827d90d675be56e8146cb5dcc60c9aec9d93516079422c92aaa7be8d15dfff5333d3debfea8cd70d93844f05e91290434bf0d256a17ff5b0f81af591fbb12efb1c7e92aa5cfea189d8759834ea03b9b7845bc81bab133a5a969485c582356067f5fdb8c1dd0ae32725ade69ca783cccf1dea9cb0e8417d796d5ae05758c5fd29e0e57bdfee45a18f550964ecd59749e50fb88c45157696f6bdef3a90587b1a128bb24421b190c1ed22bf3b3859e97a5ac5de31997b71d38c60cba1bc5474189181f0186d2e3275aa2bdfa59eaea7a9ebaba4014df570bff341a3222670531464dcc085bd646d39d1d19549356101f9d364cd4bb75264bb5a56f7e56060b95120f317aeb43c902b2395c042c84d5ea26e10e54b6c9d5b73b7d17139a62131dd4db40d7378f4b0324b4000f4307201843f5913184f5f7b14530dbc95965e379ab450a2f8633149af9f2501911faa903627d21018f907007b7aff428c23ce6a4d7d415a0462c618b35d4a8aa12cc6f21da5c7af52924dd09054c19841f2ac10ad54d994f24f9991d3c7415c0776d495199a255c041e70f788e9ba5da48c287491964446c1bcfb29089d4e535974660949387b5252771a7b2deb183cbcbd8cae6c75d87742f2578a00bf6e8e2e86cdfc6b90ee3e85e6fe573b01cf099f0d88ae4efe8c27aad8c6bb3d12289273f9573717ce46bb37fb031beef22b52a05701eaf5068f5751b18afcd89ae66901b25bb4ec55dab72435d884d3898abe8c663d99c58db789431fbbd56e10251cdc5b873e7fab0dfede3bbca2423940dc3f174508d5693a655766217bb458e3867402ff5adc41f32182908f0ab924b15dfdae73c1f1b9a463e78eb75ee990e7b41f522f6857ea1093ba7ea4f3ab5d050817b70bc6455078a66e3c1f25de24d9109d2b053c54f945abea93ce8f41cce236ee032803903518b807611d1280605e53928f8fe22c16f10c626ccf36849e32d319dcaac6713e3634143082fea25398fed86340587d895f75272a34d4036d1a4fe5864ccb264c75691d742ba0e7900a33f574a5d1935db7186dc04f5db1fb026222cb74724aa3808bdce88cc50910b1668bf9407c44bbe4c1f0cd235e8839668825562674466d46f32452684e2fff682f5c3a0de6857031b9d6398f7ac9afb448424caf9ca25b6c92bc42a8f67314ce8912a1193edc3937861ca9caddd60b50c8e6d5bc517bcf59a1d5bf21ba2d4ee4f3254b0c1530029ef0cf85e92b15bb01205a40830db60bf7840baf2ed73fec5efa398ab890069f6491f6cdb73378ebe06fa6fb639ff1a49b3d0f1bdc7d2f67cd735698935e2a634631b10e61998d7fa3ea7661f9dc606e70f66f29858293cf29d400dfcec86c39ee88c76201135363ebdaf08574eead571d51c4c1bc079c45c921c5ba1b65654ba97a888e6bb389a2eeaec01ee93668d7a478d469ea57fb004f5bd788d5bdabc6f6d303f764b9b1214d6e2418a8acf11d3227b34757231ef6c8940ff252920434abccd923aaa34ffe08083de4e85ce51198dc929df4cd8df14127419a84c76ae917a38ec05e97e89e676ee1148c0f446c908937a7a5a377bc74527b4189a8a755867dd7ae43f444b80d715a63e5d2a3e78be10f8b5a583b3ad7de7ce27f03b9c30ad6bfc75271117fc89e117e938dfa4104bbf717496c8c5c715571a6563fe1e4c61ece9e2695a2e0c4ca21ca5a8417cec62dbf696d4a2a7433c23da6ca51c771012b75141c30e098d8408b0ca61419e4df5cc4e687df372c748905f6c2c8e7f20207e49250fdd37f7cb824edbdac9b7e03b0dba6a0ec14e7f5803d5001154d59e407e4a49f6ef62ed36837824e46fce1fa0a0485f6060d491f26d16471253550925951e71c5a913845ad1a5bbd78df7a9ec94105c391345a32fe7de2b67bba9c29059de1faa5c9905463f3b50cce6aeb74f38c1b8667a79a05f3682190d0cb292d80565b062eddde4499a8a1b6cf16ed48abd040fc72f4ade769ab67496a43d5a1621b9f062308f0831a2a2b7e215f2556c71968bdc686df09db3f2bbd6fc732c72165c2f41f78dd25582a2ef7d10f3b869cddef5954e487d4ea162edf8a87b6bf96b2a99482052c958e03c1b4805cbff50cdba3eb5b1d3f9211ca449dacb37d76d62a7c1affcb189c1a846995b36d82301123c0107f65a1f2d250b84be710e1b0b5bf3c402d6bb7d26ce2372d6183be5053316926323e1f02d448064abb7fea6ac26c0698496af82410ab45531e7d53a2571b0eefb8a05a5a0b6836c123c488f42657adb94d342208f21c66191e535e14fe6e8739f5a519eb2becc873b89560bf78ebf0d53789f508290b10cd81eefd50e1c8ad7e2425a572548cfb34ba04c2ba22ce7ae44b71fcb6244e93c32f7bdbb134ff0f6c94154917c4b4aff3e90a76c9e58878ffa665ed4eeaefcc3b02dc58bbffc90b666cdcec2fa099b4d79e2795b85d4a21e49e0cf1f82e4efb0183721298ce210d02d0bddc0a117082c46d446795b5d42d15fddbe6dda4905dd197eeb7386eed74e9a75b3c6d0dc0dba8779833a1ffb04956b2602a6c149caa3c63b6d60f701e2d866aa29e790f13ac88f4d285e9c5674d9a07cb16608ee0ef1a64a05f472fa9f3e5d076de812a066e0d3a117f5a86ea6c0cc3371c127ff825e35da1c739cfcdf799cd352aa346421d7c66783766f9a20ef63024798223ad3b0f6f99906bc4fde1f7e281a81bd98e7d3603d28157a2c9e4080f5c6a538daf4a741335a28bfb27920c18a5a3fa3307040f7dcba5e14f15fab4362469ad0b7ac17e5dd57f6a56000edfa7416ae1b70c7f9d062b0ad8115bcf39434b2186d8415084ed8c7041899d4694d84bf35ba395986544581374b36d27310ac040f6353defa423939b2eaf1d92f39bdce4c11dd04ecd99c9b6d89e30e29461848094983cb8adb7b21ecf7eee0a9d3b39341582437c34c31a756dc219b3af8c96372d7dd0c72de5b4c891c46853a9b8465e272ad27e9ccde1163571acc3f3b0e812f906939c227abd42917e47faec71652aef6337440df33f527cf90c0d2504840796857e707f0024c88b9763c840344f264ecb2af8f68e5a0452d8ca962a62daa6b9c71fe29cb35674d872b0b99ca96ab776bbc4716d389b2ac8e3a8e0e0403bae96169a202362dce0a350d64ff05a4f109499d3ee7913be94f75547d546699c4994edc8d9018b047ceba0bfd9f45ee9bd7512d4760b88b046931003829205d50218aa3759c7e1200a4774c2dabc4654d805abe431d9ae995c81b6271d3958892bcfb0e90c50a9f184b5a1a9964f714eb4212e4d1357d44d6b7b1a9fd3a8a92d3162637d44ffa6d6b2448fd01c836c69a1499dff9535714c4a7d66f27e50849e2402b888a3158a851a8423e6956b4fed5620bae23b13baae5e4142c79eac4c9cd13e8b0d73a8c3ca4ec29b269377c7a3fe17a932076452850e8df3e5fdd00c4ab0b42fba445c96eea133fbcbaf66a1405cd0bf362d1cad33b1fbc2debc7cd4c57d366fe1a8ce0f00d5fa96db41ae156bdff5d93417869b9a43d9455ecc7f14d4d23442d5e25e13a32a59f5373eb7c812b823236affddd30c5b1fb585c8e951c93c4b255d4889402a3c41baa2109b38a9cf351faf46d7928701595d6e7710e0af01e3806c628eae2e03b381c507c47ac36ae3db2f86127cb4ca961171e2da9a93d48c637ed100e4458f"}, @NFTA_DATA_VALUE={0xf8, 0x1, "9d89d4f8fbe38958ba4a65b2b7012644ac60d6878da3b8c80d7bf99bf8e5192d695f41d306553ddf405db8b5067af7efd082ee5c728ff3c6d87edd304c65d9e580b15382084237c2393811dc4ed51f0effd07be7715fed191a17d3f6468eb6166a72db86ad57123eac2413dfbfbf604fb33a63635b58a7daf0c52f42bccb2ee1feb4e06db3ee9c0e627cce06a30045321d01657449b417ab6426da3c0e9f00cf3b229d5e3bcb71b817f602238c62a1926ecb80430506b33347e4cecf6e227153083ff81096cb81246af31fe99b8351d6e740e6d03fd2a9b3722b512fac5fd260f0449bb76ee6764d432659fa570c7061c45757ab"}, @NFTA_DATA_VALUE={0xa4, 0x1, "6b55ea6541c35808e760d9895ab12ad89ff89cf33981f6b6330c52c2c5a96201be278c73477b1cb20bbab8665252258e3120b8313ea25939102bdf56ff2e64f6ff624c55ec45a3f1b13b6fca64413254987d03f40e0717e315d1c608e90d747dc7e1f8d24288af496e7a7da6d13963987dc5749712543b6d2a632ac3e197583147f9752a0e4da5d3f4459f6f1256393107f7e06817cab33d40eee15cb2675c24"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}]}, @NFTA_DATA_VALUE={0x2f, 0x1, "4999bcb6dc191be8c66e44f74c71affc2c74a6322486709accf91a779c1b90390fd48219e77bc1ab92041e"}]}]}}}, {0x24, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0x1c, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_KEY={0x8, 0x1, 0x1, 0x0, 0x1}]}}}, {0x10, 0x1, 0x0, 0x1, @lookup={{0xb}, @void}}, {0x10, 0x1, 0x0, 0x1, @match={{0xa}, @void}}, {0x34, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x6}, @NFTA_QUOTA_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0xa}]}}}, {0x14, 0x1, 0x0, 0x1, @byteorder={{0xe}, @void}}, {0x20, 0x1, 0x0, 0x1, @dup_ipv4={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x48, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_LIMIT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_LIMIT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_LIMIT_FLAGS={0x8}, @NFTA_LIMIT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x8}, @NFTA_LIMIT_FLAGS={0x8}]}}}]}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x1718}, 0x1, 0x0, 0x0, 0x4004000}, 0x8000) recvmmsg(r1, &(0x7f00000059c0)=[{{&(0x7f0000002000)=@isdn, 0x80, &(0x7f0000002540)=[{&(0x7f0000002080)=""/7, 0x7}, {&(0x7f00000020c0)=""/94, 0x5e}, {&(0x7f0000002140)=""/240, 0xf0}, {&(0x7f0000002240)=""/229, 0xe5}, {&(0x7f0000002340)=""/65, 0x41}, {&(0x7f00000023c0)=""/233, 0xe9}, {&(0x7f00000024c0)=""/56, 0x38}, {&(0x7f0000002500)=""/49, 0x31}], 0x8, &(0x7f00000025c0)=""/82, 0x52}, 0x6}, {{0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000002640)=""/216, 0xd8}, {&(0x7f0000002740)=""/88, 0x58}], 0x2, &(0x7f0000002800)=""/92, 0x5c}, 0x2}, {{&(0x7f0000002880)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000002a80)=[{&(0x7f0000002900)=""/182, 0xb6}, {&(0x7f00000029c0)=""/143, 0x8f}], 0x2, &(0x7f0000002ac0)=""/69, 0x45}, 0x1}, {{&(0x7f0000002b40)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f0000002d00)=[{&(0x7f0000002bc0)=""/127, 0x7f}, {&(0x7f0000002c40)=""/161, 0xa1}], 0x2, &(0x7f0000002d40)=""/23, 0x17}, 0x6}, {{&(0x7f0000002d80)=@tipc=@name, 0x80, &(0x7f0000002e00)=[{&(0x7f00000057c0)=""/234, 0xea}, {&(0x7f00000058c0)=""/202, 0xca}], 0x2, &(0x7f0000002e40)=""/91, 0x5b}, 0x55}], 0x5, 0x0, &(0x7f0000005b00)={0x77359400}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f0000001dc0)=[{{&(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f0000002fc0)=[{&(0x7f0000002ec0)=""/211, 0xd3}, {&(0x7f00000003c0)=""/215, 0xd7}, {&(0x7f00000004c0)=""/136, 0x88}, {&(0x7f0000000580)=""/156, 0x9c}, {&(0x7f0000000180)=""/89, 0x59}, {&(0x7f0000000640)=""/4096, 0x1000}, {&(0x7f0000003080)=""/4096, 0x1000}, {&(0x7f0000000040)=""/25}, {&(0x7f00000019c0)=""/182}, {&(0x7f0000000340)=""/6}, {&(0x7f0000001640)=""/103}], 0x7, &(0x7f00000016c0)=""/106, 0xb0}, 0x1}, {{0x0, 0x37, &(0x7f0000001c40)=[{&(0x7f0000001740)=""/225, 0xe1}, {&(0x7f0000001840)=""/101, 0x65}, {&(0x7f00000018c0)=""/207, 0xcf}, {&(0x7f0000000280)=""/151, 0x96}, {&(0x7f0000001a80)=""/224, 0xe0}, {&(0x7f0000001b80)=""/189, 0xbd}], 0x6, &(0x7f0000001cc0)=""/193, 0xc1}, 0x6}], 0x2, 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0) creat(&(0x7f0000000200)='./bus\x00', 0x84) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prlimit64(0xffffffffffffffff, 0xd, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+'], 0x2b) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x1c, r9, 0x301, 0x0, 0x400000, {0x34}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0xa6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) sendfile(r7, r6, 0x0, 0x4000000053d2) 5.486815214s ago: executing program 2 (id=1986): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x68}, 0x1, 0x0, 0x0, 0x840}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) gettid() rseq(0x0, 0x0, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x1b, 0x5, 0xd}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008502"]) 5.395559061s ago: executing program 2 (id=1987): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_io_uring_setup(0x893, &(0x7f00000003c0)={0x0, 0xaee1, 0x400, 0x0, 0xb}, 0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001400)={0x0, 0x0, 0x0}, 0x0, 0x40000000, 0x1}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='nr_inodes=M']) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) io_uring_enter(r3, 0x5361, 0xfffffffd, 0x2, 0x0, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000600)={'#! ', './file0'}, 0xb) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r5, @ANYRES16=r5], 0x48) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x50009405, &(0x7f0000001440)) io_uring_register$IORING_UNREGISTER_BUFFERS(r5, 0x1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0503000000000000000007000000"], 0x1c}}, 0x20000000) r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDCTL_FM_4OP_ENABLE(r8, 0x4004510f, &(0x7f0000000280)=0x8) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x80, 0x0, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x14}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfc1}]}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x40041) 5.154605223s ago: executing program 5 (id=1988): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000780)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) process_madvise(r5, &(0x7f0000000000)=[{0x0}], 0x1, 0x64, 0x0) execveat(0xffffffffffffffff, &(0x7f00000001c0)='\x00', 0x0, 0x0, 0x1000) r6 = socket$unix(0x1, 0x5, 0x0) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x490001, 0x0) bind$unix(r6, 0x0, 0x0) open(0x0, 0x8060, 0x0) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="66643d1053fe1fba66d31aa8d0c91a5e116154245c0828cc047a6b1b715ad5aeba8961e9cf67d05e085483938d51d6af275c683aecd0bfbc438dd7ce04ebe2648ab6e45dbc717704769e61d1a2a4e20277dd07a5d0ebe3966367ed0de1b56c45add751c96d4e508202983aa3fe3d7000b7a2b72a74f5aea9f65552675da1b22c83cc37a0cdb7d1eae9a74a1821cee4b4d5d2379e6bbcaedd5b3676c8161e303aaab4b65c7e2ca11b96f2e1654eaed46e1e06c2f911171e58ec8d421119eba64373a4bd2d5c8e8f73c5a1d7dfc9a1e000ac4d118a2534245789542cb26d7bc998b88c931c118eff7d5a7a3b1206a2c0e23f", @ANYRESHEX=r7, @ANYBLOB, @ANYRESDEC=0x0, @ANYBLOB=',gr', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,\x00']) io_uring_setup(0xb3c, 0x0) r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r8, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r8, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1}) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r8, 0x7a6, 0x0) 5.143719266s ago: executing program 2 (id=1989): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x68}, 0x1, 0x0, 0x0, 0x840}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) gettid() rseq(0x0, 0x0, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x1b, 0x5, 0xd}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008502"]) 4.889628843s ago: executing program 1 (id=1990): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xf) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_loose}]}}) chdir(&(0x7f0000000240)='./file0\x00') syz_io_uring_setup(0x110e, 0x0, 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r6 = syz_open_dev$dri(&(0x7f0000000f00), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000340), 0x3, r5, 0xeeeeeeee}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r4, 0xc01864ba, &(0x7f0000000300)={0x22, r7, r5}) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x12) mount(0x0, 0x0, &(0x7f0000000280)='debugfs\x00', 0x10040, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) 4.166285197s ago: executing program 2 (id=1991): prlimit64(0x0, 0xe, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000780)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00cd04", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x5a, 0x1, 0x7}}}}}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000000000000000002"], 0x3c}, 0x1, 0x11}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) syz_open_procfs(r2, &(0x7f0000000480)='net/tcp\x00') r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)={0x8, 0x0, [{0x805, 0x0, 0x8000000000000001}, {0x774, 0x0, 0x800}, {0x232, 0x0, 0x6}, {0x4000009f, 0x0, 0x8}, {0xbfe}, {0x2d4, 0x0, 0x200}, {0x83b, 0x0, 0x1}, {0x27a, 0x0, 0x4}]}) ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x2, r5}) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000006082c701c5c780797d3285d2acef3a94c93700f73f182008ff7c38fe1f4141bd6405d0f5540efc4e390e38744e068a7ee713f0fd3ccc77019df2a45e4059"], 0x48) ioctl$SIOCRSGCAUSE(0xffffffffffffffff, 0x89e0, &(0x7f0000000400)) r7 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r7, 0xc2604110, &(0x7f0000000040)={0x0, [[0x8], [0x4, 0x1], [0xfb, 0x0, 0x0, 0x3]], '\x00', [{0x0, 0x1}, {0x0, 0xffffffff}, {}, {0x0, 0x1, 0x0, 0x1}, {0x0, 0x3}]}) fsmount(r5, 0x1, 0x30) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000002b80)=""/240) r8 = socket$can_bcm(0x1d, 0x2, 0x2) bpf$TOKEN_CREATE(0x24, &(0x7f0000000440)={0x0, r8}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x14, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b70b0000000000008500000083000000bf090000f800000055090100000000009500000000000000bf91000000000000b7020000010000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000080000000f2000040"]) r9 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000d"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x20, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x1, '\x00', 0x0, r9, 0x1, 0x20002, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x10, 0x378a7deb, 0x1, 0x10, 0x1, 0x1, '\x00', 0x0, r5, 0x2, 0x0, 0x1, 0x3, @void, @value, @void, @value}, 0x50) 4.105344976s ago: executing program 5 (id=1992): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002340)={0x0, 0x0, 0x38, 0x0, 0x9, 0x3, 0x0, @void, @value}, 0x28) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008000000000000"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x20241, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = socket(0x400000000010, 0x3, 0x0) r9 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r11 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYRES64=r4, @ANYRES64=r9, @ANYRES32=r11, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}, 0x1, 0x0, 0x0, 0x42081}, 0x0) syz_emit_ethernet(0x1b7, &(0x7f0000000800)=ANY=[@ANYBLOB="82ec4fdfaaaa00000000000086dd6000200001813aff00000000000000000000ffffac1e0001fe8000000000000000000000000000aa03019078b8000000610e8b320006320100000000000000000000000000000001ff0200000000000000000000000000013c000371660000003207000000000000c910fe8000000000000000000000000000bb0720000000000608fbff0f0000000000000008000000000000000b000000000000000107000000000000000000000002000000000000c910ff01000000000000000000000000000100000000000005cc1884c8bb5abca78d33bbddc12ac8b0dfd230be2caaff74ac17e3b0ed0f316a3d26e4f1701e473c87d911394fda040107c3041f689c6bf126512af79c4f0841aa3b315baf2262c5a7201bab3a8d0d0125f4e4615097aee958870d2c42ec66ab999f7298095ae6d577f0c4c2920ab396036c0dcfda45badba9390469e824b0f8d67f2926942eac31cff9241b838dc1069c3ccb7dd48205312aecf4c106c09d929ae4142e84a8b10c9e2c373a973d15896fff04ca431b20fd5bc0325c65c3deaf55025b5dc4069cf5ac98d98a1c8411b32b04e4a62d514b0ebf19b80ef6a23d75"], 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd27, 0x8000, {0x0, 0x0, 0x0, r10, {0x0, 0xfff3}, {}, {0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x9200}, @TCA_FLOW_XOR={0x8, 0x7, 0x7ff}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) 2.950020501s ago: executing program 0 (id=1993): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtaction={0x328, 0x30, 0x9, 0x0, 0x25dfdbff, {}, [{0x314}]}, 0x328}, 0x1, 0x0, 0x0, 0x814}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) r6 = io_uring_setup(0x773d, &(0x7f0000000a40)={0x0, 0x0, 0x1000, 0x2, 0x3bc}) r7 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r7, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r7, 0x4) close_range(r6, r7, 0x0) r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) ioctl$USBDEVFS_CONTROL(r8, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r1, 0x7a9, 0x0) 2.70564844s ago: executing program 4 (id=1994): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/protocols\x00') preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000b00)=""/152, 0x98}, {&(0x7f0000000340)=""/204, 0xcc}], 0x2, 0x7000000, 0x3) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000380)={0x51b78582, 0x7, 0x10, 0x6, 0xfffffffb}, 0x14) 1.69943389s ago: executing program 5 (id=1995): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x24400, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) mount(&(0x7f0000000100)=@nullb, &(0x7f0000000540)='./file0\x00', &(0x7f0000000000)='ntfs3\x00', 0x0, &(0x7f0000000340)) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.692722405s ago: executing program 0 (id=1996): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000f10d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e507646dcef67df33c9e9", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) unlink(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00') sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="6b00000002060102000000000000000005000000050001000700000005000100070000000500050002000000140007800500150001000000080012400000004000000300686173053a69702c706f72742c69700011000300766173683a69702c706f727400000000"], 0x5c}, 0x1, 0x0, 0x0, 0xc040}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="280000001c00010225817000fedbdf250a000000", @ANYRES32=0x0, @ANYBLOB="0100a1090a0001000b2d2948c56d0000"], 0x28}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x0) recvmmsg(r3, &(0x7f0000007700), 0x318, 0xfc0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @multicast1}, "040086dd0000ffff"}}}}}, 0x0) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0xf, &(0x7f0000000100)={&(0x7f00000001c0)=@ipv4_newrule={0xffffff12, 0x20, 0x20, 0x70bd2b, 0x25dfdbff, {0x2, 0x10, 0x4, 0x0, 0x1, 0x0, 0x0, 0x8}, [@FRA_TUN_ID={0x0, 0xc, 0x1, 0x0, 0x2}, @FRA_GENERIC_POLICY=@FRA_PRIORITY={0x0, 0x6, 0x87}, @FRA_FLOW={0x0, 0xb, 0x10001}, @FRA_TUN_ID={0x0, 0xc, 0x1, 0x0, 0xd0f}, @FRA_TUN_ID={0x0, 0xc, 0x1, 0x0, 0xffffffff}, @FRA_TUN_ID={0x0, 0xc, 0x1, 0x0, 0x1}]}, 0x1c}}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)) ioctl$sock_netrom_SIOCDELRT(r4, 0x890c, &(0x7f0000000680)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bpq0, 0x5, 'syz1\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, 0x0, [@null, @default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @bcast]}) 1.624252577s ago: executing program 4 (id=1997): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = gettid() timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000380)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r4, 0x0, r3, 0x0, 0x3, 0x0) (fail_nth: 13) fcntl$setpipe(r2, 0x4, 0xfffffffffffff000) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1.602366977s ago: executing program 1 (id=1998): openat$smackfs_ptrace(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000220edf104c05c10687c201020301090224"], 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'}) r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[], 0x44}}, 0x0) 1.601638624s ago: executing program 2 (id=1999): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_io_uring_setup(0x893, &(0x7f00000003c0)={0x0, 0xaee1, 0x400, 0x0, 0xb}, 0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001400)={0x0, 0x0, 0x0}, 0x0, 0x40000000, 0x1}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='nr_inodes=M']) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) io_uring_enter(r3, 0x5361, 0xfffffffd, 0x2, 0x0, 0x0) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000600)={'#! ', './file0'}, 0xb) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)=ANY=[@ANYRES64=r5, @ANYRES16=r5], 0x48) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x50009405, &(0x7f0000001440)) io_uring_register$IORING_UNREGISTER_BUFFERS(r5, 0x1, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="0503000000000000000007000000"], 0x1c}}, 0x20000000) r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDCTL_FM_4OP_ENABLE(r8, 0x4004510f, &(0x7f0000000280)=0x8) sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x80, 0x0, 0x2, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_DEST={0x40, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x14}}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfc1}]}, 0x80}, 0x1, 0x0, 0x0, 0x80}, 0x40041) 1.264084828s ago: executing program 0 (id=2000): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000280)={0x0, @pix_mp={0x6, 0x93cf, 0x32315559, 0x4, 0x8, [{0x6, 0x1}, {0x9, 0x5}, {0x8, 0x3}, {0x4, 0x9}, {0x2, 0xb68a}, {0x7fff, 0x7ff}, {0x3, 0x2}, {0x50ad0a9a}], 0x9, 0xff, 0x2, 0x2, 0x3}}) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_MODE_ADDFB(r1, 0xc01c64ae, &(0x7f0000000380)={0x0, 0x4, 0x62e, 0x0, 0x1ff, 0x7, 0x10000}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) ioctl$DRM_IOCTL_MODE_GETFB(r4, 0xc01c64ad, &(0x7f0000000580)) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x52cc) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x15}) syz_emit_ethernet(0x2f9, &(0x7f00000005c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaabb86dd63e96e0b02c333010000000000000000000000000000000000000000000000000000000000000001673800000000000004010203a8d4900946113e52d7540a2d959bfdb03602570da7649db6dd7954cba49bbe684f2fac5dff82363a8998156088b341b4ca9c9b197dd97f9053b9e294904dd12acca47f19c531aca3fabc6e7573912cca8df840e33506b1e65608e132df0dbb2611401bd46bf10caec7d0046b8e5faef84472e0c78ce476c70ef9ebd8d0198a65e4d1117131649efa4a6547063654a35a1bd176a091203fb77be6d393ad5f45ac173b8c28043ace2e00010900000000000000000004010507480000000010de0000640d0000000000000500000000000000010001000000000006000000000000000200000000000000ff000000000000000200000000000000000100000000000008bda13bc8d885be64b393aab5d8be9596b0538699842ae1107b68e86ee3b55725b3e172eb4109dce709c283154f7f92fdf363faed0125da2facd84e14a977efcb65b8e870394da17246ac2a9cabe2942127c1a0498f930123b6e3c558965395334776698ae7210a48a87a4890c81039313492843925421a667e182627250d66b3693ac5d042149c2325c698facfb3157e9eb65a174568bf9e8955fb25909f686404f611c69bb4d32529ac9b3cdd2ddc43a3b412e2c7fd650122b6cf5cab68040103009341930eb21e0600f4264c817732bb2386c57ad44faf655f08d94ce9fcdd238937cb70c188d72b477e1bcff7f9672e6f82b91d91eac9ec39994397a93c193452bf8d7effb7c1ef08555873da235f87a45a26c25310bda80b0596038b5c1efd049d55c15ea705d1e3e8c3aeff1c89866ff88624c9d8192d4f958e49178aef7c5d57d4609b964659afc6fa82082fcca70bc25e7dba1090791d0171fc4be2e8857a065811cf088c99e89f99a771994dbd9415b7a54558b14ae8d6b89dceeb6ffd8df0e6b525e76855d4830ce9eaa4c35de5a39d4f64da903496e831effe2f0a13f9daf90d70b421a0a4a9649a10a7f1ce34102765e6751928cdc972582d26344a5ba3306a9d06c51fd2689458a9a1ac80eb24dd7ea4972654a5b086d1767320018151489c2bf99a9239d4bcc4204e7ff97061a91296ec9979e806506d1075c4639f65c122dbe0d1034ffe6a40680beb9bdcf40085443a6ad3dcbcce"], 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x34, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {{}, {}, {0x18, 0x17, {0x19, 0xc11db8f9, @udp='udp:syz2\x00'}}}, ["", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x8480) 1.201577992s ago: executing program 4 (id=2001): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) close(0x3) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) socketpair(0x28, 0x80000, 0x8e, &(0x7f0000000000)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f0000000540), &(0x7f0000000000)=""/7, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20) r1 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011008108090f9becdb4cb92e264831371900000069bd6efb2502eaf60d002700020400bf050005001201", 0x2e}], 0x1}, 0x0) 1.132673935s ago: executing program 4 (id=2002): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x5, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x8, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x85, 0x6, 0x8, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0xe, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xff, 0x0, 0x1000ff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xc96, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x2, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x2, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x1, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x7ff]}, 0x45c) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r5 = accept4(r4, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r5) 323.419398ms ago: executing program 2 (id=2003): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)={0x54, r7, 0xfe12482fe0801d65, 0x70bd2a, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x9}, {0xc, 0x90, 0xc89}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8011}, 0x20004040) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r1, r8, 0x25, 0x2}, 0x14) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @random="eaa9a5c43208", @remote, @link_local, @broadcast}}}}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000a80)={0x11, 0x4, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) 292.545215ms ago: executing program 0 (id=2004): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$isdn(0x22, 0x2, 0x25) r3 = socket$isdn(0x22, 0x2, 0x4) r4 = dup3(r3, r2, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12011001000000204c05d50300000000000109022400010000000909040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io$hid(r5, &(0x7f0000000540)={0x24, &(0x7f0000000580)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0}, 0x0) r6 = accept(r1, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001300)="32caac739a54f09a58dff1a8c03e2a67fe9805ff0f837331065d9bd535450b2ce8b3233855d031b4ffdd117b06ae635f474dd88bb93937a8e4e2f9e6fa8a5dc5bdb5c159480a02bd17baad1d76ef6154a8f713180a9c12bbab4451312e7a0e671801e09f2bed7baad496ab80da1de5082520ab71c642662f0d818ff66c4b103eda1cc83ab5afff279107ec5206352057e3fb07797b5cf8189db0f2e7799078ac2c64e645b96893c22ed9f84f7e66989512b3d2d267c69076053bd23b877d0c6ebde126f4eb02e6b473e67e1d69294dc7ba38dcb4acd202697cebdacbc26f206664b3622130cdfa7014fc210f5e141695d9cbe86511cb1090d003a465cfb1c88c7dfc4806e7f7eeeb7748fd28c085356a8141cd3bf92ecb0e40e27b81161e123d17765f87786264e5c2c42c3541a04099c19f3ff5c05afd7b4326a2b4c9d24564f83a7ccaec66b0d7d0c74ca6c14ad53747ce1fe62352942753ee10bc7c37c5cd7207a48c2f8f7044a7f79f48fb87b96db8977b7a820b872c653b7a5015dbfaabafcdd1fd9cbf6a57520eaf45d6b6136545b5ac1b394c7f7f7adba524399813369251982ca2be15e953b8e57ff9b9b6a881fbf6c1c3844bcad7ba46b1de031f4772573744f64347792677eeec7a4430bc5eef5bafd7c1f232801e5f45f7e0f75a53e2d6519c002fc7af7cbf104a8a5eb1eb7dca2d04a7b3c7e8e35f365ec7e95b8e645523637dc848c2e56e8f1e3dd10f23939d4a72900f86bd6c5b29ba3fe88437433766723b512eda33a54aea27fc63bdd90a0fed7f885ce18d5b0cd8c6367768aa7f0a3a1f4af5102b1b89ac089fdaa16ee579e7bf75360c76a24d4720d50801f442ba3a13edec074597d1fba79ec4667806b410a3c076a142ccd48e06b3a221dcd0d14bb3c0870977b680fe783b42f987588b37d3674e394cf4a9d0337cd01b060ef5253b09963927f81c149aecbc2ea569a3c9b579c02ea4e914fa0721ceaa619a22ae3e2e1f60823b21cfc30c44671ec9fd865d7255fbb56d5a388a830ad92629115fd7e984396c70657b1837db565a5c52ae9519cc78a26439a1c3368b16d1c383959869e1a0e032dd9df65cfc0e6136bce9f3f3ce839420f60c2aac8ff14a88884c5944836d3c8ac4520707a3bc13f8e43874a5ce19b5fe68ba0b8e611720fb3adde7f09c59029cb920ef5b1043511090d54bb01bf8b490ea3a75951dd7ea74cd71d5aaec7f099f62d27d8a5749cf2f3be906222dce82c7adef0de4b63ac5007f167489833bcd770e74cea0744261d2902c482f03aeac2b805243dc347d765245f2e7ab371685f2b6f4a56ac39f3bec3247b9635d854ae47553d9685fc4d332993339f921b8cdede49bb475da6626db1c2e356a945adad350fdca6fbb12391b65bcf0b4c563abfb43104bf0c9c08542625ede566360df91aafe8f4eca2cef87ff10c37e6d855d225df2576bb8860d928607e062419be79210e1bd3ece5345a52c00316d1a4571809a3b3ce70a7e4df95f4a3f8bc5a2cc8181a54a625a85926595e5673c554bd9c549f218bc79dee14dffe190aed87fb939fa810a4ae9749874730e9e9372006644ae280c84b9b07434e75d805b6858da3359a2ba02c29b8135a1773a34fc6174cdb1d5ec71a29044d5edff9ed16a1096d950d4ab45091ec16b0daf773d402ec935d889f21e7ea263ef3904671eb7aeb9d33ad6caae6cb7e1f5264635a66aa21c1bdf1cf29ecfd7ca87423cf4af9b6384a27beb4e5697b736f727d0eebc740b115bd1c8390c69436bc55238233fee115855cc778d1c0ccfcf7b679e6874908a59fba545ea4b7d70969350b48a84ad126e711c6514261519202f41c436ffc3c4d60962d4ee02a6ed1c422b89738668cfb2cbb925bf46c031a75e583733c4c4321331fd99dd25b8b5e2e4132aff34b4f7af13660c29a4d24aa165e2984b724fb9b297d7f1dd06594aaa555e67026d1706215d50d9d49b760338fd8140a204c8a5e29f8661aa5ebed694666e161c094eb160dc87bd634d88c28b7fb3d4ef3b2b6dad50fa402fbc895a2f524158609236f5bfb4704d1e0ff5681730610eaf539dc14d1ca5b86121f83be71ddf2c696275ed69ca0bed00a9d895d74a9eb6c577eb69db93174a8cc399f889c6236f00f26a213792ae15a56d8adf95b0b73ae35b5674030f4972e150bc47bc02c32002c5fada6fce4f7fae4a0f50a32fc689aeab3c7b00530cd0dbee8c3bf53d5e772fca5a9e9727072c43a914e00982fe1c3e38ea14cbf6dc0416880746730abc378d9624a4c3be2f8ce8a852a83ce1f5d7a96cba111a0d05be77e12adfdd276dc2fa8d0e374bc279952fac599fefd7558fd41cb28887bc998cc1de19c3fc9847c0cc67a694276344d0c304e3513b294cd65271542777a9cea079dc2c6a0f8b614483c8bae4a6a7d1048b183021cfa261e0ecd2939c396edc7dd2d8c06a9cff8de26a18ab77f4a7be60ba24bd79718994196065c4e9ba1b9ff75fa3391d6ac54a3c882f8881432b67c29095e25a6396769bad40203456101ba0332410edcfceb51e599a0a0f473de613204d089d3de348f8c76c6816f64eea421d7d21dad8e66bba394a0fc11d7b3f5b2772a5c2331c0d4c34a4d66cf968ef4039aced7fa55bba225c2d494269976d69212258d6c2daa824ac1e217d9f68031ad76519e83b8c95805b567e288337721ae48dfb4b0f1eeca4c2be52e540ad976797d59976e21b61c9163dec655441e258d38210c12255cf7b859199bac624fd22f67cb9c6364f544b0b0769033bdeb6f8444c27cdd0f223adb6d2816d7c7e98af0be463db762d09644d03d9b5fa8948b01849dbf8671d4030e633bd8e177a0868be78fa51e0df9fb122af1724c641d90245e766c49c1e993978b39c35d23d6b967f19f011ada5efd62de335e0e8c75d3ab0288c281d30dd6471f65b582cedf547351889f0bb1c10b25b3c5ad2e0023cebebf512f925769d313225b3ea5434c6cc1ec06b2f89578c0d3f9ec50efea77e95aec38c822f5c969e7db3a14d51b2094fbadd6914d885fbabeaa6f9914cefe8b264e7b6bc170216442c97d27e7c90084e0870c9f0886d961c6f1c5de90c47dadb11acb5a2f8e0389f020051b85c3145f8e0dac984cbde8d5d12a9355d78f5b0e6cb4824f5a72c26fdb8c5188410419c2dd96e2c04f53db41e3ac50acd2ff513c85b658353b2ccbddd80ff8c61719316098f320cd891afde0c978dc7e4f25c4bcc6da2ca357b2cb5f22277d68fce94e252df71527550fd621d01339843dca442f6afaf3abfb30f85dba8c1806e4ec544301270922927ab12477d1d6e50ffea4daf6bf292fa79503671181f2515ee7ffa9b8e24127dbe6fb32561baa7f616bbf75661001bcfc5fff23a4e5fd31c1e1a48b1b9beb05b51e57aef3988c3e98b37c6299dc37ba6f7217dc31752bcefdf3631052f86c28ea283bc508e3b59effabceb2fc1ae33fc0d96bacac146885652fc881388fe2b5bfeb30395cd4b43ba4fc99b671a39b18b5f7403397c3427d5c67b10884be43060823dac825437ee9cbb835b81bbd5ba3c23e2e177dc8caa4a7bc75dab9ef5db656f1396d41b6d65e1a254ecea8c9ff32f2e612a639d31478d09ef7e414827680085cf78c0f98c7a126d848d269f063f226873ab19f082a014c275534ddb138bb1edbd73d2df82767bf896755d79ee69fa4767dbf97b3bab85cb08530b28664372d9180159202f44ec57c7823f83f5e9af9b58a82bd8fef07934825276705111c874b5d6201e833fbbe47c54f8d946e6cd8c2f49ece695e0efd6807ffb4226b337c308d3d9ff72259df11c221cfb4280e7043fb5ef754226ad23c18809f02cddbc539aa4f969875487fed09136d714815bb7955281486e99956d59195645844d89105b1feddf75c574c4ae2e746f02a147629981d91a26b66a2cc3d163f284c642a9b9ff50933976b69255a26e585398d446a7b398d46c25c113e84cccc55524bf0dbbbf3c0dd28fbf83b9d549896d1d0f2dabcc318612108b530ab26795cc0b35601d91e5defa50d009d63dafb25f663d7eaa9af3d26be3e80e0ea0058f86c6fba926747386421f9de116d4c1adf39bbe9f8f0b24d0f7be1281391a61b1d56b39adfe75aa5e7041cd1d77790126aa11c5d7fa907fe29ef28e8029ac67696c6f0e799f77c70954e5e0da2330ebeed4212c87f979ebf92587131debb8b1410ebf3f57b76516a91c383d681b18ea0a0bfca3bc46d4f2593ca473a147824bf58770d34032848b090b5724cd3482b619c12b45ab8e1e37409c65a5abf6b45dfb319044cb1fe910157315b12717f393112581d3d86483c0971c90c9b21a692a6d84af97874a3c80e31827748bae50670576e0833311f43b7035a8553b9441212eb9cd9f4cd92e206874aecc0eae8b6d3c4f082f1841946d728845cb976682dba58ec5d551147eb561374d853cfaf82ca582b5f55cd48a12a5cdd0288d60571ce816f3208d185005b04b092c970e60ba68f1f8d3ac5817652dff85044271c45415b15cfe824bcc7001591aea24f6862656d366b7765498f202b5dab0e82d2e59513147fb458852991b3d11dfdba02b3ba62abd5b97ffe33d149a966dbfba91883b1bd470589267f27699f888eff6405b91dc55fd028a1e6a20eafa2da54d2fc4ddcdf8ee4d7e671daa663a56c1cd13af9f7b199584800e5f523b203972af21e3bfefe2d56e7d5eec48eba38f9a4451403eeedf662cd9cb85ef7dad94cda40595eb5300f1de53ffd4b035a96d036909b024d0012f39ceb348471edfda8fe0127df20292b2e8179228a7e93fd72039d5da2f3d620c7d05ac532286f8606d89c7bd81c941c3b01b1197e5348d54e263aae08a052521cc5a49d618c1d65c364a75f586732758f03e3ef5607dcf8fda802077b47beedaa91c3f9edbe44128f9c4fb15ad1dce0fddebc81f352252bcc6bdefdc4cedf0e68a51ad2290da509218f501dd1111646a590daa42ae5667b4e438bcb7334de0ac6be9114991692779b29c5ea9c701eace9c795228bf06cad451d5381e99fef980e7c66a6043327a5742797f54bd5fba704de996b77c8b7889548a992befbb929e1b436fb729ec5f45d61c8f46c8afc12098b165d59047a17ac8505b1f571699ab80fc8b407115da5563b7c704e2b514cc4e22dec8bc5dcf06f2837424a373d66b176cd8294438b2f2f28a63425eded5ea56b986906b49fb830fbdf0cd34624c75d4a55681cd8d89c9e82384d99a57a472fbfb7bb14bc78de50bc2b8b1458ea23f9a84abb07ea54867f65c5cc606795140ee28d2a0d6286a7e23f1f1a09862122be467fd6dec054be01d1edad7f2400e7effdb565e6e9906e7a178af6ace0ae411c37173d741335aaa26a98dd2688f4b62f7375912a2ab534c6f38c3b47d2eb86123346b54dd9ab7b302802f8a4fe0fa3f093a60859e551155f76eb5267e7bba52703027ab5113f83844e612d547c32cea308236e65121744e3b167820231dacc4abb71c86bf8b7446c7f81539ec5005e629e71a35a6ab6c9c227667677ffc4a984d5d823104dc9642b613663313854944e875592015e8c74d3643caa2313e4502c4223f760d19dec9281453db2134542ac8d37a07b777fa8d33f1d4a9a99b87de41ae43c2d02aa11dc61d40aab4d7418b572dac539abe7c69a0cb368c036885ce469a7bf526ce89d807ebaf736ad925c347f5ffe2a17a5a2d43c7ff64dc1861dbd848b26e1f44f63d31166e35def562d54f0167d35511c3352b4621414d5769"}], 0x0, 0x0, 0xfffffffffffffef2, 0x60028840}], 0x1, 0x48081) sendmmsg$unix(r4, &(0x7f0000003080)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8c2}}], 0x1, 0x10) sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010004000000000000000700000a6c010000000a010200000000000000000b000004240006004748d961a89321d14b9ab832616fd9dbdf2357f3029d85aa09cadf732975c25e0c0004400000000000000003090001007379060025bc5e986a50c7d9d41f0a31f6d3dedd74d47ba231e3a42ecf9f20fcb8fafa624dc4ceaf905ae3fd66a6a80fcfbc1dd13d6a4677501c9be29f1c529417dcecad4924a460f5b688402ae470863ace97fd2947d0c2a89db009d95d954807e83795896a8aa27aa995cd13499b80a5ac61bb18c36a5e0a430f604cb35b3ec1157127307a21a04f9ae0af80cd8cffc13b534696f126719e508ab4f96ed4cb0b11d605186fcf750943ca94614cdf89b7696a000c00044000000000000000020800024000000000420006000c0620f9310619760b80cc7f1d3060f6b483464c928e93199f02200391dca99d9d8c23fe76e04e010b67c22739c1e2ebb60ff6f021ebdee4fc66fe5b213500000800024000000002140000001100010000000000000000000700000a"], 0x194}, 0x1, 0x0, 0x0, 0x4040050}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r7 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, 0x0) ioctl$TUNGETFILTER(r7, 0x801054db, 0x0) r8 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x289c2, 0x1) mkdir(0x0, 0x5) close(0xffffffffffffffff) inotify_init1(0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000838500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10) fcntl$setlease(r8, 0x400, 0x1) r10 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) ioctl$IMGETDEVINFO(r6, 0x80044944, &(0x7f0000000280)={0x5}) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000100)={&(0x7f0000000300), 0x0}) r11 = dup3(r0, r10, 0x0) ioctl$MON_IOCX_GETX(r11, 0x4018920a, &(0x7f00000001c0)={&(0x7f00000012c0), &(0x7f0000002940)=""/4108, 0x100c}) 164.581986ms ago: executing program 5 (id=2005): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xc0}, [@ldst={0x5}], {0x95, 0x0, 0x74}}, 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000240)=0x2, 0x4) sendmsg$802154_dgram(r0, &(0x7f00000000c0)={&(0x7f0000000200)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0302}}}, 0x14, &(0x7f0000000280)={0x0}, 0x1, 0x7f00000000000000, 0x0, 0x20044005}, 0x4000010) 0s ago: executing program 5 (id=2006): socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) r0 = socket(0x2000000015, 0x80005, 0x0) bind$inet6(r0, 0x0, 0x0) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x0, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x2, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) clock_nanosleep(0x2, 0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x1) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) close(0x3) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRES8=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000040)='sys_exit\x00', r3}, 0x10) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r5, &(0x7f0000002340)={0x0, 0x0, 0x0}, 0x0) setresuid(0x0, 0xee00, 0xee01) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) kernel console output (not intermixed with test programs): ache_alloc_noprof+0x73/0x3c0 [ 586.874119][T10709] ? mas_alloc_nodes+0x2e9/0x8e0 [ 586.874150][T10709] mas_alloc_nodes+0x2e9/0x8e0 [ 586.874185][T10709] mas_preallocate+0x39e/0x6b0 [ 586.874215][T10709] ? __pfx_mas_preallocate+0x10/0x10 [ 586.874252][T10709] ? __mas_set_range+0x12f/0x3c0 [ 586.874277][T10709] __split_vma+0x2fa/0xa00 [ 586.874305][T10709] ? __pfx___split_vma+0x10/0x10 [ 586.874341][T10709] vma_modify+0x9db/0x1970 [ 586.874374][T10709] vma_modify_flags+0x1e8/0x230 [ 586.874394][T10709] ? __pfx_vma_modify_flags+0x10/0x10 [ 586.874429][T10709] ? mas_next_slot+0xc20/0xcf0 [ 586.874456][T10709] mprotect_fixup+0x400/0x9b0 [ 586.874493][T10709] ? __pfx_mprotect_fixup+0x10/0x10 [ 586.874529][T10709] do_mprotect_pkey+0x8cd/0xce0 [ 586.874558][T10709] ? ksys_write+0x1cb/0x250 [ 586.874588][T10709] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 586.874641][T10709] ? __pfx_ksys_write+0x10/0x10 [ 586.874660][T10709] ? rcu_is_watching+0x15/0xb0 [ 586.874694][T10709] __x64_sys_mprotect+0x80/0x90 [ 586.874723][T10709] do_syscall_64+0xfa/0x3b0 [ 586.874738][T10709] ? lockdep_hardirqs_on+0x9c/0x150 [ 586.874765][T10709] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.874784][T10709] ? clear_bhb_loop+0x60/0xb0 [ 586.874808][T10709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.874825][T10709] RIP: 0033:0x7f6818b8e929 [ 586.874841][T10709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 586.874856][T10709] RSP: 002b:00007f6819a9d038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 586.874875][T10709] RAX: ffffffffffffffda RBX: 00007f6818db5fa0 RCX: 00007f6818b8e929 [ 586.874888][T10709] RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000200000002000 [ 586.874900][T10709] RBP: 00007f6819a9d090 R08: 0000000000000000 R09: 0000000000000000 [ 586.874910][T10709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 586.874920][T10709] R13: 0000000000000000 R14: 00007f6818db5fa0 R15: 00007ffe5e5d5568 [ 586.874949][T10709] [ 587.139242][ C1] vkms_vblank_simulate: vblank timer overrun [ 587.247088][T10721] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf [ 587.497841][ T5914] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 587.640361][T10726] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1432'. [ 587.697886][ T5914] usb 2-1: Using ep0 maxpacket: 16 [ 587.704846][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024 [ 587.732617][ T5914] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 587.747728][ T5914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 587.757505][ T5914] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 587.813314][ T5914] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 587.836150][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.864236][ T5914] usb 2-1: Product: syz [ 587.885000][ T5914] usb 2-1: Manufacturer: syz [ 587.904809][ T5914] usb 2-1: SerialNumber: syz [ 587.983594][ T5914] usb 2-1: config 0 descriptor?? [ 588.014958][T10720] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 588.043633][ T5914] port100 2-1:0.0: NFC: Could not get supported command types [ 588.340121][ T5914] usb 2-1: USB disconnect, device number 47 [ 588.348819][ T5937] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 588.441157][T10741] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1436'. [ 588.450257][T10741] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1436'. [ 588.548074][ T5937] usb 3-1: Using ep0 maxpacket: 8 [ 588.627361][ T5937] usb 3-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d0.ab [ 588.657806][ T5937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.666188][ T5937] usb 3-1: Product: syz [ 588.694864][ T5937] usb 3-1: Manufacturer: syz [ 588.726513][ T5937] usb 3-1: SerialNumber: syz [ 588.838169][ T5937] usb 3-1: config 0 descriptor?? [ 589.105256][T10734] netlink: 'syz.2.1435': attribute type 39 has an invalid length. [ 589.879236][ T5914] usb 4-1: new full-speed USB device number 42 using dummy_hcd [ 590.119142][ T5937] usb 3-1: USB disconnect, device number 41 [ 590.192098][T10754] delete_channel: no stack [ 590.212951][ T5914] usb 4-1: unable to get BOS descriptor or descriptor too short [ 590.224056][ T5914] usb 4-1: not running at top speed; connect to a high speed hub [ 590.234667][ T5914] usb 4-1: config 253 has an invalid interface number: 140 but max is 0 [ 590.244815][ T5914] usb 4-1: config 253 has an invalid descriptor of length 204, skipping remainder of the config [ 590.259382][ T5914] usb 4-1: config 253 has no interface number 0 [ 590.265651][ T5914] usb 4-1: config 253 interface 140 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 590.282290][ T5914] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=3e.5b [ 590.291428][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.299457][ T5914] usb 4-1: Product: syz [ 590.303720][ T5914] usb 4-1: Manufacturer: syz [ 590.318068][ T5914] usb 4-1: SerialNumber: syz [ 590.447769][ T10] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 590.459198][ T917] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 591.227809][ T917] usb 5-1: Using ep0 maxpacket: 32 [ 591.946497][ T10] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 591.959810][ T917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.969251][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 591.987771][ T917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 591.998790][ T917] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 592.008021][ T917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.018808][ T917] usb 5-1: config 0 descriptor?? [ 592.083417][ T5914] usbtest 4-1:253.140: couldn't get endpoints, -22 [ 592.090955][ T5914] usbtest 4-1:253.140: probe with driver usbtest failed with error -22 [ 592.102793][ T10] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c [ 592.113989][ T5914] usb 4-1: USB disconnect, device number 42 [ 592.119949][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.129964][ T10] usb 2-1: Product: syz [ 592.134154][ T10] usb 2-1: Manufacturer: syz [ 592.151174][ T10] usb 2-1: SerialNumber: syz [ 592.169793][ T10] usb 2-1: config 0 descriptor?? [ 592.181026][ T10] ims_pcu 2-1:0.0: Missing CDC union descriptor [ 592.225591][ T10] ims_pcu 2-1:0.0: probe with driver ims_pcu failed with error -22 [ 592.305823][T10768] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1446'. [ 593.125162][ T5890] usb 2-1: USB disconnect, device number 48 [ 594.348192][ T917] usbhid 5-1:0.0: can't add hid device: -71 [ 594.355232][ T917] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 594.395721][ T917] usb 5-1: USB disconnect, device number 52 [ 597.819987][T10810] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1459'. [ 597.947735][ T5890] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 598.733933][T10821] xt_l2tp: missing protocol rule (udp|l2tpip) [ 599.158314][ T5890] usb 5-1: Using ep0 maxpacket: 32 [ 599.169118][ T5890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9 [ 599.181803][ T5890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024 [ 599.194984][ T5890] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 599.205107][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.273660][ T5890] usb 5-1: Product: syz [ 599.278091][ T5890] usb 5-1: Manufacturer: syz [ 599.282718][ T5890] usb 5-1: SerialNumber: syz [ 599.308663][ T5890] usb 5-1: config 0 descriptor?? [ 599.332996][ T5890] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 599.367462][T10827] No such timeout policy "syz0" [ 599.526179][T10806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 599.535131][T10806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 599.544676][ T6685] usb 5-1: Failed to submit usb control message: -71 [ 599.546401][ T5890] usb 5-1: USB disconnect, device number 53 [ 599.560033][ T6685] usb 5-1: unable to send the bmi data to the device: -71 [ 599.647583][ T6685] usb 5-1: unable to get target info from device [ 599.758316][ T6685] usb 5-1: could not get target info (-71) [ 600.234215][ T6685] usb 5-1: could not probe fw (-71) [ 602.108617][ T5890] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 602.272736][ T5890] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 602.291685][T10859] program syz.1.1473 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 602.317126][ T5890] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 602.354682][ T5890] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c [ 602.364072][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.373436][ T5890] usb 5-1: Product: syz [ 602.380954][ T5890] usb 5-1: Manufacturer: syz [ 602.388132][ T5890] usb 5-1: SerialNumber: syz [ 602.401013][ T5890] usb 5-1: config 0 descriptor?? [ 602.410002][ T5890] ims_pcu 5-1:0.0: Missing CDC union descriptor [ 602.416744][ T5890] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22 [ 602.624390][ T5890] usb 5-1: USB disconnect, device number 54 [ 602.631178][ T5914] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 602.647982][ T5824] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 602.817729][ T5824] usb 3-1: Using ep0 maxpacket: 32 [ 602.835026][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9 [ 602.867431][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024 [ 602.891031][ T5824] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 602.907683][ T5824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.934713][ T5824] usb 3-1: Product: syz [ 602.943000][ T5824] usb 3-1: Manufacturer: syz [ 602.947724][ T5914] usb 2-1: Using ep0 maxpacket: 8 [ 602.948100][ T5824] usb 3-1: SerialNumber: syz [ 602.961811][ T5914] usb 2-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d0.ab [ 602.968797][ T5824] usb 3-1: config 0 descriptor?? [ 602.977716][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.424748][T10862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 603.533695][ T5914] usb 2-1: Product: syz [ 603.543075][ T5914] usb 2-1: Manufacturer: syz [ 603.547768][ T5914] usb 2-1: SerialNumber: syz [ 603.555151][ T5914] usb 2-1: config 0 descriptor?? [ 603.559615][ T5824] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 603.560440][T10862] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 603.606427][ T5972] usb 3-1: Failed to submit usb control message: -71 [ 603.618320][ T5824] usb 3-1: USB disconnect, device number 42 [ 603.626019][ T5972] usb 3-1: unable to send the bmi data to the device: -71 [ 603.634931][ T5972] usb 3-1: unable to get target info from device [ 603.642080][ T5972] usb 3-1: could not get target info (-71) [ 603.662355][ T5972] usb 3-1: could not probe fw (-71) [ 603.836637][T10881] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1479'. [ 604.005014][T10864] netlink: 'syz.1.1475': attribute type 39 has an invalid length. [ 605.152127][T10891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1482'. [ 605.587964][ T5914] usb 2-1: USB disconnect, device number 49 [ 605.718763][ T5890] usb 5-1: new full-speed USB device number 55 using dummy_hcd [ 605.880086][ T5890] usb 5-1: unable to get BOS descriptor or descriptor too short [ 605.918126][ T5890] usb 5-1: not running at top speed; connect to a high speed hub [ 605.932491][ T5890] usb 5-1: config 253 has an invalid interface number: 140 but max is 0 [ 605.945060][ T5890] usb 5-1: config 253 has an invalid descriptor of length 204, skipping remainder of the config [ 605.967848][ T5890] usb 5-1: config 253 has no interface number 0 [ 605.974140][ T5890] usb 5-1: config 253 interface 140 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 606.020972][ T5890] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=3e.5b [ 606.038024][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.052451][ T5890] usb 5-1: Product: syz [ 606.056814][ T5890] usb 5-1: Manufacturer: syz [ 606.061853][ T5890] usb 5-1: SerialNumber: syz [ 606.295084][ T5890] usbtest 5-1:253.140: couldn't get endpoints, -22 [ 606.302525][ T5890] usbtest 5-1:253.140: probe with driver usbtest failed with error -22 [ 606.336353][ T5890] usb 5-1: USB disconnect, device number 55 [ 606.992168][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 606.999915][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.022365][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.055563][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.084049][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.167206][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.186888][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.207934][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.215784][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.223704][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.231721][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.239551][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.249864][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.258601][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.266354][ T5824] hid-generic 00A0:0008:0003.0007: unknown main item tag 0x0 [ 607.725601][ T5824] hid-generic 00A0:0008:0003.0007: hidraw0: HID v0.05 Device [syz1] on syz0 [ 608.628754][ T10] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 608.812578][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 608.893157][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024 [ 609.084125][ T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024 [ 609.214151][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 609.436877][ T10] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 609.566163][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.689326][ T10] usb 4-1: Product: syz [ 609.693537][ T10] usb 4-1: Manufacturer: syz [ 609.767834][ T10] usb 4-1: SerialNumber: syz [ 609.829091][ T10] usb 4-1: config 0 descriptor?? [ 609.837245][T10932] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 609.940985][ T10] port100 4-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 610.094966][ T10] usb 4-1: USB disconnect, device number 43 [ 610.507828][ T917] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 610.644650][T10954] syzkaller0: entered promiscuous mode [ 610.785912][T10954] syzkaller0: entered allmulticast mode [ 611.458781][ T917] usb 2-1: Using ep0 maxpacket: 16 [ 611.475501][ T917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 611.488730][T10961] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1505'. [ 611.522965][ T917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 611.535977][ T917] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 611.549656][ T917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.877313][ T917] usb 2-1: config 0 descriptor?? [ 611.998962][ T5914] usb 4-1: new full-speed USB device number 44 using dummy_hcd [ 612.182152][T10950] Illegal XDP return value 154 on prog (id 416) dev N/A, expect packet loss! [ 612.507079][ T5914] usb 4-1: unable to get BOS descriptor or descriptor too short [ 612.521767][ T5914] usb 4-1: not running at top speed; connect to a high speed hub [ 612.545734][ T5914] usb 4-1: config 253 has an invalid interface number: 140 but max is 0 [ 612.563324][T10974] loop6: detected capacity change from 0 to 524287999 [ 612.564661][ T5914] usb 4-1: config 253 has an invalid descriptor of length 204, skipping remainder of the config [ 612.589466][ T5914] usb 4-1: config 253 has no interface number 0 [ 612.595595][T10974] FAULT_INJECTION: forcing a failure. [ 612.595595][T10974] name failslab, interval 1, probability 0, space 0, times 0 [ 612.595990][ T5914] usb 4-1: config 253 interface 140 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 612.622579][T10974] CPU: 1 UID: 0 PID: 10974 Comm: syz.4.1510 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 612.622603][T10974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 612.622617][T10974] Call Trace: [ 612.622624][T10974] [ 612.622632][T10974] dump_stack_lvl+0x189/0x250 [ 612.622663][T10974] ? __pfx____ratelimit+0x10/0x10 [ 612.622688][T10974] ? __pfx_dump_stack_lvl+0x10/0x10 [ 612.622712][T10974] ? __pfx__printk+0x10/0x10 [ 612.622733][T10974] ? __pfx___might_resched+0x10/0x10 [ 612.622765][T10974] ? fs_reclaim_acquire+0x7d/0x100 [ 612.622793][T10974] should_fail_ex+0x414/0x560 [ 612.622819][T10974] should_failslab+0xa8/0x100 [ 612.622841][T10974] __kmalloc_noprof+0xcb/0x4f0 [ 612.622859][T10974] ? kfree+0x4d/0x440 [ 612.622874][T10974] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 612.622903][T10974] tomoyo_realpath_from_path+0xe3/0x5d0 [ 612.622929][T10974] ? tomoyo_domain+0xda/0x130 [ 612.622958][T10974] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 612.622978][T10974] tomoyo_path_number_perm+0x1e8/0x5a0 [ 612.623001][T10974] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 612.623036][T10974] ? __lock_acquire+0xab9/0xd20 [ 612.623075][T10974] ? __fget_files+0x2a/0x420 [ 612.623099][T10974] ? __fget_files+0x2a/0x420 [ 612.623119][T10974] ? __fget_files+0x3a0/0x420 [ 612.623139][T10974] ? __fget_files+0x2a/0x420 [ 612.623164][T10974] security_file_ioctl+0xcb/0x2d0 [ 612.623188][T10974] __se_sys_ioctl+0x47/0x170 [ 612.623207][T10974] do_syscall_64+0xfa/0x3b0 [ 612.623222][T10974] ? lockdep_hardirqs_on+0x9c/0x150 [ 612.623245][T10974] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.623261][T10974] ? clear_bhb_loop+0x60/0xb0 [ 612.623281][T10974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.623296][T10974] RIP: 0033:0x7f8f95f8e929 [ 612.623311][T10974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.623326][T10974] RSP: 002b:00007f8f96e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 612.623343][T10974] RAX: ffffffffffffffda RBX: 00007f8f961b5fa0 RCX: 00007f8f95f8e929 [ 612.623355][T10974] RDX: 00002000000000c0 RSI: 0000000000004c04 RDI: 0000000000000006 [ 612.623365][T10974] RBP: 00007f8f96e5d090 R08: 0000000000000000 R09: 0000000000000000 [ 612.623375][T10974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 612.623384][T10974] R13: 0000000000000000 R14: 00007f8f961b5fa0 R15: 00007ffcc15957c8 [ 612.623410][T10974] [ 612.623495][T10974] ERROR: Out of memory at tomoyo_realpath_from_path. [ 612.805049][ T5914] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=3e.5b [ 613.062835][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.071087][ T5914] usb 4-1: Product: syz [ 613.075277][ T5914] usb 4-1: Manufacturer: syz [ 613.080105][ T5914] usb 4-1: SerialNumber: syz [ 613.340584][ T5914] usbtest 4-1:253.140: couldn't get endpoints, -22 [ 613.347376][ T5914] usbtest 4-1:253.140: probe with driver usbtest failed with error -22 [ 613.366791][ T5914] usb 4-1: USB disconnect, device number 44 [ 613.435100][ T917] konepure 0003:1E7D:2DB4.0008: item fetching failed at offset 0/4 [ 613.447381][ T917] konepure 0003:1E7D:2DB4.0008: parse failed [ 613.454033][ T917] konepure 0003:1E7D:2DB4.0008: probe with driver konepure failed with error -22 [ 613.529659][ T10] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 613.643978][ T5914] usb 2-1: USB disconnect, device number 50 [ 613.689404][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 613.714275][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9 [ 613.725854][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024 [ 613.739868][ T10] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 613.749480][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.758037][ T10] usb 5-1: Product: syz [ 613.762360][ T10] usb 5-1: Manufacturer: syz [ 613.767095][ T10] usb 5-1: SerialNumber: syz [ 613.774773][ T10] usb 5-1: config 0 descriptor?? [ 613.793652][ T10] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 614.027083][T10980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 614.049342][T10980] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 614.514299][ T5972] usb 5-1: Failed to submit usb control message: -71 [ 614.514752][ T5914] usb 5-1: USB disconnect, device number 56 [ 614.537744][ T5972] usb 5-1: unable to send the bmi data to the device: -71 [ 614.547409][ T5972] usb 5-1: unable to get target info from device [ 614.556263][ T5972] usb 5-1: could not get target info (-71) [ 614.563135][ T5972] usb 5-1: could not probe fw (-71) [ 614.677719][ T5937] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 614.839587][ T5937] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 614.863959][ T5937] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 614.878418][ T5937] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 614.887606][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.914440][T10987] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 614.917762][ T5889] usb 3-1: new full-speed USB device number 43 using dummy_hcd [ 614.935558][ T5937] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 615.099635][ T5889] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 615.144005][ T5889] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 615.288366][ T5889] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 615.308124][ T5914] usb 2-1: USB disconnect, device number 51 [ 615.390115][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.485982][ T5889] usb 3-1: Product: syz [ 615.542273][ T5889] usb 3-1: Manufacturer: syz [ 615.558755][T10987] loop6: detected capacity change from 0 to 524287999 [ 615.642083][ T5889] usb 3-1: SerialNumber: syz [ 616.158306][ T5889] usb 3-1: 0:2 : does not exist [ 616.170254][ T5889] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 616.232368][ T5889] usb 3-1: USB disconnect, device number 43 [ 616.675386][T11019] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 616.685295][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 616.685311][ T30] audit: type=1326 audit(1749722899.754:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 616.713182][T11019] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 616.800914][T11022] hub 8-0:1.0: USB hub found [ 616.807574][T11022] hub 8-0:1.0: 1 port detected [ 617.271563][ T30] audit: type=1326 audit(1749722899.754:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 617.293028][ C0] vkms_vblank_simulate: vblank timer overrun [ 617.300357][ T30] audit: type=1326 audit(1749722899.754:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 617.326751][ T30] audit: type=1326 audit(1749722899.754:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 617.351474][ T30] audit: type=1326 audit(1749722899.754:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 617.373074][ C0] vkms_vblank_simulate: vblank timer overrun [ 617.382220][ T30] audit: type=1326 audit(1749722899.754:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 617.413086][ T30] audit: type=1326 audit(1749722899.754:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 617.490898][T11029] sctp: [Deprecated]: syz.0.1525 (pid 11029) Use of struct sctp_assoc_value in delayed_ack socket option. [ 617.490898][T11029] Use struct sctp_sack_info instead [ 617.517854][ T30] audit: type=1326 audit(1749722899.754:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 617.525610][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805707a400: rx timeout, send abort [ 617.549702][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805707a800: rx timeout, send abort [ 617.568193][ T30] audit: type=1326 audit(1749722899.754:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 617.594556][ T30] audit: type=1326 audit(1749722899.754:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11018 comm="syz.1.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 618.048784][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805707a400: abort rx timeout. Force session deactivation [ 618.061543][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805707a800: abort rx timeout. Force session deactivation [ 618.643021][T11046] program syz.3.1531 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 618.727728][ T5889] usb 3-1: new full-speed USB device number 44 using dummy_hcd [ 619.518988][T11050] FAULT_INJECTION: forcing a failure. [ 619.518988][T11050] name failslab, interval 1, probability 0, space 0, times 0 [ 619.541705][ T5889] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 619.544922][T11050] CPU: 1 UID: 0 PID: 11050 Comm: syz.4.1532 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 619.544951][T11050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 619.544964][T11050] Call Trace: [ 619.544973][T11050] [ 619.544985][T11050] dump_stack_lvl+0x189/0x250 [ 619.545022][T11050] ? __pfx____ratelimit+0x10/0x10 [ 619.545054][T11050] ? __pfx_dump_stack_lvl+0x10/0x10 [ 619.545084][T11050] ? __pfx__printk+0x10/0x10 [ 619.545109][T11050] ? __pfx___might_resched+0x10/0x10 [ 619.545138][T11050] ? fs_reclaim_acquire+0x7d/0x100 [ 619.545174][T11050] should_fail_ex+0x414/0x560 [ 619.545205][T11050] should_failslab+0xa8/0x100 [ 619.545235][T11050] __kmalloc_noprof+0xcb/0x4f0 [ 619.545259][T11050] ? tomoyo_encode+0x28b/0x550 [ 619.545294][T11050] tomoyo_encode+0x28b/0x550 [ 619.545331][T11050] tomoyo_realpath_from_path+0x58d/0x5d0 [ 619.545374][T11050] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 619.545401][T11050] tomoyo_path_number_perm+0x1e8/0x5a0 [ 619.545430][T11050] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 619.545452][T11050] ? rcu_is_watching+0x15/0xb0 [ 619.545484][T11050] ? trace_sched_exit_tp+0x38/0x120 [ 619.545510][T11050] ? __schedule+0x16c0/0x4cb0 [ 619.545550][T11050] ? __lock_acquire+0xab9/0xd20 [ 619.545599][T11050] ? __fget_files+0x2a/0x420 [ 619.545630][T11050] ? __fget_files+0x2a/0x420 [ 619.545655][T11050] ? __fget_files+0x3a0/0x420 [ 619.545680][T11050] ? __fget_files+0x2a/0x420 [ 619.545712][T11050] security_file_ioctl+0xcb/0x2d0 [ 619.545743][T11050] __se_sys_ioctl+0x47/0x170 [ 619.545768][T11050] do_syscall_64+0xfa/0x3b0 [ 619.545788][T11050] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.545808][T11050] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 619.545829][T11050] ? clear_bhb_loop+0x60/0xb0 [ 619.545860][T11050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.545879][T11050] RIP: 0033:0x7f8f95f8e929 [ 619.545898][T11050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 619.545916][T11050] RSP: 002b:00007f8f96e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 619.545938][T11050] RAX: ffffffffffffffda RBX: 00007f8f961b5fa0 RCX: 00007f8f95f8e929 [ 619.545953][T11050] RDX: 0000200000000340 RSI: 00000000c100565c RDI: 0000000000000003 [ 619.545966][T11050] RBP: 00007f8f96e5d090 R08: 0000000000000000 R09: 0000000000000000 [ 619.545980][T11050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 619.545992][T11050] R13: 0000000000000000 R14: 00007f8f961b5fa0 R15: 00007ffcc15957c8 [ 619.546027][T11050] [ 619.546706][T11050] ERROR: Out of memory at tomoyo_realpath_from_path. [ 619.552466][ T5889] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 620.028719][ T5889] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 620.038540][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.083563][ T5889] usb 3-1: config 0 descriptor?? [ 620.204510][ T5889] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 620.217229][ T5889] dvb-usb: bulk message failed: -22 (3/0) [ 620.229352][ T5889] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 620.238625][ T5889] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 620.245723][ T5889] usb 3-1: media controller created [ 620.251707][ T10] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 620.263340][ T5889] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 620.275672][ T5889] dvb-usb: bulk message failed: -22 (6/0) [ 620.281753][ T5889] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 620.292400][ T5889] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input46 [ 620.297813][ T5937] usb 4-1: new full-speed USB device number 45 using dummy_hcd [ 620.306161][ T5889] dvb-usb: schedule remote query interval to 150 msecs. [ 620.365242][ T5889] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 620.409412][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 620.420645][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 620.433435][ T10] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 620.455328][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 620.474136][ T10] usb 5-1: config 0 descriptor?? [ 620.517009][ T5937] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 620.517804][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 620.542195][ T5889] dvb-usb: error while querying for an remote control event. [ 620.549620][ T5937] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 620.552966][ T5937] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 620.603211][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.611491][ T5937] usb 4-1: Product: syz [ 620.616153][ T5937] usb 4-1: Manufacturer: syz [ 620.621954][ T5937] usb 4-1: SerialNumber: syz [ 620.654972][T11068] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1540'. [ 621.033743][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 621.525448][ T5889] dvb-usb: error while querying for an remote control event. [ 621.607261][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 621.613460][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 621.628258][ T10] usb 5-1: USB disconnect, device number 57 [ 621.702920][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 621.713128][ T5937] usb 4-1: 0:2 : does not exist [ 621.717614][ T5889] dvb-usb: error while querying for an remote control event. [ 621.729939][ T5937] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 622.338245][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 622.344132][ T5889] dvb-usb: error while querying for an remote control event. [ 622.385625][ T5937] usb 4-1: USB disconnect, device number 45 [ 622.507734][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 622.514810][ T5889] dvb-usb: error while querying for an remote control event. [ 622.671305][ T5889] usb 3-1: USB disconnect, device number 44 [ 622.723881][ T5889] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 624.348546][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.355899][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.258445][ T5937] usb 2-1: new full-speed USB device number 52 using dummy_hcd [ 625.554178][ T5937] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 625.625930][ T5937] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 625.662939][ T5937] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 625.677761][ T5937] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.700792][ T5937] usb 2-1: Product: syz [ 625.705592][T11112] dlm: no local IP address has been set [ 625.711303][T11112] dlm: cannot start dlm midcomms -107 [ 625.758445][ T5937] usb 2-1: Manufacturer: syz [ 625.763106][ T5937] usb 2-1: SerialNumber: syz [ 625.857711][ T10] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 626.020514][ T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 626.045781][ T5937] usb 2-1: 0:2 : does not exist [ 626.054433][ T5937] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 626.064362][ T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 626.086065][ T10] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 626.088066][ T5937] usb 2-1: USB disconnect, device number 52 [ 626.178305][T11127] syz.4.1558: attempt to access beyond end of device [ 626.178305][T11127] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 626.689728][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.827686][ T10] usb 3-1: config 0 descriptor?? [ 626.869271][ T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 626.875932][ T10] dvb-usb: bulk message failed: -22 (3/0) [ 627.298435][ T10] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 627.318542][ T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 627.460121][ T10] usb 3-1: media controller created [ 627.638623][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 627.658920][ T10] dvb-usb: bulk message failed: -22 (6/0) [ 628.320946][ T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 628.459434][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input48 [ 628.533019][ T10] dvb-usb: schedule remote query interval to 150 msecs. [ 628.549692][ T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 628.707886][ T10] dvb-usb: bulk message failed: -22 (1/0) [ 629.163035][ T10] dvb-usb: error while querying for an remote control event. [ 629.732886][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 629.738749][ T5889] dvb-usb: error while querying for an remote control event. [ 629.916928][ T10] dvb-usb: bulk message failed: -22 (1/0) [ 629.966089][ T10] dvb-usb: error while querying for an remote control event. [ 630.218409][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 630.280447][ T5889] dvb-usb: error while querying for an remote control event. [ 630.470554][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 630.474612][ T5937] usb 3-1: USB disconnect, device number 45 [ 631.459924][ T5889] dvb-usb: error while querying for an remote control event. [ 631.532927][ T5937] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 632.051522][T11180] syz.4.1571: attempt to access beyond end of device [ 632.051522][T11180] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0 [ 632.793734][T11183] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 632.795284][T11183] syzkaller1: linktype set to 1 [ 633.146369][T11189] FAULT_INJECTION: forcing a failure. [ 633.146369][T11189] name (null), interval 1, probability 0, space 0, times 1 [ 633.158888][T11189] CPU: 1 UID: 0 PID: 11189 Comm: syz.2.1575 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 633.158911][T11189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 633.158923][T11189] Call Trace: [ 633.158930][T11189] [ 633.158938][T11189] dump_stack_lvl+0x189/0x250 [ 633.158969][T11189] ? __pfx____ratelimit+0x10/0x10 [ 633.158997][T11189] ? __pfx_dump_stack_lvl+0x10/0x10 [ 633.159024][T11189] ? __pfx__printk+0x10/0x10 [ 633.159043][T11189] ? blk_mq_get_tag+0x90c/0xaa0 [ 633.159073][T11189] should_fail_ex+0x414/0x560 [ 633.159102][T11189] null_queue_rq+0x34c/0xe30 [ 633.159140][T11189] null_queue_rqs+0x123/0x270 [ 633.159169][T11189] ? blk_mq_dispatch_queue_requests+0x11a/0x800 [ 633.159215][T11189] blk_mq_dispatch_queue_requests+0x417/0x800 [ 633.159250][T11189] blk_mq_flush_plug_list+0x432/0x550 [ 633.159292][T11189] ? trace_block_plug+0x7a/0x1f0 [ 633.159311][T11189] ? blk_add_rq_to_plug+0x300/0x450 [ 633.159339][T11189] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 633.159364][T11189] ? blk_mq_submit_bio+0xbd3/0x22d0 [ 633.159399][T11189] __blk_flush_plug+0x3d3/0x4b0 [ 633.159433][T11189] ? __pfx___blk_flush_plug+0x10/0x10 [ 633.159470][T11189] __submit_bio+0x2d3/0x5a0 [ 633.159497][T11189] ? ktime_get+0x3e/0x1f0 [ 633.159512][T11189] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 633.159531][T11189] ? __pfx___submit_bio+0x10/0x10 [ 633.159565][T11189] ? blk_cgroup_bio_start+0x59d/0x640 [ 633.159611][T11189] submit_bio_noacct_nocheck+0x505/0xb50 [ 633.159636][T11189] ? bio_add_page+0x286/0x560 [ 633.159661][T11189] ? iov_iter_revert+0x1e1/0x5f0 [ 633.159694][T11189] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 633.159725][T11189] ? submit_bio_noacct+0xd65/0x1a70 [ 633.159763][T11189] submit_bio_wait+0x104/0x200 [ 633.159787][T11189] ? __pfx_submit_bio_wait+0x10/0x10 [ 633.159824][T11189] ? bio_init+0x11d/0x250 [ 633.159847][T11189] blkdev_direct_IO+0x1098/0x16f0 [ 633.159876][T11189] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 633.159903][T11189] ? __pfx_current_time+0x10/0x10 [ 633.159936][T11189] ? __pfx_submit_bio_wait_endio+0x10/0x10 [ 633.159971][T11189] ? touch_atime+0xf1/0x6d0 [ 633.160002][T11189] ? kiocb_write_and_wait+0xad/0x1b0 [ 633.160026][T11189] blkdev_read_iter+0x23d/0x440 [ 633.160053][T11189] do_iter_readv_writev+0x56b/0x7f0 [ 633.160080][T11189] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 633.160114][T11189] ? bpf_lsm_file_permission+0x9/0x20 [ 633.160137][T11189] ? security_file_permission+0x75/0x290 [ 633.160163][T11189] ? rw_verify_area+0x258/0x650 [ 633.160188][T11189] vfs_readv+0x253/0x850 [ 633.160220][T11189] ? __pfx_vfs_readv+0x10/0x10 [ 633.160264][T11189] ? __fget_files+0x2a/0x420 [ 633.160292][T11189] ? __fget_files+0x3a0/0x420 [ 633.160314][T11189] ? __fget_files+0x2a/0x420 [ 633.160347][T11189] __se_sys_preadv2+0x179/0x290 [ 633.160372][T11189] ? __pfx___se_sys_preadv2+0x10/0x10 [ 633.160393][T11189] ? rcu_is_watching+0x15/0xb0 [ 633.160425][T11189] ? do_syscall_64+0xbe/0x3b0 [ 633.160440][T11189] ? __x64_sys_preadv2+0x20/0xc0 [ 633.160465][T11189] do_syscall_64+0xfa/0x3b0 [ 633.160480][T11189] ? lockdep_hardirqs_on+0x9c/0x150 [ 633.160507][T11189] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.160525][T11189] ? clear_bhb_loop+0x60/0xb0 [ 633.160553][T11189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 633.160570][T11189] RIP: 0033:0x7fd92cd8e929 [ 633.160586][T11189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 633.160602][T11189] RSP: 002b:00007fd92dcb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 633.160621][T11189] RAX: ffffffffffffffda RBX: 00007fd92cfb6080 RCX: 00007fd92cd8e929 [ 633.160635][T11189] RDX: 0000000000000002 RSI: 0000200000000080 RDI: 0000000000000009 [ 633.160646][T11189] RBP: 00007fd92dcb0090 R08: 0000000000000000 R09: 0000000000000000 [ 633.160657][T11189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 633.160667][T11189] R13: 0000000000000000 R14: 00007fd92cfb6080 R15: 00007fffe5a64588 [ 633.160696][T11189] [ 633.560646][ C1] vkms_vblank_simulate: vblank timer overrun [ 634.078327][ T5889] usb 4-1: new full-speed USB device number 46 using dummy_hcd [ 634.251441][T11209] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 634.259939][ T5889] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 634.618048][ T5889] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 634.627025][ T5889] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 634.637734][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.660597][ T5889] usb 4-1: config 0 descriptor?? [ 634.675647][ T5889] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 634.686060][ T5889] dvb-usb: bulk message failed: -22 (3/0) [ 634.712480][ T5889] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 634.722177][ T5889] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 634.729653][ T5889] usb 4-1: media controller created [ 634.737319][ T5889] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 634.775990][ T5889] dvb-usb: bulk message failed: -22 (6/0) [ 634.782142][ T5889] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 635.189727][ T5889] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input49 [ 635.248135][ T5889] dvb-usb: schedule remote query interval to 150 msecs. [ 635.280626][ T5889] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 635.615387][T11226] syz.0.1587: attempt to access beyond end of device [ 635.615387][T11226] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 636.160702][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 636.166583][ T5889] dvb-usb: error while querying for an remote control event. [ 636.347737][ T5889] dvb-usb: bulk message failed: -22 (1/0) [ 636.347774][ T5889] dvb-usb: error while querying for an remote control event. [ 636.460068][ T5889] usb 4-1: USB disconnect, device number 46 [ 636.636815][ T5889] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 636.688883][T11236] block nbd1: shutting down sockets [ 636.967945][ T5889] usb 4-1: new low-speed USB device number 47 using dummy_hcd [ 637.132078][ T5889] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 637.143644][ T5889] usb 4-1: config 0 has no interface number 0 [ 637.150290][ T5889] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 637.163303][ T5889] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 637.446896][ T5889] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 638.084023][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.118106][ T5889] usb 4-1: config 0 descriptor?? [ 638.805729][ T5889] usb 4-1: can't set config #0, error -71 [ 638.823151][ T5889] usb 4-1: USB disconnect, device number 47 [ 638.829486][T11257] netlink: 'syz.2.1599': attribute type 39 has an invalid length. [ 638.851107][ T5914] usb 2-1: new full-speed USB device number 53 using dummy_hcd [ 639.001187][T11264] delete_channel: no stack [ 640.096546][ T5914] usb 2-1: unable to get BOS descriptor or descriptor too short [ 640.132023][T11266] ipvlan3: entered promiscuous mode [ 640.139718][T11266] bridge0: port 3(ipvlan3) entered blocking state [ 640.141584][ T10] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 640.146441][T11266] bridge0: port 3(ipvlan3) entered disabled state [ 640.256564][ T5914] usb 2-1: not running at top speed; connect to a high speed hub [ 640.279092][T11266] ipvlan3: entered allmulticast mode [ 640.284428][T11266] bridge0: entered allmulticast mode [ 640.292157][T11268] No such timeout policy "syz0" [ 640.356658][T11266] ipvlan3: left allmulticast mode [ 640.377820][ T5914] usb 2-1: config 253 has an invalid interface number: 140 but max is 0 [ 640.386305][ T5914] usb 2-1: config 253 has an invalid descriptor of length 204, skipping remainder of the config [ 640.404012][ T5914] usb 2-1: config 253 has no interface number 0 [ 640.408035][T11266] bridge0: left allmulticast mode [ 640.417729][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 640.422997][ T5914] usb 2-1: config 253 interface 140 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 640.447984][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 640.467826][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 640.481768][ T5914] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=3e.5b [ 640.497730][ T10] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 640.506954][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 640.527175][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.536614][ T5914] usb 2-1: Product: syz [ 640.540982][ T5914] usb 2-1: Manufacturer: syz [ 640.545621][ T5914] usb 2-1: SerialNumber: syz [ 640.560397][ T10] usb 5-1: config 0 descriptor?? [ 641.534877][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 641.637902][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 641.662602][ T5914] usbtest 2-1:253.140: couldn't get endpoints, -22 [ 641.671696][ T5914] usbtest 2-1:253.140: probe with driver usbtest failed with error -22 [ 641.680207][ T10] usb 5-1: USB disconnect, device number 58 [ 641.697990][ T5914] usb 2-1: USB disconnect, device number 53 [ 641.989706][T11286] dlm: no local IP address has been set [ 641.995552][T11286] dlm: cannot start dlm midcomms -107 [ 642.371002][T11294] netlink: 'syz.0.1612': attribute type 39 has an invalid length. [ 642.567909][ T978] usb 3-1: new full-speed USB device number 46 using dummy_hcd [ 642.740225][ T978] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 642.752798][ T978] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 642.762683][ T978] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 642.777917][ T978] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.402551][T11301] xt_CT: No such helper "pptp" [ 643.404794][ T978] usb 3-1: config 0 descriptor?? [ 643.538739][ T978] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 643.545419][ T978] dvb-usb: bulk message failed: -22 (3/0) [ 643.671053][ T978] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 643.759694][ T978] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 643.766914][ T978] usb 3-1: media controller created [ 643.777918][ T978] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 643.792550][ T978] dvb-usb: bulk message failed: -22 (6/0) [ 643.801286][T11311] No such timeout policy "syz0" [ 643.839872][ T978] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 643.887474][T11312] ipvlan2: entered promiscuous mode [ 643.899450][T11312] bridge0: port 3(ipvlan2) entered blocking state [ 643.933637][T11312] bridge0: port 3(ipvlan2) entered disabled state [ 643.933784][T11312] ipvlan2: entered allmulticast mode [ 643.933799][T11312] bridge0: entered allmulticast mode [ 643.937012][ T978] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input50 [ 643.940447][ T978] dvb-usb: schedule remote query interval to 150 msecs. [ 643.940466][ T978] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 643.953729][T11312] ipvlan2: left allmulticast mode [ 643.953747][T11312] bridge0: left allmulticast mode [ 644.097684][ T978] dvb-usb: bulk message failed: -22 (1/0) [ 644.097719][ T978] dvb-usb: error while querying for an remote control event. [ 644.193172][ T978] usb 3-1: USB disconnect, device number 46 [ 644.213945][ T978] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 644.413282][T11321] hub 8-0:1.0: USB hub found [ 644.414726][T11321] hub 8-0:1.0: 1 port detected [ 645.257843][ T978] usb 3-1: new low-speed USB device number 47 using dummy_hcd [ 650.073585][T11377] hub 8-0:1.0: USB hub found [ 650.074879][T11377] hub 8-0:1.0: 1 port detected [ 651.328566][ T5937] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 651.761634][ T5937] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 651.775473][T11392] No such timeout policy "syz0" [ 651.785091][ T5937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 651.796579][ T5937] usb 4-1: config 0 descriptor?? [ 651.811772][ T5937] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 651.978716][ T5914] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 652.141040][ T5914] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 652.150872][ T5914] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 652.164821][ T5914] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c [ 652.174013][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.182062][ T5914] usb 3-1: Product: syz [ 652.186266][ T5914] usb 3-1: Manufacturer: syz [ 652.191545][ T5914] usb 3-1: SerialNumber: syz [ 652.198927][ T5914] usb 3-1: config 0 descriptor?? [ 652.209361][ T5914] ims_pcu 3-1:0.0: Missing CDC union descriptor [ 652.215731][ T5914] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22 [ 652.216479][ T5937] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 652.247906][ T978] usb 2-1: new full-speed USB device number 54 using dummy_hcd [ 652.399480][ T978] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 652.409750][ T978] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 652.419368][ T917] usb 3-1: USB disconnect, device number 48 [ 652.431954][ T978] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 652.441765][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.449962][ T978] usb 2-1: Product: syz [ 652.454470][ T978] usb 2-1: Manufacturer: syz [ 652.459147][ T978] usb 2-1: SerialNumber: syz [ 652.633503][ T5937] gspca_cpia1: usb_control_msg 02, error -71 [ 652.639998][ T5937] gspca_cpia1: usb_control_msg 05, error -71 [ 652.646002][ T5937] cpia1 4-1:0.0: unexpected systemstate: 00 [ 652.654056][ T5937] usb 4-1: USB disconnect, device number 48 [ 652.673258][ T978] usb 2-1: 0:2 : does not exist [ 652.684945][ T978] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 652.707199][ T978] usb 2-1: USB disconnect, device number 54 [ 654.333946][ T978] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 654.418256][T11423] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1649'. [ 654.447220][T11426] xt_l2tp: v2 sid > 0xffff: 262144 [ 654.462029][T11426] mmap: syz.0.1650 (11426) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 654.517773][ T978] usb 4-1: Using ep0 maxpacket: 8 [ 654.542632][ T978] usb 4-1: config 1 interface 0 has no altsetting 0 [ 654.603670][T11430] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1651'. [ 654.840516][T11430] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 654.895376][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 654.895403][ T30] audit: type=1326 audit(1749723193.942:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11427 comm="syz.4.1651" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f95f8e929 code=0x0 [ 654.922900][ C1] vkms_vblank_simulate: vblank timer overrun [ 655.428733][ T978] usb 4-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40 [ 655.449661][ T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.457764][ T978] usb 4-1: Product: syz [ 655.461954][ T978] usb 4-1: Manufacturer: syz [ 655.466586][ T978] usb 4-1: SerialNumber: syz [ 655.967268][ T978] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input51 [ 656.208442][ T978] usb 4-1: USB disconnect, device number 49 [ 656.217734][ T5824] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 656.280954][ T978] appletouch 4-1:1.0: input: appletouch disconnected [ 656.363630][T11444] syzkaller1: entered promiscuous mode [ 656.369483][T11444] syzkaller1: entered allmulticast mode [ 656.377891][ T5824] usb 3-1: Using ep0 maxpacket: 16 [ 657.880307][ T10] usb 4-1: new full-speed USB device number 50 using dummy_hcd [ 658.050811][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 658.111176][ T978] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 659.100825][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 659.122716][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 659.136837][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.145118][ T10] usb 4-1: Product: syz [ 659.149915][ T10] usb 4-1: Manufacturer: syz [ 659.154536][ T10] usb 4-1: SerialNumber: syz [ 659.385226][ T5824] usb 3-1: unable to get BOS descriptor or descriptor too short [ 659.402226][ T978] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 659.402915][ T5824] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 659.417222][ T10] usb 4-1: 0:2 : does not exist [ 659.443106][ T5824] usb 3-1: can't read configurations, error -71 [ 659.534210][T11468] hub 8-0:1.0: USB hub found [ 659.540406][T11468] hub 8-0:1.0: 1 port detected [ 660.054420][ T978] usb 5-1: config 0 has no interfaces? [ 660.060276][ T978] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 660.069669][ T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.080961][ T10] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 660.098795][ T978] usb 5-1: config 0 descriptor?? [ 660.267066][T11476] FAULT_INJECTION: forcing a failure. [ 660.267066][T11476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 660.284116][ T10] usb 4-1: USB disconnect, device number 50 [ 660.321674][T11476] CPU: 0 UID: 0 PID: 11476 Comm: syz.1.1666 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 660.321705][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 660.321718][T11476] Call Trace: [ 660.321727][T11476] [ 660.321736][T11476] dump_stack_lvl+0x189/0x250 [ 660.321771][T11476] ? __pfx____ratelimit+0x10/0x10 [ 660.321804][T11476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 660.321835][T11476] ? __pfx__printk+0x10/0x10 [ 660.321857][T11476] ? __might_fault+0xb0/0x130 [ 660.321894][T11476] should_fail_ex+0x414/0x560 [ 660.321927][T11476] _copy_from_user+0x2d/0xb0 [ 660.321957][T11476] memdup_user+0x5e/0xd0 [ 660.321991][T11476] strndup_user+0x68/0xd0 [ 660.322023][T11476] __se_sys_mount+0xde/0x410 [ 660.322053][T11476] ? ksys_write+0x22a/0x250 [ 660.322079][T11476] ? __pfx___se_sys_mount+0x10/0x10 [ 660.322106][T11476] ? rcu_is_watching+0x15/0xb0 [ 660.322142][T11476] ? do_syscall_64+0xbe/0x3b0 [ 660.322171][T11476] ? __x64_sys_mount+0x20/0xc0 [ 660.322200][T11476] do_syscall_64+0xfa/0x3b0 [ 660.322217][T11476] ? lockdep_hardirqs_on+0x9c/0x150 [ 660.322245][T11476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.322265][T11476] ? clear_bhb_loop+0x60/0xb0 [ 660.322289][T11476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.322308][T11476] RIP: 0033:0x7f6818b8e929 [ 660.322326][T11476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 660.322343][T11476] RSP: 002b:00007f6819a9d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 660.322364][T11476] RAX: ffffffffffffffda RBX: 00007f6818db5fa0 RCX: 00007f6818b8e929 [ 660.322378][T11476] RDX: 0000200000000000 RSI: 0000200000000540 RDI: 0000200000000100 [ 660.322392][T11476] RBP: 00007f6819a9d090 R08: 0000200000000340 R09: 0000000000000000 [ 660.322423][T11476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 660.322436][T11476] R13: 0000000000000000 R14: 00007f6818db5fa0 R15: 00007ffe5e5d5568 [ 660.322469][T11476] [ 660.558568][T11477] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1665'. [ 662.359759][ T978] usb 5-1: USB disconnect, device number 59 [ 663.689577][ T5824] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 663.758208][T11513] syz.1.1669: attempt to access beyond end of device [ 663.758208][T11513] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 663.787762][ T5937] usb 4-1: new full-speed USB device number 51 using dummy_hcd [ 663.884803][ T5824] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 663.905725][ T5824] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 663.928182][ T5824] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 663.938887][ T5824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.946910][ T5824] usb 3-1: Product: syz [ 663.963042][ T5937] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 663.977734][ T5824] usb 3-1: Manufacturer: syz [ 663.982371][ T5824] usb 3-1: SerialNumber: syz [ 663.997677][ T5937] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 664.017986][ T5937] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 664.037661][ T5937] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.047656][ T5937] usb 4-1: Product: syz [ 664.051901][ T5937] usb 4-1: Manufacturer: syz [ 664.066685][ T5937] usb 4-1: SerialNumber: syz [ 664.182613][T11518] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1678'. [ 664.219619][ T5824] usb 3-1: 0:2 : does not exist [ 664.258331][ T5824] usb 3-1: USB disconnect, device number 51 [ 664.287540][ T5937] usb 4-1: 0:2 : does not exist [ 664.318144][ T5937] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 664.386843][ T5937] usb 4-1: USB disconnect, device number 51 [ 669.400607][T11598] erspan1: entered promiscuous mode [ 669.406010][T11598] erspan1: entered allmulticast mode [ 670.421204][T11608] overlayfs: failed to resolve './file0': -2 [ 670.493185][T11616] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1706'. [ 670.548334][T11617] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 671.652742][T11616] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1706'. [ 672.307786][T11643] lo speed is unknown, defaulting to 1000 [ 672.900858][ T5937] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 673.168219][ T978] usb 4-1: new full-speed USB device number 52 using dummy_hcd [ 673.707854][ T978] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 673.862844][ T978] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 673.992066][ T978] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 674.047812][ T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.097701][ T5937] usb 2-1: Using ep0 maxpacket: 32 [ 674.098810][ T978] usb 4-1: config 0 descriptor?? [ 674.110676][ T5937] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 674.119989][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.142920][ T5937] usb 2-1: config 0 descriptor?? [ 674.180127][ T978] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 674.184496][T11659] warning: `syz.0.1718' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 674.214766][ T978] dvb-usb: bulk message failed: -22 (3/0) [ 674.244910][ T978] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 674.270378][ T978] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 674.304486][ T978] usb 4-1: media controller created [ 674.316155][ T978] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 674.407309][T11662] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1719'. [ 674.510215][ T5937] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 674.532033][ T978] dvb-usb: bulk message failed: -22 (6/0) [ 674.606564][ T978] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 674.629703][T11650] dvb-usb: bulk message failed: -22 (29/0) [ 674.836705][ T978] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input54 [ 675.147638][ T978] dvb-usb: schedule remote query interval to 150 msecs. [ 675.230244][ T978] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 675.388501][ T5937] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 675.398987][ T5937] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 675.406198][ T5937] usb 2-1: media controller created [ 675.415424][ T10] dvb-usb: bulk message failed: -22 (1/0) [ 675.444570][ T5937] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 675.457837][ T10] dvb-usb: error while querying for an remote control event. [ 675.514717][ T5937] az6027: usb out operation failed. (-71) [ 675.539076][ T5937] az6027: usb out operation failed. (-71) [ 675.578083][ T5937] stb0899_attach: Driver disabled by Kconfig [ 675.584162][ T5937] az6027: no front-end attached [ 675.584162][ T5937] [ 675.633411][ T5937] az6027: usb out operation failed. (-71) [ 675.643478][ T5937] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 675.817846][ T10] dvb-usb: bulk message failed: -22 (1/0) [ 675.823662][ T10] dvb-usb: error while querying for an remote control event. [ 676.608205][ T5937] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input55 [ 676.679106][ T10] dvb-usb: bulk message failed: -22 (1/0) [ 676.686195][ T10] dvb-usb: error while querying for an remote control event. [ 676.703852][ T5937] dvb-usb: schedule remote query interval to 400 msecs. [ 676.977072][ T5937] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 677.253970][ T5937] usb 2-1: USB disconnect, device number 55 [ 677.289827][ T5824] usb 4-1: USB disconnect, device number 52 [ 677.583865][T11692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1724'. [ 678.075767][ T5937] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 678.085486][ T5824] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 678.289016][T11682] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 678.299035][T11682] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 678.300680][T11682] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 678.902434][T11713] hub 8-0:1.0: USB hub found [ 678.908853][T11713] hub 8-0:1.0: 1 port detected [ 679.056221][ T5824] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 679.279202][ T5824] usb 5-1: Using ep0 maxpacket: 32 [ 679.493026][T11715] overlayfs: missing 'workdir' [ 679.516285][ T5824] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9 [ 679.539743][ T5824] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024 [ 679.571107][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 679.683483][ T5824] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 679.695101][ T5824] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 679.703221][ T5824] usb 5-1: Product: syz [ 679.707419][ T5824] usb 5-1: Manufacturer: syz [ 679.712280][ T5824] usb 5-1: SerialNumber: syz [ 679.720784][ T5824] usb 5-1: config 0 descriptor?? [ 679.769211][ T5824] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 679.933585][T11722] syzkaller1: entered promiscuous mode [ 679.941413][T11705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 679.966565][T11722] syzkaller1: entered allmulticast mode [ 679.990884][T11705] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 680.358951][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 680.375499][ T5841] Bluetooth: hci3: command 0x0406 tx timeout [ 680.839572][ T13] usb 5-1: Failed to submit usb control message: -110 [ 680.857070][ T5937] usb 5-1: USB disconnect, device number 60 [ 680.883928][ T13] usb 5-1: unable to send the bmi data to the device: -110 [ 680.896169][ T13] usb 5-1: unable to get target info from device [ 680.947344][ T13] usb 5-1: could not get target info (-110) [ 680.953961][ T13] usb 5-1: could not probe fw (-110) [ 681.470727][ T5824] kernel read not supported for file /snd/controlC0 (pid: 5824 comm: kworker/1:3) [ 683.955034][T11765] random: crng reseeded on system resumption [ 684.046657][T11765] batman_adv: batadv0: Adding interface: ip6gretap1 [ 684.046777][T11765] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 684.046876][T11765] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 684.057678][ T5914] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 684.093225][T11765] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 684.093479][T11765] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 684.750918][ T5914] usb 3-1: Using ep0 maxpacket: 32 [ 684.877505][T11765] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 684.877534][T11765] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 684.953968][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9 [ 684.953994][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024 [ 684.957272][T11765] batman_adv: batadv0: Removing interface: ip6gretap1 [ 685.066343][ T5914] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 685.066378][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 685.066397][ T5914] usb 3-1: Product: syz [ 685.066413][ T5914] usb 3-1: Manufacturer: syz [ 685.066426][ T5914] usb 3-1: SerialNumber: syz [ 685.084144][ T5914] usb 3-1: config 0 descriptor?? [ 685.155971][ T5914] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 685.320042][T11757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 685.320446][T11757] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 685.324582][ T6000] usb 3-1: Failed to submit usb control message: -71 [ 685.324641][ T6000] usb 3-1: unable to send the bmi data to the device: -71 [ 685.324659][ T6000] usb 3-1: unable to get target info from device [ 685.324675][ T6000] usb 3-1: could not get target info (-71) [ 685.324702][ T6000] usb 3-1: could not probe fw (-71) [ 685.325154][ T5914] usb 3-1: USB disconnect, device number 52 [ 685.484324][T11777] batadv0: entered promiscuous mode [ 685.484497][T11777] macsec1: entered promiscuous mode [ 685.495585][T11777] batadv0: left promiscuous mode [ 685.723452][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.723541][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.526803][ T10] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 687.981088][ T30] audit: type=1326 audit(1749723739.059:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 688.391764][ T30] audit: type=1326 audit(1749723739.059:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 688.412683][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 688.678513][ T30] audit: type=1326 audit(1749723739.649:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 688.759892][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 688.777688][ T30] audit: type=1326 audit(1749723739.649:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 688.811026][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 688.831961][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 688.865740][ T10] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 688.903986][ T30] audit: type=1326 audit(1749723739.649:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 688.945389][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 688.970705][ T10] usb 5-1: config 0 descriptor?? [ 688.985794][ T30] audit: type=1326 audit(1749723739.649:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6818b8d290 code=0x7ffc0000 [ 689.065409][ T30] audit: type=1326 audit(1749723739.649:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f6818b90157 code=0x7ffc0000 [ 689.113378][T11811] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1759'. [ 689.234160][ T30] audit: type=1326 audit(1749723739.649:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6818b8e929 code=0x7ffc0000 [ 689.444571][ T30] audit: type=1326 audit(1749723739.649:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f6818b90157 code=0x7ffc0000 [ 689.656673][ T30] audit: type=1326 audit(1749723739.649:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11799 comm="syz.1.1755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f6818b8d58a code=0x7ffc0000 [ 689.775745][ T10] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 689.909371][T11815] random: crng reseeded on system resumption [ 690.050505][ T10] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 690.057547][ T10] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 690.064680][ T10] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 690.071803][ T10] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 690.082783][ T10] input: HID 0955:7214 Haptics as /devices/virtual/input/input57 [ 690.276990][ T10] shield 0003:0955:7214.0009: Registered Thunderstrike controller [ 690.326081][ T10] shield 0003:0955:7214.0009: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 691.203058][T11730] Bluetooth: hci5: command 0x1003 tx timeout [ 691.210533][ T5828] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 691.273874][ T978] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 691.292711][ T10] usb 5-1: USB disconnect, device number 61 [ 691.350676][ T978] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 691.444972][ T978] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 691.805694][ T978] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 694.997836][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 694.997858][ T30] audit: type=1326 audit(1749724002.064:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 695.025553][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.048970][ T30] audit: type=1326 audit(1749724002.064:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 695.073516][ T30] audit: type=1326 audit(1749724002.074:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 695.108810][T11861] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 695.124136][ T30] audit: type=1326 audit(1749724002.074:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 695.161690][ T30] audit: type=1326 audit(1749724002.074:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9c5138d290 code=0x7ffc0000 [ 695.184085][ T30] audit: type=1326 audit(1749724002.074:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f9c51390157 code=0x7ffc0000 [ 695.207147][ T30] audit: type=1326 audit(1749724002.074:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 695.234516][ T30] audit: type=1326 audit(1749724002.114:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f9c51390157 code=0x7ffc0000 [ 695.263467][ T30] audit: type=1326 audit(1749724002.114:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f9c5138d58a code=0x7ffc0000 [ 695.289814][ T30] audit: type=1326 audit(1749724002.114:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11858 comm="syz.0.1772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 695.435634][ T917] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 695.627803][ T917] usb 4-1: device descriptor read/64, error -71 [ 695.951925][ T917] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 696.767840][ T917] usb 4-1: device descriptor read/64, error -71 [ 697.269550][T11885] No such timeout policy "syz0" [ 697.278318][ T917] usb usb4-port1: attempt power cycle [ 697.458997][T11893] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 697.471225][T11893] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 697.487088][T11893] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 697.498581][T11893] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 697.785366][T11904] tipc: Started in network mode [ 697.801746][T11904] tipc: Node identity 4, cluster identity 4711 [ 697.813917][ T5937] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 697.822205][ T917] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 697.842283][T11904] tipc: Node number set to 4 [ 697.858322][ T917] usb 4-1: device descriptor read/8, error -71 [ 697.989411][ T5937] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 698.001917][ T5937] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 698.092415][ T5937] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 698.101850][ T917] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 698.122474][ T5937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 698.157386][ T917] usb 4-1: device descriptor read/8, error -71 [ 698.168907][ T5937] usb 2-1: SerialNumber: syz [ 698.313972][ T978] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 698.547933][ T978] usb 5-1: Using ep0 maxpacket: 16 [ 698.706647][ T978] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 698.777504][ T917] usb usb4-port1: unable to enumerate USB device [ 698.909456][ T978] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 698.918881][ T978] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 698.928023][ T978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 698.939296][ T978] usb 5-1: config 0 descriptor?? [ 698.999175][ T5937] usb 2-1: 0:2 : does not exist [ 699.007289][ T5937] usb 2-1: unit 5 not found! [ 699.027150][ T5937] usb 2-1: USB disconnect, device number 56 [ 699.080654][T11925] binder: 11924:11925 ioctl c0306201 200000000480 returned -22 [ 699.154918][ T978] usb 5-1: USB disconnect, device number 62 [ 699.263562][T11928] No such timeout policy "syz0" [ 700.337778][ T978] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 701.382869][T11956] xt_l2tp: missing protocol rule (udp|l2tpip) [ 701.448548][ T978] usb 2-1: Using ep0 maxpacket: 8 [ 701.886130][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 701.886149][ T30] audit: type=1326 audit(1749724008.964:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11957 comm="syz.0.1804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 701.926822][ T978] usb 2-1: config 5 has an invalid interface number: 35 but max is 1 [ 701.940047][ T978] usb 2-1: config 5 has an invalid interface number: 4 but max is 1 [ 701.958959][ T978] usb 2-1: config 5 has an invalid interface number: 4 but max is 1 [ 701.967189][ T978] usb 2-1: config 5 has no interface number 0 [ 702.020743][ T978] usb 2-1: config 5 has no interface number 1 [ 702.026989][ T978] usb 2-1: config 5 interface 35 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 702.049332][ T30] audit: type=1326 audit(1749724008.964:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11957 comm="syz.0.1804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 702.071058][ T30] audit: type=1326 audit(1749724008.994:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11957 comm="syz.0.1804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 702.093498][ T30] audit: type=1326 audit(1749724008.994:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11957 comm="syz.0.1804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 702.115524][ T30] audit: type=1326 audit(1749724008.994:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11957 comm="syz.0.1804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 702.164911][ T30] audit: type=1326 audit(1749724008.994:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11957 comm="syz.0.1804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 702.207718][ T978] usb 2-1: config 5 interface 4 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 7 [ 702.237611][ T978] usb 2-1: config 5 interface 35 has no altsetting 0 [ 702.247648][ T978] usb 2-1: config 5 interface 4 has no altsetting 0 [ 702.254289][ T978] usb 2-1: config 5 interface 4 has no altsetting 1 [ 702.281672][ T978] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b [ 702.291225][ T30] audit: type=1326 audit(1749724008.994:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11957 comm="syz.0.1804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 702.300993][ T978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 702.384465][ T978] usb 2-1: Product: syz [ 702.403837][ T30] audit: type=1326 audit(1749724008.994:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11957 comm="syz.0.1804" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 702.438728][ T978] usb 2-1: Manufacturer: syz [ 702.443359][ T978] usb 2-1: SerialNumber: syz [ 702.453504][T11968] No such timeout policy "syz0" [ 702.869835][T11976] Bluetooth: hci5: Frame reassembly failed (-84) [ 702.910190][ T49] Bluetooth: hci5: Frame reassembly failed (-84) [ 703.499157][ T978] ttusbir 2-1:5.35: cannot find expected altsetting [ 703.630939][ T978] ttusbir 2-1:5.4: cannot find expected altsetting [ 703.653726][ T978] usb 2-1: USB disconnect, device number 57 [ 703.952961][T11992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1813'. [ 703.962007][T11992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1813'. [ 704.919365][T11730] Bluetooth: hci5: command 0x1003 tx timeout [ 704.936203][ T5828] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 706.582227][T12007] xt_l2tp: missing protocol rule (udp|l2tpip) [ 708.590395][T12028] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1824'. [ 708.677931][T12029] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1824'. [ 708.742633][T12040] netlink: 'syz.3.1825': attribute type 1 has an invalid length. [ 708.770332][T12038] FAULT_INJECTION: forcing a failure. [ 708.770332][T12038] name failslab, interval 1, probability 0, space 0, times 0 [ 708.787520][T12038] CPU: 1 UID: 0 PID: 12038 Comm: syz.2.1828 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 708.787551][T12038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 708.787569][T12038] Call Trace: [ 708.787578][T12038] [ 708.787594][T12038] dump_stack_lvl+0x189/0x250 [ 708.787633][T12038] ? __pfx____ratelimit+0x10/0x10 [ 708.787667][T12038] ? __pfx_dump_stack_lvl+0x10/0x10 [ 708.787699][T12038] ? __pfx__printk+0x10/0x10 [ 708.787723][T12038] ? __pfx___might_resched+0x10/0x10 [ 708.787756][T12038] ? fs_reclaim_acquire+0x7d/0x100 [ 708.787792][T12038] should_fail_ex+0x414/0x560 [ 708.787826][T12038] should_failslab+0xa8/0x100 [ 708.787858][T12038] __kmalloc_noprof+0xcb/0x4f0 [ 708.787883][T12038] ? tomoyo_encode+0x28b/0x550 [ 708.787921][T12038] tomoyo_encode+0x28b/0x550 [ 708.787961][T12038] tomoyo_realpath_from_path+0x58d/0x5d0 [ 708.788008][T12038] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 708.788036][T12038] tomoyo_path_number_perm+0x1e8/0x5a0 [ 708.788067][T12038] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 708.788115][T12038] ? __lock_acquire+0xab9/0xd20 [ 708.788168][T12038] ? __fget_files+0x2a/0x420 [ 708.788201][T12038] ? __fget_files+0x2a/0x420 [ 708.788229][T12038] ? __fget_files+0x3a0/0x420 [ 708.788257][T12038] ? __fget_files+0x2a/0x420 [ 708.788290][T12038] security_file_ioctl+0xcb/0x2d0 [ 708.788322][T12038] __se_sys_ioctl+0x47/0x170 [ 708.788349][T12038] do_syscall_64+0xfa/0x3b0 [ 708.788368][T12038] ? lockdep_hardirqs_on+0x9c/0x150 [ 708.788400][T12038] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.788422][T12038] ? clear_bhb_loop+0x60/0xb0 [ 708.788459][T12038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 708.788477][T12038] RIP: 0033:0x7fd92cd8e929 [ 708.788493][T12038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 708.788510][T12038] RSP: 002b:00007fd92dcd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 708.788531][T12038] RAX: ffffffffffffffda RBX: 00007fd92cfb5fa0 RCX: 00007fd92cd8e929 [ 708.788544][T12038] RDX: 0000000000000000 RSI: 000000000000541b RDI: 0000000000000003 [ 708.788555][T12038] RBP: 00007fd92dcd1090 R08: 0000000000000000 R09: 0000000000000000 [ 708.788567][T12038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 708.788578][T12038] R13: 0000000000000000 R14: 00007fd92cfb5fa0 R15: 00007fffe5a64588 [ 708.788613][T12038] [ 709.043032][T12038] ERROR: Out of memory at tomoyo_realpath_from_path. [ 709.052925][T12042] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1825'. [ 709.766460][ T30] audit: type=1800 audit(1749724016.824:583): pid=12046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1829" name="/" dev="fuse" ino=1 res=0 errno=0 [ 709.802438][T12049] FAULT_INJECTION: forcing a failure. [ 709.802438][T12049] name failslab, interval 1, probability 0, space 0, times 0 [ 709.816919][T12049] CPU: 1 UID: 0 PID: 12049 Comm: syz.2.1830 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 709.816948][T12049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 709.816961][T12049] Call Trace: [ 709.816969][T12049] [ 709.816977][T12049] dump_stack_lvl+0x189/0x250 [ 709.817013][T12049] ? __pfx____ratelimit+0x10/0x10 [ 709.817044][T12049] ? __pfx_dump_stack_lvl+0x10/0x10 [ 709.817075][T12049] ? __pfx__printk+0x10/0x10 [ 709.817099][T12049] ? __pfx___might_resched+0x10/0x10 [ 709.817129][T12049] ? fs_reclaim_acquire+0x7d/0x100 [ 709.817170][T12049] should_fail_ex+0x414/0x560 [ 709.817203][T12049] should_failslab+0xa8/0x100 [ 709.817250][T12049] __kmalloc_noprof+0xcb/0x4f0 [ 709.817284][T12049] ? tomoyo_encode+0x28b/0x550 [ 709.817320][T12049] tomoyo_encode+0x28b/0x550 [ 709.817358][T12049] tomoyo_realpath_from_path+0x58d/0x5d0 [ 709.817404][T12049] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 709.817431][T12049] tomoyo_path_number_perm+0x1e8/0x5a0 [ 709.817462][T12049] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 709.817508][T12049] ? __lock_acquire+0xab9/0xd20 [ 709.817565][T12049] ? __fget_files+0x2a/0x420 [ 709.817605][T12049] ? __fget_files+0x2a/0x420 [ 709.817632][T12049] ? __fget_files+0x3a0/0x420 [ 709.817659][T12049] ? __fget_files+0x2a/0x420 [ 709.817692][T12049] security_file_ioctl+0xcb/0x2d0 [ 709.817723][T12049] __se_sys_ioctl+0x47/0x170 [ 709.817749][T12049] do_syscall_64+0xfa/0x3b0 [ 709.817767][T12049] ? lockdep_hardirqs_on+0x9c/0x150 [ 709.817798][T12049] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.817818][T12049] ? clear_bhb_loop+0x60/0xb0 [ 709.817845][T12049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 709.817865][T12049] RIP: 0033:0x7fd92cd8e929 [ 709.817884][T12049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 709.817902][T12049] RSP: 002b:00007fd92dcd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 709.817924][T12049] RAX: ffffffffffffffda RBX: 00007fd92cfb5fa0 RCX: 00007fd92cd8e929 [ 709.817939][T12049] RDX: 0000200000000380 RSI: 00000000c03864bc RDI: 0000000000000003 [ 709.817953][T12049] RBP: 00007fd92dcd1090 R08: 0000000000000000 R09: 0000000000000000 [ 709.817967][T12049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 709.817979][T12049] R13: 0000000000000000 R14: 00007fd92cfb5fa0 R15: 00007fffe5a64588 [ 709.818013][T12049] [ 709.827244][ T30] audit: type=1804 audit(1749724016.834:584): pid=12048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.1829" name="/newroot/355/file1" dev="fuse" ino=1 res=1 errno=0 [ 709.835979][T12049] ERROR: Out of memory at tomoyo_realpath_from_path. [ 709.867503][ T30] audit: type=1800 audit(1749724016.844:585): pid=12048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1829" name="/" dev="fuse" ino=1 res=0 errno=0 [ 711.208440][T12070] netlink: 'syz.0.1838': attribute type 2 has an invalid length. [ 711.219186][T12071] netlink: 'syz.0.1838': attribute type 2 has an invalid length. [ 711.233014][T12071] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1838'. [ 711.252683][T12070] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1838'. [ 711.762593][ T5890] usb 2-1: new full-speed USB device number 58 using dummy_hcd [ 712.664649][ T5890] usb 2-1: not running at top speed; connect to a high speed hub [ 712.674232][ T5890] usb 2-1: config 10 has an invalid interface number: 225 but max is 1 [ 712.777722][ T5890] usb 2-1: config 10 has an invalid interface number: 105 but max is 1 [ 712.797661][ T5890] usb 2-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config [ 712.809097][ T5890] usb 2-1: config 10 has no interface number 0 [ 712.815832][ T5890] usb 2-1: config 10 has no interface number 1 [ 712.822121][ T5890] usb 2-1: config 10 interface 225 altsetting 7 has a duplicate endpoint with address 0xA, skipping [ 712.882683][ T5890] usb 2-1: config 10 interface 225 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 713.106390][ T5890] usb 2-1: config 10 interface 225 altsetting 7 has a duplicate endpoint with address 0x5, skipping [ 713.117878][ T5890] usb 2-1: config 10 interface 225 altsetting 7 has a duplicate endpoint with address 0x2, skipping [ 713.128816][ T5890] usb 2-1: config 10 interface 225 altsetting 7 has a duplicate endpoint with address 0x3, skipping [ 713.140805][ T5890] usb 2-1: config 10 interface 225 altsetting 7 endpoint 0xB has invalid maxpacket 1023, setting to 64 [ 713.151990][ T5890] usb 2-1: config 10 interface 105 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 713.169840][ T5890] usb 2-1: config 10 interface 105 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 8 [ 713.769946][ T5890] usb 2-1: config 10 interface 225 has no altsetting 0 [ 713.777770][ T5890] usb 2-1: config 10 interface 105 has no altsetting 0 [ 713.801589][ T5890] usb 2-1: Dual-Role OTG device on HNP port [ 713.815762][ T5890] usb 2-1: New USB device found, idVendor=413c, idProduct=8196, bcdDevice=b7.7e [ 713.825350][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.925074][ T5890] usb 2-1: Product: 鈹젊⻏츳줂ⵜ跑ೲ풦⬖꥝㰅管搇៫৺ˏ霓촜ť쨂<㍒㭨뺗㪘〿极ꠇ [ 713.936564][ T5890] usb 2-1: Manufacturer: 漳뱔﷎ [ 713.946603][ T5890] usb 2-1: SerialNumber: ⠉ [ 714.199549][ T5890] qmi_wwan 2-1:10.225: probe with driver qmi_wwan failed with error -22 [ 714.290727][ T5890] usb 2-1: USB disconnect, device number 58 [ 714.367950][ T5937] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 714.709363][ T5937] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 714.719086][ T5937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.766646][T12118] hub 8-0:1.0: USB hub found [ 714.773547][T12118] hub 8-0:1.0: 1 port detected [ 714.864890][ T5937] usb 3-1: Product: syz [ 714.874984][ T5937] usb 3-1: Manufacturer: syz [ 714.883120][ T5937] usb 3-1: SerialNumber: syz [ 714.915620][ T5937] usb 3-1: config 0 descriptor?? [ 714.950907][ T5937] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 715.205655][ T978] usb 4-1: new full-speed USB device number 57 using dummy_hcd [ 715.464436][ T978] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 715.483740][ T978] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 715.494537][ T978] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 715.503804][ T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 715.521270][ T978] usb 4-1: config 0 descriptor?? [ 715.662356][ T978] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 715.768830][ T978] dvb-usb: bulk message failed: -22 (3/0) [ 716.021606][ T978] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 716.103558][ T978] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 716.117988][ T978] usb 4-1: media controller created [ 716.125937][ T978] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 716.138633][ T978] dvb-usb: bulk message failed: -22 (6/0) [ 716.144597][ T978] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 716.157090][ T978] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input62 [ 716.211589][ T978] dvb-usb: schedule remote query interval to 150 msecs. [ 716.240792][ T978] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 716.407701][ T978] dvb-usb: bulk message failed: -22 (1/0) [ 716.567437][ T978] dvb-usb: error while querying for an remote control event. [ 716.605528][T12136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 716.649084][T12136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 716.662992][ T5937] usb 4-1: USB disconnect, device number 57 [ 716.706096][ T5937] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 717.615444][T12149] hub 8-0:1.0: USB hub found [ 717.624216][T12149] hub 8-0:1.0: 1 port detected [ 718.322966][ T917] usb 3-1: USB disconnect, device number 53 [ 719.503334][T12171] hub 8-0:1.0: USB hub found [ 719.509704][T12171] hub 8-0:1.0: 1 port detected [ 720.412991][T12179] FAULT_INJECTION: forcing a failure. [ 720.412991][T12179] name fail_futex, interval 1, probability 0, space 0, times 1 [ 720.426324][T12179] CPU: 1 UID: 0 PID: 12179 Comm: syz.1.1868 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 720.426351][T12179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 720.426363][T12179] Call Trace: [ 720.426371][T12179] [ 720.426380][T12179] dump_stack_lvl+0x189/0x250 [ 720.426415][T12179] ? __pfx____ratelimit+0x10/0x10 [ 720.426447][T12179] ? __pfx_dump_stack_lvl+0x10/0x10 [ 720.426478][T12179] ? __pfx__printk+0x10/0x10 [ 720.426517][T12179] ? __task_pid_nr_ns+0x28/0x470 [ 720.426544][T12179] should_fail_ex+0x414/0x560 [ 720.426576][T12179] futex_lock_pi_atomic+0xd2/0xd60 [ 720.426612][T12179] futex_lock_pi+0x275/0xa90 [ 720.426647][T12179] ? __pfx_futex_lock_pi+0x10/0x10 [ 720.426705][T12179] ? __pfx_futex_wake_mark+0x10/0x10 [ 720.426737][T12179] ? vfs_write+0x8d8/0xa90 [ 720.426773][T12179] ? ksys_write+0x1cb/0x250 [ 720.426801][T12179] do_futex+0x292/0x420 [ 720.426821][T12179] ? __pfx_vfs_write+0x10/0x10 [ 720.426848][T12179] ? __pfx_do_futex+0x10/0x10 [ 720.426880][T12179] __se_sys_futex+0x36f/0x400 [ 720.426903][T12179] ? fput+0xa0/0xd0 [ 720.426934][T12179] ? ksys_write+0x22a/0x250 [ 720.426956][T12179] ? __pfx___se_sys_futex+0x10/0x10 [ 720.426978][T12179] ? __pfx_ksys_write+0x10/0x10 [ 720.426999][T12179] ? rcu_is_watching+0x15/0xb0 [ 720.427035][T12179] ? __x64_sys_futex+0x21/0xf0 [ 720.427060][T12179] do_syscall_64+0xfa/0x3b0 [ 720.427077][T12179] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.427106][T12179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.427127][T12179] ? clear_bhb_loop+0x60/0xb0 [ 720.427152][T12179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 720.427173][T12179] RIP: 0033:0x7f6818b8e929 [ 720.427192][T12179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 720.427210][T12179] RSP: 002b:00007f6819a7c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 720.427251][T12179] RAX: ffffffffffffffda RBX: 00007f6818db6080 RCX: 00007f6818b8e929 [ 720.427267][T12179] RDX: 0000000000000002 RSI: 0000000000000086 RDI: 000020000000cffc [ 720.427281][T12179] RBP: 00007f6819a7c090 R08: 0000000000000000 R09: 00000000fffffffc [ 720.427295][T12179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 720.427308][T12179] R13: 0000000000000000 R14: 00007f6818db6080 R15: 00007ffe5e5d5568 [ 720.427343][T12179] [ 720.661610][ C1] vkms_vblank_simulate: vblank timer overrun [ 721.350105][T12193] hub 8-0:1.0: USB hub found [ 721.356240][T12193] hub 8-0:1.0: 1 port detected [ 723.763793][ T10] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 724.687161][T12223] binder: 12222:12223 ioctl c0306201 0 returned -14 [ 724.713718][T12223] binder: 12222:12223 ioctl c0306201 200000000640 returned -22 [ 724.731779][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 724.742661][ T10] usb 5-1: too many configurations: 228, using maximum allowed: 8 [ 724.775596][ T10] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 724.803428][ T10] usb 5-1: can't read configurations, error -61 [ 724.853928][T12228] serio: Serial port ptm0 [ 724.967723][ T10] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 725.091464][T12228] tipc: Started in network mode [ 725.159440][T12228] tipc: Node identity , cluster identity 4711 [ 725.335522][T12228] tipc: Failed to obtain node identity [ 725.544683][T12228] tipc: Enabling of bearer rejected, failed to enable media [ 725.794622][T12231] lo speed is unknown, defaulting to 1000 [ 725.917654][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 725.961514][ T10] usb 5-1: too many configurations: 228, using maximum allowed: 8 [ 725.989285][ T10] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 725.997089][ T10] usb 5-1: can't read configurations, error -61 [ 726.015767][ T10] usb usb5-port1: attempt power cycle [ 726.115843][T12249] program syz.2.1888 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 726.724481][T12258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1892'. [ 728.128569][T12284] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 728.144273][T12284] fuse: Bad value for 'fd' [ 728.824056][ T10] usb 2-1: new full-speed USB device number 59 using dummy_hcd [ 729.024836][ T10] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 729.056340][ T10] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 729.085551][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 729.115163][ T10] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 729.146021][ T10] usb 2-1: Product: syz [ 729.153470][ T10] usb 2-1: Manufacturer: syz [ 729.615731][ T10] hub 2-1:4.0: USB hub found [ 729.807416][ T3506] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 729.827728][ T10] hub 2-1:4.0: 8 ports detected [ 729.843074][ T10] hub 2-1:4.0: insufficient power available to use all downstream ports [ 729.893542][T12304] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1908'. [ 730.011051][ T3506] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.494902][ T10] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 730.507184][ T10] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 730.563126][ T10] usb 2-1: USB disconnect, device number 59 [ 730.597886][ T3506] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.672120][ T3506] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.698728][T12317] netlink: 120 bytes leftover after parsing attributes in process `syz.0.1912'. [ 730.878517][ T3506] bridge_slave_1: left allmulticast mode [ 730.884407][ T3506] bridge_slave_1: left promiscuous mode [ 730.905696][ T3506] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.942253][ T3506] bridge_slave_0: left allmulticast mode [ 730.956699][ T3506] bridge_slave_0: left promiscuous mode [ 730.971929][ T3506] bridge0: port 1(bridge_slave_0) entered disabled state [ 731.269654][T12332] nfs4: Unknown parameter 'oJĈ [ 731.269654][T12332] 'DTޠYCQ?' [ 732.253830][T11730] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 732.268394][T11730] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 732.282902][T11730] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 732.294933][T11730] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 732.305369][T11730] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 732.467695][ T30] audit: type=1326 audit(1749724039.524:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12349 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 732.489369][ C1] vkms_vblank_simulate: vblank timer overrun [ 732.514837][ T30] audit: type=1326 audit(1749724039.524:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12349 comm="syz.0.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c5138e929 code=0x7ffc0000 [ 732.617830][ T10] usb 5-1: new full-speed USB device number 66 using dummy_hcd [ 733.293892][ T10] usb 5-1: config 8 has an invalid interface number: 177 but max is 0 [ 733.310478][ T10] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 733.327888][ T10] usb 5-1: config 8 has no interface number 0 [ 733.334090][ T10] usb 5-1: config 8 interface 177 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 733.366639][ T10] usb 5-1: config 8 interface 177 has no altsetting 0 [ 733.379792][ T10] usb 5-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1 [ 733.389404][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 733.402728][T12357] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 733.427973][ T3506] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 733.488864][ T3506] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 733.516711][ T3506] bond0 (unregistering): Released all slaves [ 733.919316][ T10] usb 5-1: string descriptor 0 read error: -71 [ 733.984117][ T10] ir_toy 5-1:8.177: required endpoints not found [ 734.044450][ T10] usb 5-1: USB disconnect, device number 66 [ 734.298049][T12347] lo speed is unknown, defaulting to 1000 [ 734.359396][T11730] Bluetooth: hci3: command tx timeout [ 734.383614][T12365] overlayfs: failed to resolve './file1/file0': -2 [ 735.256070][T12370] trusted_key: encrypted_key: insufficient parameters specified [ 735.574127][ T3506] hsr_slave_0: left promiscuous mode [ 735.582802][ T3506] hsr_slave_1: left promiscuous mode [ 735.593059][ T3506] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 735.601976][ T3506] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 735.616007][ T3506] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 735.623669][ T3506] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 735.664868][ T3506] veth1_macvtap: left promiscuous mode [ 735.673426][ T3506] veth0_macvtap: left promiscuous mode [ 735.679546][ T3506] veth1_vlan: left promiscuous mode [ 735.685090][ T3506] veth0_vlan: left promiscuous mode [ 735.757870][ T5937] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 735.855281][T12387] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1931'. [ 736.437673][T11730] Bluetooth: hci3: command tx timeout [ 736.466410][T12395] netlink: 'syz.0.1933': attribute type 1 has an invalid length. [ 736.475634][T12395] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1933'. [ 736.487521][T12395] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1933'. [ 736.523848][ T3506] team0 (unregistering): Port device team_slave_1 removed [ 736.577119][ T3506] team0 (unregistering): Port device team_slave_0 removed [ 737.026169][T12347] chnl_net:caif_netlink_parms(): no params data found [ 737.092367][T12402] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 738.517637][T11730] Bluetooth: hci3: command tx timeout [ 740.607688][T11730] Bluetooth: hci3: command tx timeout [ 741.815147][T12347] bridge0: port 1(bridge_slave_0) entered blocking state [ 741.849222][T12347] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.856496][T12347] bridge_slave_0: entered allmulticast mode [ 741.874977][T12426] netlink: 'syz.4.1943': attribute type 39 has an invalid length. [ 741.892455][T12347] bridge_slave_0: entered promiscuous mode [ 741.900887][T12425] netlink: 'syz.0.1942': attribute type 39 has an invalid length. [ 741.980973][T12347] bridge0: port 2(bridge_slave_1) entered blocking state [ 742.000041][T12347] bridge0: port 2(bridge_slave_1) entered disabled state [ 742.137610][T12347] bridge_slave_1: entered allmulticast mode [ 742.242733][T12347] bridge_slave_1: entered promiscuous mode [ 742.653621][T12347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 742.710600][T12347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 745.286583][T12347] team0: Port device team_slave_0 added [ 745.466251][T12347] team0: Port device team_slave_1 added [ 745.623314][T12449] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 747.142930][T12347] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 747.158677][T12347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 747.211315][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.220634][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.310763][T12347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 747.321542][T12461] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 747.328090][T12461] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 747.339579][T12347] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 747.341326][T12461] vhci_hcd vhci_hcd.0: Device attached [ 747.346651][T12347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 747.377967][ C1] vkms_vblank_simulate: vblank timer overrun [ 747.387786][T12347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 747.427053][T12465] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(12) [ 747.433694][T12465] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 747.466929][ T5914] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 747.476574][T12465] vhci_hcd vhci_hcd.0: Device attached [ 747.500798][T12461] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(11) [ 747.507431][T12461] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 747.528138][T12461] vhci_hcd vhci_hcd.0: Device attached [ 747.544266][T12461] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 747.562636][T12347] hsr_slave_0: entered promiscuous mode [ 747.569542][T12461] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(18) [ 747.576165][T12461] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 747.598154][ T10] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 747.628389][ T36] Bluetooth: hci5: Frame reassembly failed (-84) [ 747.628994][T12465] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(21) [ 747.634862][ T3474] Bluetooth: hci5: Frame reassembly failed (-84) [ 747.641353][T12465] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 747.659902][ T5914] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 747.677325][T12461] vhci_hcd vhci_hcd.0: Device attached [ 747.685862][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 747.697281][T12347] hsr_slave_1: entered promiscuous mode [ 747.705856][ T5914] usb 2-1: config 0 descriptor?? [ 747.723973][ T5914] cp210x 2-1:0.0: cp210x converter detected [ 747.743090][T12461] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 747.812614][T12465] vhci_hcd vhci_hcd.0: Device attached [ 747.846273][T12347] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 747.875678][T12347] Cannot create hsr debugfs directory [ 747.882197][T12482] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 747.961544][T12461] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 747.978288][T12461] vhci_hcd vhci_hcd.0: port 0 already used [ 748.002492][T12475] vhci_hcd: connection closed [ 748.018115][ T36] vhci_hcd: stop threads [ 748.027151][ T36] vhci_hcd: release socket [ 748.031679][T12467] vhci_hcd: connection closed [ 748.032312][T12462] vhci_hcd: connection reset by peer [ 748.037048][T12478] vhci_hcd: connection closed [ 748.042722][T12469] vhci_hcd: connection closed [ 748.063026][ T36] vhci_hcd: disconnect device [ 748.098859][ T36] vhci_hcd: stop threads [ 748.103145][ T36] vhci_hcd: release socket [ 748.121671][ T36] vhci_hcd: disconnect device [ 748.130884][ T36] vhci_hcd: stop threads [ 748.139478][ T36] vhci_hcd: release socket [ 748.149684][ T5914] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 748.160801][ T36] vhci_hcd: disconnect device [ 748.173197][ T36] vhci_hcd: stop threads [ 748.184688][ T5914] usb 2-1: cp210x converter now attached to ttyUSB0 [ 748.191447][ T36] vhci_hcd: release socket [ 748.201328][ T36] vhci_hcd: disconnect device [ 748.214732][ T36] vhci_hcd: stop threads [ 748.223350][ T36] vhci_hcd: release socket [ 748.233327][ T36] vhci_hcd: disconnect device [ 748.285297][T12347] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 748.298714][T12347] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 748.310016][T12347] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 748.322436][T12347] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 749.037362][T12347] 8021q: adding VLAN 0 to HW filter on device bond0 [ 749.099038][T12347] 8021q: adding VLAN 0 to HW filter on device team0 [ 749.112585][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 749.119785][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 749.167642][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 749.174906][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 749.381689][T12501] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1958'. [ 749.647736][T11730] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 750.246194][T12504] netlink: 'syz.4.1959': attribute type 21 has an invalid length. [ 750.277192][T12504] netlink: 'syz.4.1959': attribute type 6 has an invalid length. [ 750.287858][T12459] loop6: detected capacity change from 0 to 63 [ 750.294358][T12504] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1959'. [ 750.308561][T12459] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 750.314608][T12492] lo speed is unknown, defaulting to 1000 [ 750.317111][T12459] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 750.331312][T12459] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 750.339796][T12459] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 750.348478][T12459] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 750.356948][T12459] Buffer I/O error on dev loop6, logical block 5, lost async page write [ 750.365693][T12459] Buffer I/O error on dev loop6, logical block 6, lost async page write [ 750.394670][T12504] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1959'. [ 750.449671][T12504] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 12504 comm: syz.4.1959) [ 750.483465][ T30] audit: type=1800 audit(1749724313.553:588): pid=12504 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1959" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=33262 res=0 errno=0 [ 750.936411][ T5937] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 750.962462][T12347] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 750.984543][ T5914] usb 2-1: USB disconnect, device number 60 [ 750.994355][ T5914] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 751.020356][ T5914] cp210x 2-1:0.0: device disconnected [ 751.100930][ T5937] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 751.115163][ T5937] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 751.142640][ T5937] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c [ 751.154559][ T5937] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 751.164448][ T5937] usb 3-1: Product: syz [ 751.175987][ T5937] usb 3-1: Manufacturer: syz [ 751.181347][ T5937] usb 3-1: SerialNumber: syz [ 751.194045][ T5937] usb 3-1: config 0 descriptor?? [ 751.211882][ T5937] ims_pcu 3-1:0.0: Missing CDC union descriptor [ 751.219305][ T5937] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22 [ 751.421933][ T5875] usb 3-1: USB disconnect, device number 54 [ 754.007715][ T10] vhci_hcd: vhci_device speed not set [ 754.485292][T12542] No such timeout policy "syz0" [ 754.491023][ T978] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 754.627849][ T5914] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 754.657738][ T978] usb 5-1: Using ep0 maxpacket: 16 [ 754.681288][ T978] usb 5-1: config index 0 descriptor too short (expected 25892, got 36) [ 754.691898][ T978] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 754.702502][ T978] usb 5-1: config 0 has no interfaces? [ 754.747822][ T978] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 754.762012][T12347] veth0_vlan: entered promiscuous mode [ 754.771530][ T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.780511][T12347] veth1_vlan: entered promiscuous mode [ 754.800699][ T978] usb 5-1: Product: syz [ 754.804997][ T978] usb 5-1: Manufacturer: syz [ 754.810285][ T5914] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 754.824551][T12347] veth0_macvtap: entered promiscuous mode [ 754.832455][ T5914] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 754.844302][T12347] veth1_macvtap: entered promiscuous mode [ 754.850222][ T978] usb 5-1: SerialNumber: syz [ 754.866482][ T978] usb 5-1: config 0 descriptor?? [ 754.883679][ T5914] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 754.895160][T12347] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 754.903851][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.920883][ T5914] usb 3-1: Product: syz [ 754.931546][ T5914] usb 3-1: Manufacturer: syz [ 754.933571][T12347] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 754.944484][ T5914] usb 3-1: SerialNumber: syz [ 754.972040][T12347] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.990135][T12347] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 755.005374][T12347] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 755.019336][T12347] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 755.083464][ T978] usb 5-1: USB disconnect, device number 68 [ 755.203883][ T5914] usb 3-1: 0:2 : does not exist [ 755.237352][ T5914] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 755.265041][ T30] audit: type=1804 audit(1749724318.343:589): pid=12544 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1968" name="/newroot/401/file0" dev="tmpfs" ino=2151 res=1 errno=0 [ 755.362823][ T5890] usb usb34-port1: attempt power cycle [ 755.411878][ T6685] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 755.427402][ T5914] usb 3-1: USB disconnect, device number 55 [ 755.464828][ T6685] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 755.964535][ T5890] usb usb34-port1: unable to enumerate USB device [ 756.491915][ T9134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 756.508891][ T9134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 756.566736][T12560] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1972'. [ 756.607792][T12560] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1972'. [ 758.708640][T12591] No such timeout policy "syz0" [ 758.749414][T12593] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609) [ 758.797776][ T917] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 758.812598][T12593] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 [ 758.897258][T12596] bond0: Unable to set down delay as MII monitoring is disabled [ 759.272822][ T917] usb 3-1: Using ep0 maxpacket: 32 [ 759.285469][ T917] usb 3-1: config 4 has an invalid interface number: 161 but max is 0 [ 759.311609][ T917] usb 3-1: config 4 has an invalid interface number: 62 but max is 0 [ 759.344940][ T917] usb 3-1: config 4 descriptor has 1 excess byte, ignoring [ 759.367746][ T917] usb 3-1: config 4 has 2 interfaces, different from the descriptor's value: 1 [ 759.393378][ T917] usb 3-1: config 4 has no interface number 0 [ 759.420115][ T917] usb 3-1: config 4 has no interface number 1 [ 759.457667][ T917] usb 3-1: config 4 interface 161 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 759.511611][ T917] usb 3-1: too many endpoints for config 4 interface 62 altsetting 67: 144, using maximum allowed: 30 [ 759.537686][ T5914] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 759.545323][ T917] usb 3-1: config 4 interface 62 altsetting 67 has 0 endpoint descriptors, different from the interface descriptor's value: 144 [ 759.565739][ T917] usb 3-1: config 4 interface 62 has no altsetting 0 [ 759.575488][ T917] usb 3-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=aa.71 [ 759.588667][ T917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.596767][ T917] usb 3-1: Product: syz [ 759.601406][ T917] usb 3-1: Manufacturer: syz [ 759.606030][ T917] usb 3-1: SerialNumber: syz [ 759.717769][ T5914] usb 6-1: Using ep0 maxpacket: 16 [ 759.821338][ T5914] usb 6-1: config index 0 descriptor too short (expected 25892, got 36) [ 759.847686][ T5914] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 759.877913][ T5914] usb 6-1: config 0 has no interfaces? [ 759.880802][ T917] usb 3-1: USB disconnect, device number 56 [ 759.891303][ T5914] usb 6-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 759.907796][ T5914] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 759.936134][ T5914] usb 6-1: Product: syz [ 759.947509][ T5914] usb 6-1: Manufacturer: syz [ 759.952218][ T5914] usb 6-1: SerialNumber: syz [ 760.026496][ T5914] usb 6-1: config 0 descriptor?? [ 760.235749][ T5890] usb 6-1: USB disconnect, device number 2 [ 760.287724][ T5914] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 760.438260][ T5914] usb 5-1: Using ep0 maxpacket: 16 [ 760.445799][ T5914] usb 5-1: too many configurations: 36, using maximum allowed: 8 [ 760.456049][ T5914] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 760.464053][ T5914] usb 5-1: can't read configurations, error -61 [ 760.599618][ T5914] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 760.758139][ T5914] usb 5-1: Using ep0 maxpacket: 16 [ 760.764615][ T5914] usb 5-1: too many configurations: 36, using maximum allowed: 8 [ 760.779706][ T5914] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 760.790640][ T5914] usb 5-1: can't read configurations, error -61 [ 760.797484][ T5914] usb usb5-port1: attempt power cycle [ 761.857645][ T5914] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 761.926766][ T5914] usb 5-1: Using ep0 maxpacket: 16 [ 761.968335][ T5914] usb 5-1: too many configurations: 36, using maximum allowed: 8 [ 762.000341][ T5914] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 762.012051][ T5914] usb 5-1: can't read configurations, error -61 [ 762.220935][T12629] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 762.228643][T12629] IPv6: NLM_F_CREATE should be set when creating new route [ 762.247673][ T5914] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 762.484644][T12631] hub 8-0:1.0: USB hub found [ 762.492206][T12631] hub 8-0:1.0: 1 port detected [ 763.019757][ T5914] usb 5-1: Using ep0 maxpacket: 16 [ 763.051145][ T5914] usb 5-1: too many configurations: 36, using maximum allowed: 8 [ 763.222977][ T5914] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 763.251570][ T5914] usb 5-1: can't read configurations, error -71 [ 763.412743][ T5914] usb usb5-port1: unable to enumerate USB device [ 764.309988][T12642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1996'. [ 764.320797][T12642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1996'. [ 764.335667][T12642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1996'. [ 764.354499][T12642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1996'. [ 764.412012][T12642] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1996'. [ 764.465093][T12648] FAULT_INJECTION: forcing a failure. [ 764.465093][T12648] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 764.478649][T12648] CPU: 1 UID: 0 PID: 12648 Comm: syz.4.1997 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 764.478672][T12648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 764.478683][T12648] Call Trace: [ 764.478690][T12648] [ 764.478697][T12648] dump_stack_lvl+0x189/0x250 [ 764.478728][T12648] ? __pfx____ratelimit+0x10/0x10 [ 764.478755][T12648] ? __pfx_dump_stack_lvl+0x10/0x10 [ 764.478781][T12648] ? __pfx__printk+0x10/0x10 [ 764.478799][T12648] ? __might_fault+0xb0/0x130 [ 764.478832][T12648] should_fail_ex+0x414/0x560 [ 764.478860][T12648] _copy_from_user+0x2d/0xb0 [ 764.478879][T12648] __ia32_sys_rt_sigreturn+0x228/0x7b0 [ 764.478908][T12648] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 764.478929][T12648] ? _raw_spin_unlock_irq+0x2e/0x50 [ 764.478982][T12648] ? __task_pid_nr_ns+0x28/0x470 [ 764.479006][T12648] ? do_syscall_64+0xbe/0x3b0 [ 764.479026][T12648] do_syscall_64+0xfa/0x3b0 [ 764.479040][T12648] ? lockdep_hardirqs_on+0x9c/0x150 [ 764.479073][T12648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.479091][T12648] ? clear_bhb_loop+0x60/0xb0 [ 764.479113][T12648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.479130][T12648] RIP: 0033:0x7f8f95f2ab19 [ 764.479146][T12648] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 764.479162][T12648] RSP: 002b:00007f8f96e5ca80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 764.479180][T12648] RAX: ffffffffffffffda RBX: 00007f8f961b5fa0 RCX: 00007f8f95f2ab19 [ 764.479193][T12648] RDX: 00007f8f96e5ca80 RSI: 00007f8f96e5cbb0 RDI: 0000000000000021 [ 764.479205][T12648] RBP: 00007f8f96e5d090 R08: 0000000000000003 R09: 0000000000000000 [ 764.479216][T12648] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 764.479227][T12648] R13: 0000000000000000 R14: 00007f8f961b5fa0 R15: 00007ffcc15957c8 [ 764.479255][T12648] [ 764.677283][ C1] vkms_vblank_simulate: vblank timer overrun [ 764.800835][T12655] netlink: 'syz.4.2001': attribute type 39 has an invalid length. [ 764.968804][T12644] ntfs3: Unknown parameter '/dev/kvm' [ 765.917744][ T917] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 765.928757][T12671] delete_channel: no stack [ 870.991628][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 870.998634][ C1] rcu: 0-...!: (1 GPs behind) idle=d3c4/1/0x4000000000000000 softirq=60787/60788 fqs=13 [ 871.009450][ C1] rcu: (detected by 1, t=10502 jiffies, g=56485, q=193 ncpus=2) [ 871.017193][ C1] Sending NMI from CPU 1 to CPUs 0: [ 871.017225][ C0] NMI backtrace for cpu 0 [ 871.017241][ C0] CPU: 0 UID: 0 PID: 12675 Comm: syz.5.2006 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 871.017261][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 871.017271][ C0] RIP: 0010:rb_erase+0xe43/0xe60 [ 871.017300][ C0] Code: 20 00 48 8b 5c 24 18 74 19 48 89 df e8 d6 30 c7 f6 eb 0f 43 80 3c 26 00 74 08 48 89 df e8 c5 30 c7 f6 4c 89 2b 48 83 c4 28 5b <41> 5c 41 5d 41 5e 41 5f 5d e9 7f 3e 07 00 cc 66 66 66 66 66 2e 0f [ 871.017314][ C0] RSP: 0018:ffffc90000007cd8 EFLAGS: 00000092 [ 871.017346][ C0] RAX: 1ffff110170c4f82 RBX: ffff8880b8627c10 RCX: dffffc0000000000 [ 871.017359][ C0] RDX: 0000000000010000 RSI: ffff8880b8627c10 RDI: ffff888144683348 [ 871.017372][ C0] RBP: dffffc0000000000 R08: ffffffff8f9fdef7 R09: 1ffffffff1f3fbde [ 871.017385][ C0] R10: dffffc0000000000 R11: fffffbfff1f3fbdf R12: ffff888144683340 [ 871.017399][ C0] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 871.017409][ C0] FS: 00007f2bb38786c0(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 871.017424][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 871.017436][ C0] CR2: 0000000000000000 CR3: 0000000077dc8000 CR4: 00000000003526f0 [ 871.017451][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 871.017461][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 871.017472][ C0] Call Trace: [ 871.017479][ C0] [ 871.017490][ C0] timerqueue_del+0xae/0x100 [ 871.017514][ C0] __hrtimer_run_queues+0x364/0xc60 [ 871.017552][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 871.017576][ C0] ? read_tsc+0x9/0x20 [ 871.017602][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 871.017643][ C0] __sysvec_apic_timer_interrupt+0x108/0x410 [ 871.017672][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 871.017698][ C0] [ 871.017704][ C0] [ 871.017711][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 871.017730][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 [ 871.017755][ C0] Code: 74 05 e8 fb 7d 66 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 f3 69 2f f6 65 8b 05 ec 43 38 07 85 c0 74 40 48 c7 04 24 0e 36 [ 871.017770][ C0] RSP: 0018:ffffc900046879a0 EFLAGS: 00000206 [ 871.017784][ C0] RAX: 72630ea0d6bed200 RBX: 0000000000000a02 RCX: 72630ea0d6bed200 [ 871.017797][ C0] RDX: 0000000000000006 RSI: ffffffff8d96d7f4 RDI: 0000000000000001 [ 871.017809][ C0] RBP: ffffc90004687a20 R08: ffffffff8f9fdef7 R09: 1ffffffff1f3fbde [ 871.017822][ C0] R10: dffffc0000000000 R11: fffffbfff1f3fbdf R12: dffffc0000000000 [ 871.017835][ C0] R13: 000000000000ce08 R14: ffffffff8e223980 R15: 1ffff920008d0f34 [ 871.017860][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 871.017890][ C0] pcpu_alloc_noprof+0xc00/0x16b0 [ 871.017923][ C0] bpf_prog_alloc_no_stats+0x10e/0x4e0 [ 871.017951][ C0] bpf_prog_alloc+0x3c/0x1a0 [ 871.017976][ C0] bpf_prog_load+0x735/0x1930 [ 871.018007][ C0] ? __pfx_bpf_prog_load+0x10/0x10 [ 871.018042][ C0] ? bpf_lsm_bpf+0x9/0x20 [ 871.018067][ C0] ? security_bpf+0x7e/0x300 [ 871.018093][ C0] __sys_bpf+0x5f1/0x860 [ 871.018117][ C0] ? __pfx___sys_bpf+0x10/0x10 [ 871.018147][ C0] ? __pfx___se_sys_futex+0x10/0x10 [ 871.018179][ C0] __x64_sys_bpf+0x7c/0x90 [ 871.018198][ C0] do_syscall_64+0xfa/0x3b0 [ 871.018213][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 871.018238][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 871.018256][ C0] ? clear_bhb_loop+0x60/0xb0 [ 871.018276][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 871.018293][ C0] RIP: 0033:0x7f2bb298e929 [ 871.018309][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 871.018324][ C0] RSP: 002b:00007f2bb3878038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 871.018340][ C0] RAX: ffffffffffffffda RBX: 00007f2bb2bb5fa0 RCX: 00007f2bb298e929 [ 871.018353][ C0] RDX: 0000000000000090 RSI: 00002000000000c0 RDI: 0000000000000005 [ 871.018364][ C0] RBP: 00007f2bb2a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 871.018375][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 871.018385][ C0] R13: 0000000000000000 R14: 00007f2bb2bb5fa0 R15: 00007ffd648c4d68 [ 871.018407][ C0] [ 871.019214][ C1] rcu: rcu_preempt kthread starved for 10441 jiffies! g56485 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 871.458391][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 871.468387][ C1] rcu: RCU grace-period kthread stack dump: [ 871.474309][ C1] task:rcu_preempt state:R running task stack:26776 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 871.487836][ C1] Call Trace: [ 871.491137][ C1] [ 871.494091][ C1] __schedule+0x16a2/0x4cb0 [ 871.498648][ C1] ? schedule+0x165/0x360 [ 871.503005][ C1] ? __pfx___schedule+0x10/0x10 [ 871.507900][ C1] ? schedule+0x91/0x360 [ 871.512177][ C1] schedule+0x165/0x360 [ 871.516357][ C1] schedule_timeout+0x12b/0x270 [ 871.521229][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 871.526622][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 871.532633][ C1] ? __pfx_process_timeout+0x10/0x10 [ 871.537956][ C1] ? prepare_to_swait_event+0x341/0x380 [ 871.543539][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 871.548432][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 871.554624][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 871.559928][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 871.565158][ C1] ? finish_swait+0xcd/0x1f0 [ 871.569766][ C1] rcu_gp_kthread+0x99/0x390 [ 871.574381][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 871.579605][ C1] ? __kthread_parkme+0x7b/0x200 [ 871.584574][ C1] ? __kthread_parkme+0x1a1/0x200 [ 871.589631][ C1] kthread+0x70e/0x8a0 [ 871.593728][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 871.598953][ C1] ? __pfx_kthread+0x10/0x10 [ 871.603566][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 871.608787][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 871.614014][ C1] ? __pfx_kthread+0x10/0x10 [ 871.618624][ C1] ret_from_fork+0x3fc/0x770 [ 871.623239][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 871.628384][ C1] ? __switch_to_asm+0x39/0x70 [ 871.633167][ C1] ? __switch_to_asm+0x33/0x70 [ 871.637945][ C1] ? __pfx_kthread+0x10/0x10 [ 871.642561][ C1] ret_from_fork_asm+0x1a/0x30 [ 871.647360][ C1] [ 871.650395][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 871.656725][ C1] CPU: 1 UID: 0 PID: 5875 Comm: kworker/1:4 Not tainted 6.16.0-rc1-syzkaller-00005-g488ef3560196 #0 PREEMPT(full) [ 871.668800][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 871.678883][ C1] Workqueue: events jump_label_update_timeout [ 871.684976][ C1] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 [ 871.691675][ C1] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 50 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 fb 73 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 e0 73 0b [ 871.711299][ C1] RSP: 0018:ffffc900046b7780 EFLAGS: 00000293 [ 871.717389][ C1] RAX: ffffffff81b4da10 RBX: ffff8880b873c9c0 RCX: ffff888032868000 [ 871.725395][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 871.733405][ C1] RBP: ffffc900046b78e0 R08: ffffffff8f9fdef7 R09: 1ffffffff1f3fbde [ 871.741399][ C1] R10: dffffc0000000000 R11: fffffbfff1f3fbdf R12: 1ffff110170c868d [ 871.749392][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8643468 [ 871.757382][ C1] FS: 0000000000000000(0000) GS:ffff888125d86000(0000) knlGS:0000000000000000 [ 871.766338][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 871.772939][ C1] CR2: 000000110c3bb941 CR3: 000000000df38000 CR4: 00000000003526f0 [ 871.780937][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 871.788933][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 871.796920][ C1] Call Trace: [ 871.800213][ C1] [ 871.803173][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 871.809527][ C1] ? __pfx_text_poke_memcpy+0x10/0x10 [ 871.814914][ C1] ? kvm_irq_delivery_to_apic+0x410/0xa20 [ 871.820659][ C1] ? __pfx___text_poke+0x10/0x10 [ 871.825606][ C1] ? rcu_is_watching+0x15/0xb0 [ 871.830391][ C1] ? trace_contention_end+0x39/0x120 [ 871.835709][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 871.840765][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 871.845952][ C1] smp_text_poke_batch_finish+0x5e0/0x1100 [ 871.851797][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 871.856920][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 871.863200][ C1] ? arch_jump_label_transform_queue+0x97/0x110 [ 871.869466][ C1] ? __jump_label_update+0x37e/0x3a0 [ 871.874769][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 871.880766][ C1] __static_key_slow_dec_cpuslocked+0xbb/0x110 [ 871.886946][ C1] jump_label_update_timeout+0x1e/0x30 [ 871.892417][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 871.898174][ C1] process_scheduled_works+0xade/0x17b0 [ 871.903783][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 871.909805][ C1] worker_thread+0x8a0/0xda0 [ 871.914432][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 871.920800][ C1] ? __kthread_parkme+0x7b/0x200 [ 871.925819][ C1] kthread+0x70e/0x8a0 [ 871.929917][ C1] ? __pfx_worker_thread+0x10/0x10 [ 871.935055][ C1] ? __pfx_kthread+0x10/0x10 [ 871.939668][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 871.944894][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 871.950116][ C1] ? __pfx_kthread+0x10/0x10 [ 871.954723][ C1] ret_from_fork+0x3fc/0x770 [ 871.959339][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 871.964482][ C1] ? __switch_to_asm+0x39/0x70 [ 871.969273][ C1] ? __switch_to_asm+0x33/0x70 [ 871.974050][ C1] ? __pfx_kthread+0x10/0x10 [ 871.978662][ C1] ret_from_fork_asm+0x1a/0x30 [ 871.983476][ C1]