last executing test programs: 4m50.506511319s ago: executing program 2 (id=1183): socket$alg(0x26, 0x5, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004000)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x4}, [{}, {}, {}, {0x0, 0x0, 0x0, 0x20000}, {0x0, 0x0, 0x200000}, {}, {0x0, 0x20000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffff7}, {0x0, 0x0, 0x0, 0x0, 0x10001}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffa}, {0x0, 0x4}, {}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x8}, {0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x0, 0x2}, {}, {}, {}, {0x10000000}, {}, {}, {0x0, 0xfffffffd}, {}, {0x0, 0x0, 0xc971}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x0, 0x100, 0x2}, {0x0, 0x0, 0x3}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {0x5}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x30, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x100}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x30}}, 0x200000000000000) 4m46.030331514s ago: executing program 2 (id=1197): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r1 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x22, &(0x7f0000000140)=0x400030, 0x4) syz_emit_ethernet(0x2e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004500002000000000"], 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000640)=ANY=[]) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010000000000000000002c"], 0x2c}}, 0x0) write$sequencer(0xffffffffffffffff, &(0x7f00000005c0)=[@e={0xff, 0xa, 0x0, 0x0, @SEQ_NOTEON=@special}, @l={0x92, 0x0, 0xd0}], 0x10) chdir(0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x2, 0x100, 0x5}) mkdir(0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_FLAGS={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0x0, 0x0, 0x2}) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000005, 0x6031, 0xffffffffffffffff, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) 4m45.741829629s ago: executing program 2 (id=1201): socket$packet(0x11, 0x2, 0x300) r0 = inotify_init1(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0xffffffff80000901, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x3631564e, 0x0, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3}}) r3 = inotify_add_watch(r0, &(0x7f0000000440)='.\x00', 0x12000021) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x3c8, 0xffffffff, 0x228, 0x0, 0x228, 0xfeffffff, 0xffffffff, 0x2f8, 0x2f8, 0x2f8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x110, 0x138, 0x0, {}, [@common=@unspec=@mark={{0x30}}, @common=@unspec=@devgroup={{0x38}}]}, @REJECT={0x28}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@ipv6={@loopback, @mcast1, [], [], 'erspan0\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x428) r5 = dup(r0) read$FUSE(0xffffffffffffffff, &(0x7f0000002280)={0x2020}, 0x2020) inotify_rm_watch(r5, r3) socket$pptp(0x18, 0x1, 0x2) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) r6 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x400141) ioctl$VIDIOC_QUERYCTRL(r6, 0xc038563c, &(0x7f0000000200)={0x0, 0x0, "fff01fa1c2c0c1fabf07ca81cc7fdc3d19a834b54191704aa0faaee569d7cb93", 0x1}) syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040), 0x0) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r7, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x20, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x3}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x1f, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e24, @private=0xa010101}}, 0x1, 0x8d43}, 0x90) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file1\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000580)=ANY=[@ANYBLOB="020000000100a41b9f0975629a00000000000004000000000000001000000020"], 0x24, 0x0) socket$nl_route(0x10, 0x3, 0x0) 4m43.710237335s ago: executing program 2 (id=1206): socket$packet(0x11, 0x2, 0x300) r0 = inotify_init1(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x3554c2, 0x1cd) quotactl_fd$Q_GETNEXTQUOTA(r1, 0xffffffff80000901, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8) r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x180, 0x194, 0x194, 0x180, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0xa0, 0xc8, 0x0, {0x0, 0x74020000}, [@common=@inet=@tcp={{0x30}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278) brk(0x20ffc004) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000180)={0x1, @vbi={0x6, 0x0, 0x4, 0x4745504a, [0x5, 0x6], [0x80000001, 0xd], 0x108}}) inotify_add_watch(r0, &(0x7f0000000440)='.\x00', 0x12000021) r5 = dup(r0) read$FUSE(r5, &(0x7f0000002280)={0x2020}, 0x18b5) socket$pptp(0x18, 0x1, 0x2) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = msgget$private(0x0, 0x214) setreuid(0x0, 0x0) msgsnd(r6, &(0x7f0000000980)=ANY=[@ANYBLOB="030000"], 0x401, 0x0) msgctl$IPC_SET(r6, 0x1, &(0x7f0000000040)={{0x2, 0x0, 0xee00, 0x0, 0x0, 0x82, 0x2}, 0x0, 0x0, 0x3, 0x9c84, 0x1, 0x0, 0x0, 0xfffc, 0x1b}) 4m41.619392142s ago: executing program 2 (id=1212): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES64=r3, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb01001800c1009767d30000000406000000000c1700000000000000000004000000000000aca77fe037cc74e68b72501f4a37f56790bc8c65043d477f644a60509b4ce7895466"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x9, 0xe, 0x13, "f7008000"}) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r5}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) fsopen(&(0x7f0000000040)='zonefs\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000071121500000000009500000000000000a225dc4fcced2d72fa39832b5ff7bc134230492030392705e62eacef92da9fe2ea3703d0bf45bcc8fc218c856ce35336eb9149d65ed03d7d2e9747d320ce39cb276cd56ebf86e2823b4a9458ef898e35b4ad08136959505d082087da2771edb02cf8986eeb8967"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000006c0)=ANY=[@ANYBLOB="9feb01001800000000000000500000005000000006000000090000000000000a000000000100000000000008000000000000000000000008030000000800000000000008010000000100000001000006040000000800000009000000080000000000001204000000002e30612e00a3f1c835d9cdd2935464344deebc33a38c8c9cfd637331acd4c0ba57acae5568a6dd923447e180c9cb6880178ccae1f6b4390641cbffe87a0192adf2f7099b3fd780dcf55cbc3647d3f1caa4504ff11b8cae67eccb1a9d5f73538aaf1896e34f87f88f06a06e7b82b1ed0821be6fe522ba33ef047f2c77e13f657f73"], &(0x7f0000000140)=""/151, 0x6e, 0x97, 0x0, 0x5, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1eaa00000000000079101000000000009500"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) 4m40.440620138s ago: executing program 2 (id=1216): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0xe1, 0x0, 0x0, 0xfa000, 0x1a5e00}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0xb814dbe8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r2}, 0x10) r3 = socket$kcm(0x11, 0xa, 0x300) ioctl$SIOCSIFHWADDR(r3, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="c3000e000300"}) socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x200640, 0x23) symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r4, &(0x7f0000000000)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0x200, 0x0) fanotify_mark(r6, 0x1, 0x4800003e, r5, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) syz_open_dev$sndctrl(&(0x7f0000004e80), 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000100), 0xfecc) 4m25.356689542s ago: executing program 32 (id=1216): socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r1, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0xe1, 0x0, 0x0, 0xfa000, 0x1a5e00}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0xb814dbe8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r2}, 0x10) r3 = socket$kcm(0x11, 0xa, 0x300) ioctl$SIOCSIFHWADDR(r3, 0x8b04, &(0x7f0000000040)={'wlan1\x00', @random="c3000e000300"}) socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x200640, 0x23) symlinkat(&(0x7f0000000140)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', r4, &(0x7f0000000000)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0x200, 0x0) fanotify_mark(r6, 0x1, 0x4800003e, r5, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14) syz_open_dev$sndctrl(&(0x7f0000004e80), 0x0, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000100), 0xfecc) 2m18.258155605s ago: executing program 4 (id=1766): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000200)={0x10001, 0x0, [0x1000, 0x6, 0x4, 0x5, 0x8, 0x7, 0x9, 0x1]}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350070696d367265673000000020000000000400350076657468305f6d614176746170000000140035006d61637674617030020000000000000014003500677265300000000000000000000000001400350076657468305f746f5f626174616476001400350001657468315f6d6163767461700000001400350067726530000000000000000000000000140035006261746164765f736c6176655f31000008000f"], 0xe8}}, 0x0) close(r0) 2m17.985335871s ago: executing program 4 (id=1768): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x2c, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x2c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)={0x48, r4, 0x10, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x2a, 0x33, @action={{{}, {}, @broadcast, @device_a, @initial, {0x0, 0xfff}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x0, 0x8}, @val={0x76, 0x6, {0x4, 0x7, 0x19, 0x3}}}}}}]}, 0x48}}, 0x0) 2m17.83454517s ago: executing program 4 (id=1770): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x44, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB="44888eff", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="26003300d0000000080211000001080211000000505050505050"], 0x44}}, 0x0) 2m17.096710925s ago: executing program 4 (id=1772): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0) r0 = socket$inet(0x2, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 2m16.902545528s ago: executing program 4 (id=1774): socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000040)=@id, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r4, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000065c0)='./file0\x00', 0x0, 0x0) write$FUSE_INIT(r4, &(0x7f0000002300)={0x50, 0x0, r5, {0x7, 0x9}}, 0x50) read$FUSE(r4, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r4, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r6}, 0x10) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r7, r4, 0x0) r8 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r8, 0x80086601, 0x0) 2m15.946919984s ago: executing program 4 (id=1777): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) readv(r0, 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000008c0)={0x1, @pix={0x0, 0x0, 0x34324142}}) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)) r3 = memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000002, 0x10812, 0xffffffffffffffff, 0xffffd000) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 2m0.679743974s ago: executing program 33 (id=1777): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) readv(r0, 0x0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000008c0)={0x1, @pix={0x0, 0x0, 0x34324142}}) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)) r3 = memfd_create(&(0x7f0000000040)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t%\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c\x87\x1e|C\xd8\x01\xd0\xf5\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajnW\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000002, 0x10812, 0xffffffffffffffff, 0xffffd000) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 1m25.681608945s ago: executing program 5 (id=1940): r0 = socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb6050000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x29}]}}}]}, 0x3c}}, 0x0) 1m25.3418381s ago: executing program 5 (id=1943): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "41ddf96610"}]}, 0x30}}, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x43, 0x0, 0x3}, 0x10) socket$kcm(0x10, 0x2, 0x4) r4 = syz_io_uring_complete(0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x6, 0x8204, 0xfffff800, 0x7f7, 0x9, 0x7f, 0x1, 0x0}, &(0x7f0000000280)=0x20) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, &(0x7f0000000300)={r5, 0x8, 0x10, 0xf8, 0x8}, &(0x7f0000000340)=0x18) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffb}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff000000003e040000000000000c000000000000000404000001ed0a002500000017ffffffae040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8a3924eb54db2914, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000380)={0x400, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x1}, {}, {0x0, 0x3}, {0x9}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x40000000, 0x4000, 0x0, 0x0, 0x2, 0x16, 0x0, 0x0, 0x5}) 1m24.478480321s ago: executing program 0 (id=1945): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = syz_open_dev$I2C(&(0x7f00000028c0), 0x0, 0x0) ioctl$I2C_RDWR(r1, 0x541b, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6ea1893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb951368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = open(&(0x7f0000000040)='./bus\x00', 0x1612c2, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x4000000000010046) capset(&(0x7f0000000000)={0x19980330}, 0x0) socket$inet(0x2, 0x0, 0x0) r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000180)={0xa, @pix_mp={0x0, 0xd95df4, 0x32314d4e, 0x7, 0x0, [{}, {0x0, 0x6}, {0x4}, {0x0, 0x20000}, {}, {0x9}], 0x4e}}) bind$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r6, 0x89f5, &(0x7f00000003c0)={'sit0\x00', &(0x7f0000000280)={@empty, 0x1, 0x0, 0x40, 0x0, [{@multicast1}, {@private}, {@broadcast}, {@dev}]}}) r9 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r9, 0xc4c85513, &(0x7f0000000080)={0xa, 0x0, 0x0, 0x0, '\x00', 0x2}) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000300)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000140)="3eef12c9e843", 0x0, 0x0, 0x0, 0x0, 0x0}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) 1m23.40009724s ago: executing program 0 (id=1947): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001340)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @hash={{0x9, 0x20}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_HASH_TYPE={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0xfdfffff7}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 1m22.355655755s ago: executing program 5 (id=1949): socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x10, 0x80803, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000005e000102000000000000000000040000", @ANYRES32=0x0, @ANYRES32=r3], 0x1c}, 0x1, 0x0, 0x0, 0x80a3504513e3890d}, 0x0) 1m22.133434672s ago: executing program 0 (id=1952): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) (async) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) (async) r2 = memfd_create(&(0x7f0000001b80)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\xf9\x98\xcc\x00\xee\xff\x9a\x1bK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a\t\x00\x00\x00\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZpes\x8e\xf7y\x9e\xa2&(8\x15K\xaa\xdf[\x81B\xe9\xb66\xbc\x930D\xfe', 0x7) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002}) (async) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000003, 0x97052, r2, 0x0) (async) io_uring_setup(0x3050, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x10000}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000540)) (async) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000180000000000000", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async) r6 = dup(0xffffffffffffffff) openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x113000, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000003c0)={'tunl0\x00', &(0x7f0000000300)={'syztnl1\x00', 0x0, 0x8, 0x7800, 0x1, 0xd763, {{0x1c, 0x4, 0x2, 0x3, 0x70, 0x64, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010101, @loopback, {[@ra={0x94, 0x4}, @timestamp_addr={0x44, 0x54, 0x61, 0x1, 0x0, [{@remote, 0x4}, {@remote, 0x8001}, {@multicast2, 0xe94}, {@loopback, 0x6}, {@private=0xa010100, 0x80}, {@private=0xa010100, 0x8}, {@loopback, 0xffffffff}, {@dev={0xac, 0x14, 0x14, 0x18}, 0x8}, {@local, 0x5}, {@dev={0xac, 0x14, 0x14, 0x44}, 0x2}]}, @end, @noop]}}}}}) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r5, @ANYBLOB='\t\x00'/20, @ANYRES32=0x0, @ANYRES32=r6, @ANYBLOB="05000000010000000500000000000000000000000000000008000000045470c23a08a0abff5b91b486fb627a4568e108a60c04b9c58116829191cbbbb7eb2962362091a43889b9f42921ef7e51fd5301204150ae00"/101], 0x50) (async) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=r6, @ANYBLOB='G\a\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000020000000500eb474d70eea2f0ae00"/36], 0x50) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) (async) open$dir(&(0x7f00000000c0)='./file0\x00', 0x2, 0x0) r7 = open(&(0x7f0000000280)='.\x00', 0x141080, 0x0) fcntl$notify(r7, 0x402, 0x8000003d) (async) open$dir(&(0x7f0000000080)='./file0\x00', 0x1, 0x0) 1m21.583971951s ago: executing program 0 (id=1954): symlink(&(0x7f0000000200)='.\x00', &(0x7f0000000040)='./file0\x00') mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) dup3(r1, r0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000004c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 1m20.808522612s ago: executing program 0 (id=1958): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$inet_udp(0x2, 0x2, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000240)={[0x5]}, 0x8) eventfd(0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r1}) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) (fail_nth: 3) 1m20.593092869s ago: executing program 3 (id=1960): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "41ddf96610"}]}, 0x30}}, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x43, 0x0, 0x3}, 0x10) socket$kcm(0x10, 0x2, 0x4) r4 = syz_io_uring_complete(0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x6, 0x8204, 0xfffff800, 0x7f7, 0x9, 0x7f, 0x1, 0x0}, &(0x7f0000000280)=0x20) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, &(0x7f0000000300)={r5, 0x8, 0x10, 0xf8, 0x8}, &(0x7f0000000340)=0x18) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffb}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff000000003e040000000000000c000000000000000404000001ed0a002500000017ffffffae040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8a3924eb54db2914, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000380)={0x400, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x1}, {}, {0x0, 0x3}, {0x9}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x40000000, 0x4000, 0x0, 0x0, 0x2, 0x16, 0x0, 0x0, 0x5}) 1m20.074558621s ago: executing program 6 (id=1961): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r4, 0x29, 0xc8, 0x0, 0x44) syz_emit_ethernet(0x7a, &(0x7f0000000180)=ANY=[@ANYBLOB="856b934629faaaaaaaaa"], 0x0) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xc0701, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000060000000804000001"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r7}, 0x10) ioprio_get$uid(0x3, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r5, 0x40085112, &(0x7f0000000080)=@e={0xff, 0xa, 0x5, 0x0, @SEQ_CONTROLLER=0xfe, 0x2, 0x7f, 0x7f}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010062726964676500001800028008000400000000000a0014000180c20000000000"], 0x48}}, 0x0) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSLCKTRMIOS(r8, 0x542f, 0x0) 1m20.006472405s ago: executing program 0 (id=1962): r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000040)={[0xfffffffffffffff8]}, 0x0, 0x0, 0x8) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00'/20, @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES16=0x0, @ANYRES32=0x0, @ANYRESDEC=r0], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000002493da4fedb5d3020018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) syz_io_uring_setup(0x46d0c, &(0x7f0000000340)={0x0, 0x30a2, 0x5, 0x2000}, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x10, 0x3f5, 0x400, 0x70bd27, 0x25dfdbff}, 0x10}}, 0x80) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x4, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000640)=0x1) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0x100}}) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xff, 0xff, 0x2, '\x00', 0x8}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c000d0010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03000000000000001c00128008000100677265001000028008000700e000030a04001200"], 0x3c}}, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f00000002c0)=ANY=[@ANYBLOB="01666768696a6b6c6d6e6f7037e47e9ea1e2677172737475767778797a"], 0x29, 0xfffffffffffffffc) r10 = getpid() tgkill(r10, r0, 0xf) 1m18.810375081s ago: executing program 3 (id=1964): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/warn_count', 0x0, 0x0) r1 = getpgrp(0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002300)=ANY=[@ANYBLOB="b702000000001700bfa300000000000007030000f0ffffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee2922bd165a5a68488e010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7f22b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d74bf0a305790c9d644735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f535447cc0facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf00000048d2570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f09f4db033e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e7f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754d98b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8cf632c2604eab3a62a28611da1cae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412e1bdebae06edb51a134301b4627d4927287daf9dcae6720334862f3a18094f1edd9e3503379815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2f09e99f4ab5546ba1e5ad6a329f24e73a9c38eec34bd4dcc1609f6150e2de72f6599a2310c3841f4bb7f39cabc82c9fdfff5587ed4fa84090635fa3445c4cc54478b2f98320944ac7cb1c4e414556f7b0b763a00a84327cec7e11b3470f0384b27bbfdd8b2472497e7fe8c5df7e0a00641872472efa21c9ad3979e642dcc85c17ca8e084aa9689b83426e2fdaa01f500000000000000000000f9fd84fa991466ff749afe900d02281b2bb60d458340c4f68ec34835760ceca945bf181a000000c000000000b4a76515564ae189de7c1765f0ff68a0388ca8dd2aa831d0e01f0d7ce74401a58cef60e63e97a50c18de54121ce66380224ab7b9c0d4710f2347bad2c9b3e41cc738c1092728687f33e5cdb077223dc82c2137b4e3ba6791a2cd764e654f904c9505b7c5e3b2897072e747534952dcda50cde3e4deb6ebf85a04c3e415112b01eed6515c845a8a20519cd21787d560e9d8283fa8ff0c17b63ba06577c26678ff45420a1f85df47dbfc44e534f71aae5693fb5df61c5096219091ce0cd8e1e2e79bf9d37779e52007c66a00e6ded1499ed3892ed1544d1577906b52e16c734d4aec07dd15faa768c97298be87dd34ce704ffe3da8b46708cf972de4f31c0705ac933db80bdcfcb35c0d4620d4ec270ff7c9ce1b78994dd2b28b9d1c5c469d4c1a61781dce2f1b54d6138bd3f7df9e9ca613bec407c1b8d1bd0c7cb9d76eeb"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r2, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r3}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) sendmsg$AUDIT_SET(r0, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x3c, 0x3e9, 0x304, 0x70bd27, 0x25dfdbfb, {0x2, 0x1, 0x0, r1, 0x389, 0x4, 0x2, 0x5, 0x0, 0x6, 0x6bde}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c815}, 0x4000000) mlock2(&(0x7f0000658000/0x4000)=nil, 0x4000, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r5) sendmsg$NLBL_CIPSOV4_C_ADD(r5, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) read$FUSE(r0, &(0x7f0000006680)={0x2020}, 0x2020) 1m18.809457402s ago: executing program 6 (id=1965): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0) r0 = socket$inet(0x2, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 1m18.742523883s ago: executing program 5 (id=1966): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) r0 = openat(0xffffffffffffff9c, 0x0, 0x40, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) set_mempolicy_home_node(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x230484) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x2, 0x3, 0x8}, &(0x7f0000000080)=0x10) ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) socket$inet_sctp(0x2, 0x5, 0x84) socket(0x2, 0x80805, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) write$FUSE_DIRENTPLUS(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="c000000000000000", @ANYRES64, @ANYBLOB="070000000000004000000000000000000000000000000000000000000000000000004dba2200"/111, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0xc0) 1m18.603646649s ago: executing program 1 (id=1967): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x1d, r1}, 0x10, &(0x7f0000000100)={&(0x7f00000000c0)=@can={{0x3, 0x1, 0x1}, 0x3, 0x0, 0x0, 0x0, "a42f1bd45489d60a"}, 0x10}, 0x1, 0x0, 0x0, 0x24008814}, 0xc000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xffffff5f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f0000000000)={0x5, 0xc, 0x32a, 0x0, 0x3}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r4 = mq_open(&(0x7f0000001380)='et\xfa\x952\x8cj\x00\x15\x897\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\v\x018I$\xfdQ\x9e\xe5\xbb\x99(\x13.\x15\xad\xfe_\x98\x1d\x90=\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2}|\x1b\x04\xd2\xf9\xffx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.Tk\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xd3\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef\xff\xff\x00\x00\xab\x10a\xd6\xa2Y\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb08^{\xb5\xf4\xf8\xb8\x1am\xa6\xea\x8atz\xd7\xa9(\xe2\xe8\xfd\xf4\xb9T)\xa4\xc34\x14\xf11\xefFe\xb3\xf3>>\xda\xab\'\x1d\x9d.\x10\x8b\x9a\x99*\xc8\xa6B\xee\x8f8T\xaa?\xefk\xc9\xa5k\xe9,vv\f^I4\x86,J\x7fbT\xb7\xe6G\x04O\xfa\x03\xd4\xfe\n\x95l\xddW\xc6Y!\xd2a/\"\xe1\xac\xed\xd7\xc4\xcd\xa3W\xe3C\xf8\x9e\x1b[f\xfdus\'\xf7\x91!\x00'/461, 0x1, 0x5, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) mq_timedsend(r4, &(0x7f0000000380)="5cd7e11f0b98c28ba3346eecbba7180f68456e89d26928a06c2146e9b081a7ecd20ee46f887c5b7c4b9d59638c36d8036ed82c352dc5aeef5694246f118432f8d2467aa8fac3b82113b0b514b782fb33bcd362943978b24c83ea02b4a4f105c6c54a258f2fbf00f2f40852b22c51e4c2efe8ccd9075ef4955ffbde8902e478aa2829bdbd4f4f244189eff0aed3d3fed80f2ea6cfe958a51d419546bda0849c78215b4cee279d6be6292e1261a00e2a48636a612ad58ed112561d7f9b6a028d15c11066d6ec00c2c0363965695c7f915e3c93ebb1bcce00cf215791cc59a91d497ee96d4e4e78e8c79cd4e7e2182e37e55bac9945683007b8936eb863436f54e6c72daf2b3a5c130f895bee516ca1d49167ef5dd83ec7c03936a9d3f18bce9c56330b36a02667dc2a27dbf3d091fc80e7093a3bd477367f51a0a5534582ab2846abd0fbed11f18d05f606c5e09ad649a48cbb96b20ffe4549c4c8bbbf694f320dc0da927a3bb5251276e315ff1a7c34e29592d9666bba7f852d1aa561ffd8ad01b708a4fc626d04355cbbf5187b3d92e9afcf7b6d3343e20179ca72d67dc4bf8423a7ac515b276f41ba795ed05270a1f4c864056e4e49e34e937ca0692f0ac4284f28c38e4cf56bf56a5e491f7eca50bc7ccd8bb092e7c4a97c814e8482627a39acc87a0d58ef96d289129e3e7ad24021b67a7ae66a220816514399c771bbe2243c7e32d7449a5ee926992565d63655df56deb08c346177cba0cf6e8a927354fe9bc425a1e0ed7554d2dcd63a77a78413848d4092519dbf3a1043b4d119693a356fa3ee20a137ef7414926bf007605553d3917f96654b705fcfadfbb708d166a57c6edba14bd18ae87d32b57666825f9b522e6464e363569234bdcdc681c16907f1790262e3c736cb22877d3297d8db1cd9e43ed2c2115d5bc9802a079cae35652f29777530eb65f6b12fdf295978f77b57853be6c90e74f32cbc2e02c25736663feef4352e4e3cd857e52ecdbb14ccb3101b02caec408bcbf048e84c04f67478e6398bdb00b6284e996d302158813b896752976365fe0dd867d0d03fc3174a617d0268a183d508324464a439d59c04468f9da8086616adb407a5348f67634c16f0bdb49d8cf622ad040639ca0a24d291918776e170e0bc97ac64a92fe495f003fdf2db8f0a3a645b0ff725cd00504e96e109e85750a9ef82e2cdf5ae605c461d8183bdb9f2795bf9bbbefe6759dd62ce95d9461a690b0bc1925123404502d892a688cf8acbc08d7d6e278e5ec201a972412c4e79986219d77075cd00ddbf1e87ecd4d14fc34f1754618f61c4dee552c221c6dc8674763529be6cee48798c86b756e9ff769cef21ebd742bc487ff639ccf919545fefadd369f2fc472ea5691584bcb5186538f175e886e660638997df234761a7be1fe2b8a2190b43ade617055e3014a3f38bd53fc752c5a122af640b13c68271b6eb67249baee5cdd44399c4536e522bf5fdd10b181250c4b25ab820c8e47c6e478450a09f2f528abb2d845d7f590c94cfd106b245a94aa3240124b6a67e77d846b11351b69ea8bf9688e2748b1414e12df2ae92161b0833cce4b53c9dfb320ff21b6a44fbc9294891dbaedcfe93ba7b2707de60dd9e688b9be8ca155d20e71b20278bfa9ec123f8a7c7fd3619162f4cf0b188d72e69db66d4603313f2196b6a369b33afe7015d476a96458acf30fc682858fe5eb25c73e355cbd827d9e6ba4ee3daf28255a8a4083d0ae8fe2b46fb7b37272678f6f1702fdf068185ee68fb87da77954c3f69b1edfd11bffc0f4dbfd6d7aa84d96ad2f8359d26dd935de46cfa6d01ffc86c8480c7637ae6cb4b01bab89f05273f7c81dcb289e9104dd46f711c1835899cfc60fa9dc9a9ce3006016f576efead9f390c5f74e33d680dc5d1f16ffacddfde1a167a8a663b4c8633a9e6195c1cb945951a43e294328c280328bd1c4743a06399bb4f979b3030cb2c5ab0d09be93d18490102f452b5ad3f6e850a9ceb07c3760c4147976f30d9cd124ffc76265b8be60995e6f0f9f716931823fe879d99a10abafb5f8ac631a7519576d6255daff62d6ba5ffc4a147f81320a87716d13363c0f00380b32857a36bce61b5441aa36870f17c3703ca3fb35a3f579475149a40fee96cbe700d9e250972c2394b4b2a8fe9aecfca76cce364811ed529464a4edfae97d6c141ae29ac95e947e4e3975d22ea9fae41c8465ab4b2c464561aa84cd9913279c80a58f3fe94098a87d7550aab7123e2c15e266089f27868a92d7651b650b8454f0d5afb42c73eda75e4facf0da630e0b79d39cb47604cb61b9d04c34055f37be818262ef7e0975654b21a184eb875ea8002f25350f8afa8c8f754ec89dc489c8cbd22d7132c997a1ad96ef1ba092057e46b9993e7804b8a28422739ac4185b2547d79db6ca1a82c042b794c2cb726c22e2b6e7b6d454dc885c840c8f4f1f695ee919f4f24f6a6da249f1db094415e598e1b9cf26d018bb57dd66ca59e06311475decbc876cd716fa484269d716e68c4d293d140b21822de2d70e67fda76ea0b17340c116e33b21a3d519e49ac910b0aba160c8750857ca495c7bd89e0779344b67ed22f58dff8c0e08d41cfc5cf82a3a8a811da78edfc0511624eeb56ebdad4d0be70e55c983f383e80d8fb2a2022b07aec33388e9fababd4e3e6fa97792bb1a81b171f969261066ebaa22c03bcd7d02e7101367ccb4f09736de7a3b54b18708749abc18457fa1e0037f5028bc3e8a7106ffa8ae5d9fe8bea14a64dd0d51f9ae14ba7e6191a2932a3845ee17e425cc994e9af060470ca65494b6f19afc673765ac95c9f469aa0fd9821b17de03df3f98941474d8f927cb1760fa6e026a083a5f1fd4c75c08050872ca331f88ca79b17056ed6e15b8ef06ff6411ec7a72b69c84f98c47992488ef8038a20dcad451cead0b87c04248edc2a310e8502099d958bbee36eb0f21ee732e9af6a25fad1f4ca4781be868998368d35f52782cdae3b4114b54736e3ebb036505d8dded405baa54a9ca1d5677a6d697e89cfb7a9c1f7e4f22916dfce78e78f8e6c4109e437276c79ef75cbd25af6b72016077bbd3535a0da876400cb8656d7e0c8779315d82dd9cfaea934b3fdbfa34c7788ac52440838b46b6b3d5124b3746fe5e3b4f401b5d6371a16ee4765d144cfa8489f3772bd44e2ba18a6e69bc61e176363bed125b1f3784c1dad97f64368f4ed0d3b5928d97fb6ac185b7a280d968ae40161ea46f768118b9133f50c0a78ca54dcde3a125af0947f49438303bbf49b6f8e4b7eceed98f4bd1432bedf1013c1445215cea4da0a7c7007a1fbcb6800c94ebe194468f624a75ad6dbb17ed464085555082b2be669a913493453fb07da125c9299f036730ed5e5f6f94f05cadda736dc6755bf11d2da56ad0f081995aabb1cd37b49b5ccb2faffb066654a1c7c574bf62180777bdeeb4c1eceaaca1ad74562e6cd4b40d9de48ec61ddedc88b68392fb3ce7ff0acfe983f9406cdf335fe242472b3cc75f58325e8a4f9ddfdcf885756df7b2d1fb25ef14f3aac80a86c3fff72d44b5b0e42ecb6e3f1947236a4398cff071809ea96383d240da104921543a0eaef99fe42d0eaefb136fd3478b3f7ab3132d23709e1d9b3b871ab4e1f3eadfd28365b2096dbeeda44854eb34d69043f0a893e12f2444762505c5acc5edca83473c23352c29d644cc4bd9633777cdf106f2fe5bac70de822f4cf975b020601073a4ee1b0c743ebd880f4a4c2446afe1c30233ac55afec2a7995f8841ddfece68c7138aad71aae18a575ad29ee543c6b9401fdd19df408b9568afa3854c7c052cc171f0f37542c35fa9d3a866e05850cc6de4b37c8781ed938f2345c99dfedbc5c60d88d33995f69a3a14fb813a5db388f3db1c75c459e7ad3bc87272c48c5df4995fc3b2558c2c4d671a0d0777608c5606ed928191af1d731be3bd1ac90d850203931cf037c465e7e759c19fc43661bb289642dd077a85565aee8821e7ed23dc8fe526d3ede019f4caa6b8101f640e5646c76dcededbbea9f2eb6ce97a6c8168a3c95a64c3e5bc9480fdf4510fc7d19542ae1c5c2c415310641f37bf410e07c411d1192cb1301f73b327c4a3657bd056e41888f30bb8d86a22c378a87e38066daa7ca208b2f3f380bbcc1e6752f1bf12bbdce22e887c265192f8559d06e60c15785a63451003e8e56c4361215ab1855b82ca9d1cd9deecd6a8de27a36ebb6aac5e06d4eaef9556d38989724b937ba612a22e6247e50c6f4c48491d1516e518d05b6f25d1417654e65ea12dbd8e41e3a9eabbe03b2e3477796b36c5d7224ea6ee3cd339d25a6ff70ad5f9d185a63147b4b6d1120c9d355ca57ced26b5d4c25b852ddc63b7d28a9f6dfa54cc85f06f4579bc0a1345864bd2682e7627617c5f63802a91237c11ca92a19b875ea28eb4f8806fbcd245fafc23e1a2210287665367bc85dcad5e2c173105476253b07338b939f6e308230d8ae3d8e55e75e4e11378f88c3f391fcffa921df07077c512837811f7e98e944cfa5643dd16987c44fa2632d4ee2fa4cbecc8ea0f282ccd1ae6f67c455d142b53f825dcb5039f64275cb9bfa9637b6560c5b66ccb4da06b0e6cd79bcf99cb2fe9b23cf03212ca504961e46d252cdcd4f1c696c6a71ae80358dd9f59ef39880412cc0cbd9601277a3a946ea51bdbaf557df293214c139da52f721b13d3f050c0544803872d1ac26e8481f70dc23ea54ca293cf96ba776f6112884a4f614a512711ba37db356cc690124e64ded97fbd69d1b2983a833b7e9ec209b66a6ebc13b52c2e3ead8558a227b014b6fb138cac090960e30a3a63c0c6bdc70e9052c7b9b4d9b16d8cf4cf833b9d9615491e1cb7f503277fad7e9e6f9548f069bec0fa0d17fa8da385095c59f23193eb1cda524d527a098ed641d267a844169069e1f04b5ce61efd2d0a47e86ddb21aa084e5f89c65b726cd9047aa604dff7b29dd83257861d3830d93043f61fa414da821772a17e22dc33f7bd507a1c4109739f4a085a6450181828bffdb7eee965f217b4527e9907fbb27801f823822bbff0f070b8f7883369c83cff73b70b619a1e7a1aa7db3f55ab1b8c109f6555ea2a94993c24868a5812e018e0d88c86462b58a6be861c929d66a1967d632a55d1f6f74e99b9bbec9d492b04704813a0ec69f8f23ea78f6e24233813a656dd4859f7c96dcd26994a3f65065ff860189589194d3c6cb67f8c3e781f67e0c05574abe210d15432613d41d690ad24a600ecf4ab709450e3771ee28c2f3e0c67ffe8a62a145bd8ad97474e9deb30f74359cdfbacd215458e4f77731824458f5df85ba5955aa0eb568297513e4b51387a5e881858f03edc11512680af552049a80909a21d25d16ba607ee797820100d55cdbf17683c488e7aac265119022851ebcad2d4e0e13874c87dd2912dd7677ba05c4adee47f9953ec1d574eead6948aa0dec5783835ee13e6d7c4f2919b4d9fdbefafb7ce98b9c618f87851eed88832c8dbe563e58447e0478a2f5fa9233797a4dd64e93f9c1229490e39de316a78180dee4312077dcbe38e67e3b628aa662e69c561ca50058bab73723bdd0efcc0d768c12b1dd468ae86bddd9146765354d4a75067c20fc1ea51129b33f0d91013e9a244c3f5aa16df506498a34d213ab496ae8fb0fc5d2628e885b6a0a832a82594b80a1795093d", 0xfd1, 0x0, 0x0) dup2(r5, r4) mq_unlink(&(0x7f0000000340)='eth0\x00') socket$netlink(0x10, 0x3, 0x8) mount_setattr(0xffffffffffffffff, 0x0, 0x1000, &(0x7f0000000180)={0xac, 0x10008c}, 0x23) 1m18.602811125s ago: executing program 6 (id=1968): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000024000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c0001"], 0xdc}}, 0x0) 1m18.550669205s ago: executing program 3 (id=1969): r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000002800), 0x0, 0x100, 0x0) r2 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J]\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) r5 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m17.642709282s ago: executing program 6 (id=1972): creat(&(0x7f0000000100)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) io_setup(0x202, 0x0) io_submit(0x0, 0x1, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r0, &(0x7f00000000c0)='!', 0x1}]) 1m16.622967051s ago: executing program 1 (id=1973): syz_open_dev$loop(&(0x7f00000001c0), 0x2, 0x103382) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, &(0x7f0000000040)={{0x0}, &(0x7f0000000000), 0x2}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(0xffffffffffffffff, 0x0) accept$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000200)={0xa4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x3c}}, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r0, 0x0, 0x20000000) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv6_getaddrlabel={0x38, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @private0}]}, 0x38}}, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r6, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001800000008000300", @ANYRES32=r7, @ANYBLOB="380030803400018008000100000000002800038008000200030000000c0004000000000000000000060001"], 0x54}}, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r8) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x38, r9, 0x1, 0x0, 0x0, {0x4}, [@NLBL_UNLABEL_A_IPV4ADDR={0x5, 0x4, @multicast1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_team\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x5, 0x5, @multicast1}]}, 0x38}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r6, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x68, r9, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x2b}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_1\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x20000040) ioctl$TUNSETOFFLOAD(r3, 0x400454c9, 0x3) 1m16.30396174s ago: executing program 3 (id=1974): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_SEQ={0x4}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "41ddf96610"}]}, 0x30}}, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x43, 0x0, 0x3}, 0x10) socket$kcm(0x10, 0x2, 0x4) r4 = syz_io_uring_complete(0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x6, 0x8204, 0xfffff800, 0x7f7, 0x9, 0x7f, 0x1, 0x0}, &(0x7f0000000280)=0x20) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x73, &(0x7f0000000300)={r5, 0x8, 0x10, 0xf8, 0x8}, &(0x7f0000000340)=0x18) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84, 0x144, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffb}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff000000003e040000000000000c000000000000000404000001ed0a002500000017ffffffae040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8a3924eb54db2914, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r8, 0x4601, &(0x7f0000000380)={0x400, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x1}, {}, {0x0, 0x3}, {0x9}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x40000000, 0x4000, 0x0, 0x0, 0x2, 0x16, 0x0, 0x0, 0x5}) 1m16.250489381s ago: executing program 6 (id=1975): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"}) r1 = syz_open_pts(r0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0) flock(r2, 0x5) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r2, 0xc0a85352, &(0x7f0000000300)={{0xd, 0xe}, 'port1\x00', 0x10, 0x80000, 0x3, 0x4, 0x600, 0x8, 0xfffffffe}) r3 = socket$alg(0x26, 0x5, 0x0) eventfd(0x588a) r4 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$SG_IO(r2, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffb, 0x21, 0x9, @scatter={0x1, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000240)=""/114, 0x72}]}, &(0x7f0000000400)="1247af3e65d891fb168e65ffe65252fa6e28c1de537557d832da1206df077b0524", &(0x7f00000004c0)=""/179, 0x8001, 0x19, 0x3, &(0x7f0000000580)}) bind$alg(r3, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) accept$alg(r3, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13) ioctl$TCSETA(r1, 0x5406, &(0x7f00000001c0)={0x3, 0xfffd, 0xffd, 0x38f, 0x0, "18863460f2ce7fc6"}) r5 = open(&(0x7f0000000180)='./bus\x00', 0x14967e, 0x81) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r5, 0x0) fallocate(r5, 0x0, 0x0, 0x1000f4) ioctl$NBD_SET_SOCK(r4, 0xab00, r5) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}]}}}]}, 0x48}}, 0x0) 1m14.014563784s ago: executing program 1 (id=1976): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="000000000010000000000000f2ffffffffffffff", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/13], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setscheduler(r6, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000080)={{{@in=@multicast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x9}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x4d5, 0x32}, 0x0, @in6=@mcast1, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r2, &(0x7f0000000180), 0x400000000000077, 0x6000000000000000) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$KVM_SET_CPUID(r1, 0x4008ae8a, &(0x7f00000006c0)=ANY=[@ANYBLOB="07000000000000000d000000580f0000000000000100010000"]) 1m12.598995156s ago: executing program 3 (id=1977): syz_open_dev$loop(&(0x7f00000001c0), 0x2, 0x103382) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) setsockopt$RDS_GET_MR(0xffffffffffffffff, 0x114, 0x2, &(0x7f0000000040)={{0x0}, &(0x7f0000000000), 0x2}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)={0x0, 0x2710}, 0x10) listen(0xffffffffffffffff, 0x0) accept$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0xa4, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x108) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}}, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r0, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, r2, 0x2, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x90}, 0x20000000) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r5, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv6_getaddrlabel={0x38, 0x1a, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @private0}]}, 0x38}}, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r7, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001800000008000300", @ANYRES32=r8, @ANYBLOB="380030803400018008000100000000002800038008000200030000000c0004000000000000000000060001"], 0x54}}, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r9) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x38, r10, 0x1, 0x0, 0x0, {0x4}, [@NLBL_UNLABEL_A_IPV4ADDR={0x5, 0x4, @multicast1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_team\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x5, 0x5, @multicast1}]}, 0x38}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r7, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x68, r10, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x2b}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond_slave_1\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x20000040) ioctl$TUNSETOFFLOAD(r4, 0x400454c9, 0x3) 1m12.238659845s ago: executing program 1 (id=1978): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000013c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x8, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) (fail_nth: 3) 1m12.125105453s ago: executing program 5 (id=1979): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/warn_count', 0x0, 0x0) r1 = getpgrp(0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002300)=ANY=[@ANYBLOB="b702000000001700bfa300000000000007030000f0ffffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee2922bd165a5a68488e010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7f22b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab6692422a47e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d74bf0a305790c9d644735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f535447cc0facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf00000048d2570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f09f4db033e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e7f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec50f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754d98b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8cf632c2604eab3a62a28611da1cae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412e1bdebae06edb51a134301b4627d4927287daf9dcae6720334862f3a18094f1edd9e3503379815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2f09e99f4ab5546ba1e5ad6a329f24e73a9c38eec34bd4dcc1609f6150e2de72f6599a2310c3841f4bb7f39cabc82c9fdfff5587ed4fa84090635fa3445c4cc54478b2f98320944ac7cb1c4e414556f7b0b763a00a84327cec7e11b3470f0384b27bbfdd8b2472497e7fe8c5df7e0a00641872472efa21c9ad3979e642dcc85c17ca8e084aa9689b83426e2fdaa01f500000000000000000000f9fd84fa991466ff749afe900d02281b2bb60d458340c4f68ec34835760ceca945bf181a000000c000000000b4a76515564ae189de7c1765f0ff68a0388ca8dd2aa831d0e01f0d7ce74401a58cef60e63e97a50c18de54121ce66380224ab7b9c0d4710f2347bad2c9b3e41cc738c1092728687f33e5cdb077223dc82c2137b4e3ba6791a2cd764e654f904c9505b7c5e3b2897072e747534952dcda50cde3e4deb6ebf85a04c3e415112b01eed6515c845a8a20519cd21787d560e9d8283fa8ff0c17b63ba06577c26678ff45420a1f85df47dbfc44e534f71aae5693fb5df61c5096219091ce0cd8e1e2e79bf9d37779e52007c66a00e6ded1499ed3892ed1544d1577906b52e16c734d4aec07dd15faa768c97298be87dd34ce704ffe3da8b46708cf972de4f31c0705ac933db80bdcfcb35c0d4620d4ec270ff7c9ce1b78994dd2b28b9d1c5c469d4c1a61781dce2f1b54d6138bd3f7df9e9ca613bec407c1b8d1bd0c7cb9d76eeb"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r2, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r3}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) sendmsg$AUDIT_SET(r0, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x3c, 0x3e9, 0x304, 0x70bd27, 0x25dfdbfb, {0x2, 0x1, 0x0, r1, 0x389, 0x4, 0x2, 0x5, 0x0, 0x6, 0x6bde}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c815}, 0x4000000) mlock2(&(0x7f0000658000/0x4000)=nil, 0x4000, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r5) sendmsg$NLBL_CIPSOV4_C_ADD(r5, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) read$FUSE(r0, &(0x7f0000006680)={0x2020}, 0x2020) 1m12.059443649s ago: executing program 5 (id=1980): openat$vicodec1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udplite(0xa, 0x2, 0x88) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) syz_pidfd_open(0x0, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x27}) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xbb34f000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_procfs(0x0, 0x0) getdents64(r5, &(0x7f00000000c0)=""/44, 0x2c) r6 = syz_io_uring_setup(0x5169, &(0x7f0000000600)={0x0, 0x4000, 0x10100, 0x7fffffe, 0x0, 0x0, r5}, &(0x7f0000000100), &(0x7f0000000040)=0x0) syz_io_uring_submit(0x0, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r6, 0xb15, 0x0, 0x0, 0x0, 0x0) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x80040, 0x0) r9 = dup(r8) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB, @ANYRESOCT=r10]) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[], 0xe0}}, 0x20000000) 1m11.878504062s ago: executing program 1 (id=1981): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x1d, r1}, 0x10, &(0x7f0000000100)={&(0x7f00000000c0)=@can={{0x3, 0x1, 0x1}, 0x3, 0x0, 0x0, 0x0, "a42f1bd45489d60a"}, 0x10}, 0x1, 0x0, 0x0, 0x24008814}, 0xc000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xffffff5f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f0000000000)={0x5, 0xc, 0x32a, 0x0, 0x3}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) r4 = mq_open(&(0x7f0000001380)='et\xfa\x952\x8cj\x00\x15\x897\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\v\x018I$\xfdQ\x9e\xe5\xbb\x99(\x13.\x15\xad\xfe_\x98\x1d\x90=\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2}|\x1b\x04\xd2\xf9\xffx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.Tk\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xd3\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef\xff\xff\x00\x00\xab\x10a\xd6\xa2Y\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb08^{\xb5\xf4\xf8\xb8\x1am\xa6\xea\x8atz\xd7\xa9(\xe2\xe8\xfd\xf4\xb9T)\xa4\xc34\x14\xf11\xefFe\xb3\xf3>>\xda\xab\'\x1d\x9d.\x10\x8b\x9a\x99*\xc8\xa6B\xee\x8f8T\xaa?\xefk\xc9\xa5k\xe9,vv\f^I4\x86,J\x7fbT\xb7\xe6G\x04O\xfa\x03\xd4\xfe\n\x95l\xddW\xc6Y!\xd2a/\"\xe1\xac\xed\xd7\xc4\xcd\xa3W\xe3C\xf8\x9e\x1b[f\xfdus\'\xf7\x91!\x00'/461, 0x1, 0x5, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) mq_timedsend(r4, &(0x7f0000000380)="5cd7e11f0b98c28ba3346eecbba7180f68456e89d26928a06c2146e9b081a7ecd20ee46f887c5b7c4b9d59638c36d8036ed82c352dc5aeef5694246f118432f8d2467aa8fac3b82113b0b514b782fb33bcd362943978b24c83ea02b4a4f105c6c54a258f2fbf00f2f40852b22c51e4c2efe8ccd9075ef4955ffbde8902e478aa2829bdbd4f4f244189eff0aed3d3fed80f2ea6cfe958a51d419546bda0849c78215b4cee279d6be6292e1261a00e2a48636a612ad58ed112561d7f9b6a028d15c11066d6ec00c2c0363965695c7f915e3c93ebb1bcce00cf215791cc59a91d497ee96d4e4e78e8c79cd4e7e2182e37e55bac9945683007b8936eb863436f54e6c72daf2b3a5c130f895bee516ca1d49167ef5dd83ec7c03936a9d3f18bce9c56330b36a02667dc2a27dbf3d091fc80e7093a3bd477367f51a0a5534582ab2846abd0fbed11f18d05f606c5e09ad649a48cbb96b20ffe4549c4c8bbbf694f320dc0da927a3bb5251276e315ff1a7c34e29592d9666bba7f852d1aa561ffd8ad01b708a4fc626d04355cbbf5187b3d92e9afcf7b6d3343e20179ca72d67dc4bf8423a7ac515b276f41ba795ed05270a1f4c864056e4e49e34e937ca0692f0ac4284f28c38e4cf56bf56a5e491f7eca50bc7ccd8bb092e7c4a97c814e8482627a39acc87a0d58ef96d289129e3e7ad24021b67a7ae66a220816514399c771bbe2243c7e32d7449a5ee926992565d63655df56deb08c346177cba0cf6e8a927354fe9bc425a1e0ed7554d2dcd63a77a78413848d4092519dbf3a1043b4d119693a356fa3ee20a137ef7414926bf007605553d3917f96654b705fcfadfbb708d166a57c6edba14bd18ae87d32b57666825f9b522e6464e363569234bdcdc681c16907f1790262e3c736cb22877d3297d8db1cd9e43ed2c2115d5bc9802a079cae35652f29777530eb65f6b12fdf295978f77b57853be6c90e74f32cbc2e02c25736663feef4352e4e3cd857e52ecdbb14ccb3101b02caec408bcbf048e84c04f67478e6398bdb00b6284e996d302158813b896752976365fe0dd867d0d03fc3174a617d0268a183d508324464a439d59c04468f9da8086616adb407a5348f67634c16f0bdb49d8cf622ad040639ca0a24d291918776e170e0bc97ac64a92fe495f003fdf2db8f0a3a645b0ff725cd00504e96e109e85750a9ef82e2cdf5ae605c461d8183bdb9f2795bf9bbbefe6759dd62ce95d9461a690b0bc1925123404502d892a688cf8acbc08d7d6e278e5ec201a972412c4e79986219d77075cd00ddbf1e87ecd4d14fc34f1754618f61c4dee552c221c6dc8674763529be6cee48798c86b756e9ff769cef21ebd742bc487ff639ccf919545fefadd369f2fc472ea5691584bcb5186538f175e886e660638997df234761a7be1fe2b8a2190b43ade617055e3014a3f38bd53fc752c5a122af640b13c68271b6eb67249baee5cdd44399c4536e522bf5fdd10b181250c4b25ab820c8e47c6e478450a09f2f528abb2d845d7f590c94cfd106b245a94aa3240124b6a67e77d846b11351b69ea8bf9688e2748b1414e12df2ae92161b0833cce4b53c9dfb320ff21b6a44fbc9294891dbaedcfe93ba7b2707de60dd9e688b9be8ca155d20e71b20278bfa9ec123f8a7c7fd3619162f4cf0b188d72e69db66d4603313f2196b6a369b33afe7015d476a96458acf30fc682858fe5eb25c73e355cbd827d9e6ba4ee3daf28255a8a4083d0ae8fe2b46fb7b37272678f6f1702fdf068185ee68fb87da77954c3f69b1edfd11bffc0f4dbfd6d7aa84d96ad2f8359d26dd935de46cfa6d01ffc86c8480c7637ae6cb4b01bab89f05273f7c81dcb289e9104dd46f711c1835899cfc60fa9dc9a9ce3006016f576efead9f390c5f74e33d680dc5d1f16ffacddfde1a167a8a663b4c8633a9e6195c1cb945951a43e294328c280328bd1c4743a06399bb4f979b3030cb2c5ab0d09be93d18490102f452b5ad3f6e850a9ceb07c3760c4147976f30d9cd124ffc76265b8be60995e6f0f9f716931823fe879d99a10abafb5f8ac631a7519576d6255daff62d6ba5ffc4a147f81320a87716d13363c0f00380b32857a36bce61b5441aa36870f17c3703ca3fb35a3f579475149a40fee96cbe700d9e250972c2394b4b2a8fe9aecfca76cce364811ed529464a4edfae97d6c141ae29ac95e947e4e3975d22ea9fae41c8465ab4b2c464561aa84cd9913279c80a58f3fe94098a87d7550aab7123e2c15e266089f27868a92d7651b650b8454f0d5afb42c73eda75e4facf0da630e0b79d39cb47604cb61b9d04c34055f37be818262ef7e0975654b21a184eb875ea8002f25350f8afa8c8f754ec89dc489c8cbd22d7132c997a1ad96ef1ba092057e46b9993e7804b8a28422739ac4185b2547d79db6ca1a82c042b794c2cb726c22e2b6e7b6d454dc885c840c8f4f1f695ee919f4f24f6a6da249f1db094415e598e1b9cf26d018bb57dd66ca59e06311475decbc876cd716fa484269d716e68c4d293d140b21822de2d70e67fda76ea0b17340c116e33b21a3d519e49ac910b0aba160c8750857ca495c7bd89e0779344b67ed22f58dff8c0e08d41cfc5cf82a3a8a811da78edfc0511624eeb56ebdad4d0be70e55c983f383e80d8fb2a2022b07aec33388e9fababd4e3e6fa97792bb1a81b171f969261066ebaa22c03bcd7d02e7101367ccb4f09736de7a3b54b18708749abc18457fa1e0037f5028bc3e8a7106ffa8ae5d9fe8bea14a64dd0d51f9ae14ba7e6191a2932a3845ee17e425cc994e9af060470ca65494b6f19afc673765ac95c9f469aa0fd9821b17de03df3f98941474d8f927cb1760fa6e026a083a5f1fd4c75c08050872ca331f88ca79b17056ed6e15b8ef06ff6411ec7a72b69c84f98c47992488ef8038a20dcad451cead0b87c04248edc2a310e8502099d958bbee36eb0f21ee732e9af6a25fad1f4ca4781be868998368d35f52782cdae3b4114b54736e3ebb036505d8dded405baa54a9ca1d5677a6d697e89cfb7a9c1f7e4f22916dfce78e78f8e6c4109e437276c79ef75cbd25af6b72016077bbd3535a0da876400cb8656d7e0c8779315d82dd9cfaea934b3fdbfa34c7788ac52440838b46b6b3d5124b3746fe5e3b4f401b5d6371a16ee4765d144cfa8489f3772bd44e2ba18a6e69bc61e176363bed125b1f3784c1dad97f64368f4ed0d3b5928d97fb6ac185b7a280d968ae40161ea46f768118b9133f50c0a78ca54dcde3a125af0947f49438303bbf49b6f8e4b7eceed98f4bd1432bedf1013c1445215cea4da0a7c7007a1fbcb6800c94ebe194468f624a75ad6dbb17ed464085555082b2be669a913493453fb07da125c9299f036730ed5e5f6f94f05cadda736dc6755bf11d2da56ad0f081995aabb1cd37b49b5ccb2faffb066654a1c7c574bf62180777bdeeb4c1eceaaca1ad74562e6cd4b40d9de48ec61ddedc88b68392fb3ce7ff0acfe983f9406cdf335fe242472b3cc75f58325e8a4f9ddfdcf885756df7b2d1fb25ef14f3aac80a86c3fff72d44b5b0e42ecb6e3f1947236a4398cff071809ea96383d240da104921543a0eaef99fe42d0eaefb136fd3478b3f7ab3132d23709e1d9b3b871ab4e1f3eadfd28365b2096dbeeda44854eb34d69043f0a893e12f2444762505c5acc5edca83473c23352c29d644cc4bd9633777cdf106f2fe5bac70de822f4cf975b020601073a4ee1b0c743ebd880f4a4c2446afe1c30233ac55afec2a7995f8841ddfece68c7138aad71aae18a575ad29ee543c6b9401fdd19df408b9568afa3854c7c052cc171f0f37542c35fa9d3a866e05850cc6de4b37c8781ed938f2345c99dfedbc5c60d88d33995f69a3a14fb813a5db388f3db1c75c459e7ad3bc87272c48c5df4995fc3b2558c2c4d671a0d0777608c5606ed928191af1d731be3bd1ac90d850203931cf037c465e7e759c19fc43661bb289642dd077a85565aee8821e7ed23dc8fe526d3ede019f4caa6b8101f640e5646c76dcededbbea9f2eb6ce97a6c8168a3c95a64c3e5bc9480fdf4510fc7d19542ae1c5c2c415310641f37bf410e07c411d1192cb1301f73b327c4a3657bd056e41888f30bb8d86a22c378a87e38066daa7ca208b2f3f380bbcc1e6752f1bf12bbdce22e887c265192f8559d06e60c15785a63451003e8e56c4361215ab1855b82ca9d1cd9deecd6a8de27a36ebb6aac5e06d4eaef9556d38989724b937ba612a22e6247e50c6f4c48491d1516e518d05b6f25d1417654e65ea12dbd8e41e3a9eabbe03b2e3477796b36c5d7224ea6ee3cd339d25a6ff70ad5f9d185a63147b4b6d1120c9d355ca57ced26b5d4c25b852ddc63b7d28a9f6dfa54cc85f06f4579bc0a1345864bd2682e7627617c5f63802a91237c11ca92a19b875ea28eb4f8806fbcd245fafc23e1a2210287665367bc85dcad5e2c173105476253b07338b939f6e308230d8ae3d8e55e75e4e11378f88c3f391fcffa921df07077c512837811f7e98e944cfa5643dd16987c44fa2632d4ee2fa4cbecc8ea0f282ccd1ae6f67c455d142b53f825dcb5039f64275cb9bfa9637b6560c5b66ccb4da06b0e6cd79bcf99cb2fe9b23cf03212ca504961e46d252cdcd4f1c696c6a71ae80358dd9f59ef39880412cc0cbd9601277a3a946ea51bdbaf557df293214c139da52f721b13d3f050c0544803872d1ac26e8481f70dc23ea54ca293cf96ba776f6112884a4f614a512711ba37db356cc690124e64ded97fbd69d1b2983a833b7e9ec209b66a6ebc13b52c2e3ead8558a227b014b6fb138cac090960e30a3a63c0c6bdc70e9052c7b9b4d9b16d8cf4cf833b9d9615491e1cb7f503277fad7e9e6f9548f069bec0fa0d17fa8da385095c59f23193eb1cda524d527a098ed641d267a844169069e1f04b5ce61efd2d0a47e86ddb21aa084e5f89c65b726cd9047aa604dff7b29dd83257861d3830d93043f61fa414da821772a17e22dc33f7bd507a1c4109739f4a085a6450181828bffdb7eee965f217b4527e9907fbb27801f823822bbff0f070b8f7883369c83cff73b70b619a1e7a1aa7db3f55ab1b8c109f6555ea2a94993c24868a5812e018e0d88c86462b58a6be861c929d66a1967d632a55d1f6f74e99b9bbec9d492b04704813a0ec69f8f23ea78f6e24233813a656dd4859f7c96dcd26994a3f65065ff860189589194d3c6cb67f8c3e781f67e0c05574abe210d15432613d41d690ad24a600ecf4ab709450e3771ee28c2f3e0c67ffe8a62a145bd8ad97474e9deb30f74359cdfbacd215458e4f77731824458f5df85ba5955aa0eb568297513e4b51387a5e881858f03edc11512680af552049a80909a21d25d16ba607ee797820100d55cdbf17683c488e7aac265119022851ebcad2d4e0e13874c87dd2912dd7677ba05c4adee47f9953ec1d574eead6948aa0dec5783835ee13e6d7c4f2919b4d9fdbefafb7ce98b9c618f87851eed88832c8dbe563e58447e0478a2f5fa9233797a4dd64e93f9c1229490e39de316a78180dee4312077dcbe38e67e3b628aa662e69c561ca50058bab73723bdd0efcc0d768c12b1dd468ae86bddd9146765354d4a75067c20fc1ea51129b33f0d91013e9a244c3f5aa16df506498a34d213ab496ae8fb0fc5d2628e885b6a0a832a82594b80a1795093d", 0xfd1, 0x0, 0x0) dup2(r5, r4) mq_unlink(&(0x7f0000000340)='eth0\x00') socket$netlink(0x10, 0x3, 0x8) mount_setattr(0xffffffffffffffff, 0x0, 0x1000, &(0x7f0000000180)={0xac, 0x10008c}, 0x23) 1m11.701675034s ago: executing program 6 (id=1982): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xfffffe}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f1114f9f407000901000000000004000003000000000800040001000000", 0x24) 0s ago: executing program 34 (id=1962): r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000040)={[0xfffffffffffffff8]}, 0x0, 0x0, 0x8) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00'/20, @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES16=0x0, @ANYRES32=0x0, @ANYRESDEC=r0], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000002493da4fedb5d3020018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) syz_io_uring_setup(0x46d0c, &(0x7f0000000340)={0x0, 0x30a2, 0x5, 0x2000}, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$AUDIT_LIST_RULES(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x10, 0x3f5, 0x400, 0x70bd27, 0x25dfdbff}, 0x10}}, 0x80) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x4, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000640)=0x1) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x0, @private=0x100}}) r8 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x0, @loopback=0x7f000000}}) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xff, 0xff, 0x2, '\x00', 0x8}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c000d0010000305000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="03000000000000001c00128008000100677265001000028008000700e000030a04001200"], 0x3c}}, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f00000002c0)=ANY=[@ANYBLOB="01666768696a6b6c6d6e6f7037e47e9ea1e2677172737475767778797a"], 0x29, 0xfffffffffffffffc) r10 = getpid() tgkill(r10, r0, 0xf) kernel console output (not intermixed with test programs): g attributes in process `syz.1.1203'. [ 429.065128][T10148] netlink: 'syz.3.1205': attribute type 39 has an invalid length. [ 429.074875][ T5882] libceph: connect (1)[c::]:6789 error -101 [ 429.082322][ T5882] libceph: mon0 (1)[c::]:6789 connect error [ 429.240328][T10152] xt_TCPMSS: Only works on TCP SYN packets [ 429.309933][T10141] ceph: No mds server is up or the cluster is laggy [ 429.416302][ T5882] libceph: connect (1)[c::]:6789 error -101 [ 429.430912][ T5882] libceph: mon0 (1)[c::]:6789 connect error [ 432.834319][T10197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1220'. [ 433.098390][ T5882] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 433.175728][T10183] kAFS: unable to lookup cell '' [ 433.274566][ T5882] usb 4-1: config 0 has an invalid descriptor of length 135, skipping remainder of the config [ 433.302833][ T5882] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 433.359960][ T5882] usb 4-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 433.385349][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.415986][ T5882] usb 4-1: config 0 descriptor?? [ 433.648082][ T5882] usb 4-1: USB disconnect, device number 19 [ 434.710145][T10220] ip6t_REJECT: ECHOREPLY is not supported [ 436.282602][T10235] xt_TCPMSS: Only works on TCP SYN packets [ 437.412458][T10239] sctp: [Deprecated]: syz.0.1232 (pid 10239) Use of struct sctp_assoc_value in delayed_ack socket option. [ 437.412458][T10239] Use struct sctp_sack_info instead [ 438.452335][T10252] xt_TCPMSS: Only works on TCP SYN packets [ 438.546211][T10249] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1234'. [ 438.608469][T10249] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1234'. [ 438.855068][T10249] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1234'. [ 438.919775][T10249] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1234'. [ 439.172585][T10269] netlink: 'syz.3.1239': attribute type 1 has an invalid length. [ 439.521849][T10270] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1239'. [ 439.563642][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1240'. [ 440.530959][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.537740][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.723437][T10280] xt_TCPMSS: Only works on TCP SYN packets [ 441.649274][T10287] xt_TCPMSS: Only works on TCP SYN packets [ 443.223232][T10305] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1250'. [ 443.269782][T10305] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1250'. [ 443.321264][T10305] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1250'. [ 443.371598][T10305] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1250'. [ 443.408354][ T5882] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 443.558455][ T5882] usb 1-1: Using ep0 maxpacket: 16 [ 443.574279][ T5882] usb 1-1: config 0 has no interfaces? [ 443.594788][ T5882] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=c5.67 [ 443.617416][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.638770][ T5882] usb 1-1: Product: syz [ 443.651469][ T5882] usb 1-1: Manufacturer: syz [ 443.662716][ T5882] usb 1-1: SerialNumber: syz [ 443.714435][ T5882] r8152-cfgselector 1-1: Unknown version 0x0000 [ 443.720933][ T5882] r8152-cfgselector 1-1: config 0 descriptor?? [ 443.768369][ T969] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 443.923390][ T969] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 443.942983][ T969] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 443.968000][ T969] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 443.983865][ T969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 444.006979][ T969] usb 2-1: SerialNumber: syz [ 445.106752][ T5882] r8152-cfgselector 1-1: USB disconnect, device number 26 [ 445.260026][T10316] netlink: 'syz.0.1253': attribute type 1 has an invalid length. [ 445.315440][T10316] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1253'. [ 445.764961][T10321] FAULT_INJECTION: forcing a failure. [ 445.764961][T10321] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 446.580318][T10321] CPU: 0 UID: 0 PID: 10321 Comm: syz.0.1255 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 446.591152][T10321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 446.601422][T10321] Call Trace: [ 446.604734][T10321] [ 446.607707][T10321] dump_stack_lvl+0x241/0x360 [ 446.612440][T10321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 446.618091][T10321] ? __pfx__printk+0x10/0x10 [ 446.622713][T10321] ? __pfx_lock_release+0x10/0x10 [ 446.627761][T10321] should_fail_ex+0x3b0/0x4e0 [ 446.632721][T10321] _copy_from_iter+0x21f/0x1e70 [ 446.637613][T10321] ? __virt_addr_valid+0x183/0x530 [ 446.642743][T10321] ? __pfx_lock_release+0x10/0x10 [ 446.647814][T10321] ? __pfx__copy_from_iter+0x10/0x10 [ 446.653142][T10321] ? __pfx__copy_from_iter+0x10/0x10 [ 446.658473][T10321] ? page_copy_sane+0x154/0x260 [ 446.663369][T10321] copy_page_from_iter+0x7a/0x100 [ 446.668473][T10321] skb_copy_datagram_from_iter+0x2d9/0x6a0 [ 446.674420][T10321] tun_get_user+0xec3/0x47e0 [ 446.679056][T10321] ? __lock_acquire+0x1384/0x2050 [ 446.684121][T10321] ? __pfx_tun_get_user+0x10/0x10 [ 446.689207][T10321] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 446.694700][T10321] ? tun_get+0x1e/0x2f0 [ 446.698895][T10321] ? __pfx_lock_release+0x10/0x10 [ 446.703979][T10321] ? tun_get+0x1e/0x2f0 [ 446.708154][T10321] ? tun_get+0x27d/0x2f0 [ 446.712413][T10321] tun_chr_write_iter+0x10d/0x1f0 [ 446.717455][T10321] vfs_write+0xaeb/0xd30 [ 446.721719][T10321] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 446.727273][T10321] ? __pfx_vfs_write+0x10/0x10 [ 446.732126][T10321] ? fdget_pos+0x19a/0x320 [ 446.736540][T10321] ksys_write+0x183/0x2b0 [ 446.740867][T10321] ? __pfx_ksys_write+0x10/0x10 [ 446.745713][T10321] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 446.752054][T10321] ? do_syscall_64+0xb6/0x230 [ 446.756739][T10321] do_syscall_64+0xf3/0x230 [ 446.761239][T10321] ? clear_bhb_loop+0x35/0x90 [ 446.765916][T10321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.771817][T10321] RIP: 0033:0x7f8cbb37e719 [ 446.776224][T10321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.795917][T10321] RSP: 002b:00007f8cbc103038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 446.804429][T10321] RAX: ffffffffffffffda RBX: 00007f8cbb535f80 RCX: 00007f8cbb37e719 [ 446.812665][T10321] RDX: 000000000000fdef RSI: 0000000020000040 RDI: 0000000000000003 [ 446.820651][T10321] RBP: 00007f8cbc103090 R08: 0000000000000000 R09: 0000000000000000 [ 446.828634][T10321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 446.836604][T10321] R13: 0000000000000000 R14: 00007f8cbb535f80 R15: 00007fffb70eb7d8 [ 446.844584][T10321] [ 447.337455][ T969] usb 2-1: 0:2 : does not exist [ 447.355589][ T969] usb 2-1: USB disconnect, device number 33 [ 447.599290][T10338] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1263'. [ 447.635331][T10342] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1264'. [ 447.701182][T10344] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1262'. [ 449.334300][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 449.344814][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 449.354787][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 449.362999][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 449.378910][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 449.386293][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 449.405432][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 449.413036][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 449.428514][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 449.438001][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 449.449145][ T5834] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 449.457804][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 449.507998][T10353] lo speed is unknown, defaulting to 1000 [ 449.571048][ T81] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.410107][ T5882] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 450.681174][T10366] trusted_key: encrypted_key: master key parameter 'qŠAES Ë'Ê«ùò%.ÁÃ6ÿ[Zh‰ï™Ñ-Êï¡ÈŸ [ 450.681174][T10366] ÿ¬þ_ê=ïéÄ~‘@}' is invalid [ 450.824953][ T5882] usb 5-1: Using ep0 maxpacket: 8 [ 450.847381][ T5882] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 450.874245][ T5882] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83 [ 450.893240][ T81] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.916449][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 450.948014][ T5882] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 451.223329][ T81] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 451.300117][T10353] chnl_net:caif_netlink_parms(): no params data found [ 451.509266][T10394] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1276'. [ 451.512335][ T54] Bluetooth: hci1: command tx timeout [ 451.535453][ T81] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.246898][T10394] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1276'. [ 452.358391][T10394] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1276'. [ 452.367559][T10394] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1276'. [ 452.414618][ T5882] usb 5-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e [ 452.454607][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.462946][ T5882] usb 5-1: Product: syz [ 452.467141][ T5882] usb 5-1: Manufacturer: syz [ 452.485041][ T5882] usb 5-1: config 0 descriptor?? [ 452.502206][ T5882] usb 5-1: can't set config #0, error -71 [ 452.511136][ T5882] usb 5-1: USB disconnect, device number 13 [ 452.545615][T10353] bridge0: port 1(bridge_slave_0) entered blocking state [ 452.553096][T10353] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.565755][T10353] bridge_slave_0: entered allmulticast mode [ 452.573122][T10353] bridge_slave_0: entered promiscuous mode [ 452.625727][T10408] (unnamed net_device) (uninitialized): up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 452.645237][T10414] netlink: 'syz.3.1282': attribute type 3 has an invalid length. [ 453.569493][ T5834] Bluetooth: hci1: command tx timeout [ 453.692966][T10413] netlink: 'syz.1.1279': attribute type 10 has an invalid length. [ 453.709221][T10413] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.716505][T10413] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.736127][T10353] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.739773][T10427] xt_NFQUEUE: number of total queues is 0 [ 453.749478][T10353] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.759177][T10353] bridge_slave_1: entered allmulticast mode [ 453.769630][T10353] bridge_slave_1: entered promiscuous mode [ 453.770564][T10428] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1284'. [ 453.798331][T10428] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1284'. [ 453.817557][T10428] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1284'. [ 453.828297][T10428] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1284'. [ 453.854257][T10353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.881198][T10353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 453.909421][T10428] binder: 10426:10428 ioctl c0306201 20000400 returned -22 [ 453.917479][ T81] bridge_slave_1: left allmulticast mode [ 453.924507][ T81] bridge_slave_1: left promiscuous mode [ 453.932891][ T81] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.955077][ T81] bridge_slave_0: left allmulticast mode [ 454.008784][ T5917] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 454.032341][ T81] bridge_slave_0: left promiscuous mode [ 454.038734][ T81] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.170667][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.194386][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 454.225673][ T5917] usb 1-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 454.244329][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.290123][ T5917] usb 1-1: config 0 descriptor?? [ 455.076690][ T5917] asus 0003:0B05:17E0.0006: unknown main item tag 0x0 [ 455.085992][ T5917] asus 0003:0B05:17E0.0006: unknown main item tag 0x0 [ 455.094388][ T5917] asus 0003:0B05:17E0.0006: unknown main item tag 0x0 [ 455.104045][ T5917] asus 0003:0B05:17E0.0006: unbalanced collection at end of report description [ 455.125182][ T5917] asus 0003:0B05:17E0.0006: Asus hid parse failed: -22 [ 455.139426][ T5917] asus 0003:0B05:17E0.0006: probe with driver asus failed with error -22 [ 455.364356][ T5932] usb 1-1: USB disconnect, device number 27 [ 455.648217][ T5834] Bluetooth: hci1: command 0x040f tx timeout [ 455.656851][ T81] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 455.674186][ T81] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 455.684944][ T81] bond0 (unregistering): (slave macvlan2): Releasing backup interface [ 455.753638][ T81] team_slave_0: left promiscuous mode [ 455.759538][ T81] team_slave_1: left promiscuous mode [ 455.781657][ T81] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 455.798917][ T81] bond0 (unregistering): Released all slaves [ 456.018057][T10433] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 456.047060][T10433] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.063686][T10433] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 456.110820][T10433] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.822318][T10456] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1292'. [ 457.137144][T10353] team0: Port device team_slave_0 added [ 457.520142][T10353] team0: Port device team_slave_1 added [ 457.741274][ T54] Bluetooth: hci1: command 0x040f tx timeout [ 458.182274][T10472] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1298'. [ 458.191652][T10472] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1298'. [ 458.370241][T10472] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1298'. [ 458.828181][T10472] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1298'. [ 458.844125][T10353] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 458.851487][T10353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.948508][T10481] binder: 10469:10481 ioctl c0306201 20000400 returned -22 [ 458.967577][T10353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 458.980216][T10353] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 458.987189][T10353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 459.013744][T10353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 459.163305][T10353] hsr_slave_0: entered promiscuous mode [ 459.177048][T10353] hsr_slave_1: entered promiscuous mode [ 459.813306][ T54] Bluetooth: hci1: command 0x040f tx timeout [ 460.216818][ T81] hsr_slave_0: left promiscuous mode [ 460.268370][ T81] hsr_slave_1: left promiscuous mode [ 460.353027][ T81] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 460.375610][ T81] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 460.468557][ T81] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 460.498240][ T81] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 460.552092][ T81] veth1_macvtap: left promiscuous mode [ 460.567066][ T81] veth0_macvtap: left promiscuous mode [ 460.572978][ T81] veth1_vlan: left promiscuous mode [ 460.584318][ T81] veth0_vlan: left promiscuous mode [ 460.699637][T10511] FAULT_INJECTION: forcing a failure. [ 460.699637][T10511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 460.728599][ T81] infiniband syz0: set down [ 460.749446][T10511] CPU: 0 UID: 0 PID: 10511 Comm: syz.4.1308 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 460.760266][T10511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 460.770344][T10511] Call Trace: [ 460.773641][T10511] [ 460.776579][T10511] dump_stack_lvl+0x241/0x360 [ 460.781281][T10511] ? __pfx_dump_stack_lvl+0x10/0x10 [ 460.786495][T10511] ? __pfx__printk+0x10/0x10 [ 460.791081][T10511] ? __pfx_lock_release+0x10/0x10 [ 460.796122][T10511] should_fail_ex+0x3b0/0x4e0 [ 460.800785][T10511] _copy_from_user+0x2f/0xc0 [ 460.805357][T10511] memdup_user+0x64/0xc0 [ 460.809609][T10511] strndup_user+0x68/0xc0 [ 460.813962][T10511] __se_sys_mount+0x9f/0x3c0 [ 460.818585][T10511] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 460.824601][T10511] ? __pfx___se_sys_mount+0x10/0x10 [ 460.829926][T10511] ? do_syscall_64+0x100/0x230 [ 460.834745][T10511] ? __x64_sys_mount+0x20/0xc0 [ 460.839532][T10511] do_syscall_64+0xf3/0x230 [ 460.844021][T10511] ? clear_bhb_loop+0x35/0x90 [ 460.848705][T10511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.854603][T10511] RIP: 0033:0x7fe3c877e719 [ 460.859020][T10511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.878634][T10511] RSP: 002b:00007fe3c9629038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 460.887041][T10511] RAX: ffffffffffffffda RBX: 00007fe3c8935f80 RCX: 00007fe3c877e719 [ 460.895002][T10511] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000 [ 460.902968][T10511] RBP: 00007fe3c9629090 R08: 0000000020000400 R09: 0000000000000000 [ 460.910954][T10511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.918917][T10511] R13: 0000000000000000 R14: 00007fe3c8935f80 R15: 00007ffd4a5ad858 [ 460.926891][T10511] [ 461.066206][T10516] ip6t_REJECT: ECHOREPLY is not supported [ 462.361556][ T6782] smc: removing ib device syz0 [ 463.401946][ T81] team0 (unregistering): Port device team_slave_1 removed [ 463.826045][ T81] team0 (unregistering): Port device team_slave_0 removed [ 464.293526][T10533] binder: 10530:10533 ioctl c0306201 20000400 returned -22 [ 464.676724][T10538] netlink: 'syz.0.1314': attribute type 1 has an invalid length. [ 464.899134][T10538] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1314'. [ 465.255022][T10353] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 465.451259][T10555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1316'. [ 465.498712][T10560] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1322'. [ 465.603690][T10353] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 465.653526][T10353] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 465.719737][T10353] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 466.269602][T10353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 466.293153][T10353] 8021q: adding VLAN 0 to HW filter on device team0 [ 466.331218][T10353] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 466.341882][T10353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 466.564079][ T6782] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.571231][ T6782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 466.593134][ T6782] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.600392][ T6782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 466.836085][ T81] IPVS: stop unused estimator thread 0... [ 466.868820][ T5917] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 467.001999][T10353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 467.080286][ T5917] usb 4-1: config 0 has an invalid descriptor of length 135, skipping remainder of the config [ 467.090752][ T5917] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 467.100118][ T5917] usb 4-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 467.109270][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.127101][ T5917] usb 4-1: config 0 descriptor?? [ 467.222999][T10595] netlink: 'syz.4.1331': attribute type 1 has an invalid length. [ 467.747096][T10595] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1331'. [ 467.822102][ T5882] usb 4-1: USB disconnect, device number 20 [ 467.845195][T10353] veth0_vlan: entered promiscuous mode [ 467.891421][T10353] veth1_vlan: entered promiscuous mode [ 467.957738][T10353] veth0_macvtap: entered promiscuous mode [ 467.979592][T10353] veth1_macvtap: entered promiscuous mode [ 467.996613][T10353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.007178][T10353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.018505][T10353] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.028321][T10353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.039358][T10353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.049514][T10353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.060559][T10353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.078782][T10353] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 468.090880][T10353] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.100462][T10353] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.110393][T10353] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.119215][T10353] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.169457][T10607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1333'. [ 468.495178][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 468.503618][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.660038][T10611] trusted_key: encrypted_key: master key parameter 'qŠAES Ë'Ê«ùò%.ÁÃ6ÿ[Zh‰ï™Ñ-Êï¡ÈŸ [ 468.660038][T10611] ÿ¬þ_ê=ïéÄ~‘@}' is invalid [ 468.859255][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 468.893975][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.296477][T10630] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1339'. [ 469.358297][T10632] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1258'. [ 470.272227][T10639] trusted_key: encrypted_key: master key parameter 'qŠAES Ë'Ê«ùò%.ÁÃ6ÿ[Zh‰ï™Ñ-Êï¡ÈŸ [ 470.272227][T10639] ÿ¬þ_ê=ïéÄ~‘@}' is invalid [ 470.389323][T10645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1344'. [ 470.446120][T10648] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1346'. [ 470.484744][T10648] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1346'. [ 470.527175][T10648] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1346'. [ 470.774136][T10648] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1346'. [ 470.812165][T10650] trusted_key: encrypted_key: master key parameter 'qŠAES Ë'Ê«ùò%.ÁÃ6ÿ[Zh‰ï™Ñ-Êï¡ÈŸ [ 470.812165][T10650] ÿ¬þ_ê=ïéÄ~‘@}' is invalid [ 470.832849][T10659] binder: BINDER_SET_CONTEXT_MGR already set [ 470.865256][T10659] binder: 10656:10659 ioctl 4018620d 20000040 returned -16 [ 471.187804][ T5882] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 471.403947][ T5882] usb 4-1: Using ep0 maxpacket: 8 [ 471.464296][ T5882] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 471.554287][ T5882] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 471.648456][ T5882] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 471.800789][ T5882] usb 4-1: Product: syz [ 471.827584][ T5882] usb 4-1: Manufacturer: syz [ 471.836992][ T5882] usb 4-1: SerialNumber: syz [ 472.171697][ T5882] usb 4-1: Handspring Visor / Palm OS: No valid connect info available [ 472.220958][ T5882] usb 4-1: Handspring Visor / Palm OS: port 57, is for unknown use [ 472.310070][ T5882] usb 4-1: Handspring Visor / Palm OS: port 22, is for unknown use [ 472.389806][T10677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 472.399094][T10677] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 472.449143][ T5882] usb 4-1: Handspring Visor / Palm OS: Number of ports: 2 [ 472.915159][ T5882] usb 4-1: palm_os_3_probe - error -110 getting bytes available request [ 472.926265][ T5882] visor 4-1:1.0: Handspring Visor / Palm OS converter detected [ 472.946433][ T5882] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 472.965474][ T5882] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 473.062772][T10689] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1355'. [ 473.116519][T10691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1357'. [ 473.182698][T10693] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1358'. [ 473.275113][T10697] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1360'. [ 473.285273][T10697] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1360'. [ 474.006981][ T5882] usb 4-1: USB disconnect, device number 21 [ 474.035329][ T5882] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 474.068704][ T5882] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 474.094742][ T5882] visor 4-1:1.0: device disconnected [ 474.951098][T10718] netlink: 'syz.4.1368': attribute type 1 has an invalid length. [ 475.338895][T10728] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 475.353164][ T5932] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 475.684902][ T5932] usb 5-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=c2.c6 [ 475.694422][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.721179][ T5932] usb 5-1: config 0 descriptor?? [ 475.998872][T10718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 476.009520][T10718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 476.930193][T10718] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 476.982907][T10718] bond0: (slave batadv1): Enslaving as a backup interface with an up link [ 477.083643][T10722] bond0 (unregistering): (slave batadv1): Releasing backup interface [ 477.141868][T10722] bond0 (unregistering): Released all slaves [ 477.167048][T10750] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 477.185320][T10758] __nla_validate_parse: 6 callbacks suppressed [ 477.185341][T10758] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1381'. [ 477.225599][ T5932] mxuport 5-1:0.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71) [ 477.274523][ T5932] mxuport 5-1:0.0: probe with driver mxuport failed with error -5 [ 477.299547][ T5932] usb 5-1: USB disconnect, device number 14 [ 477.367593][ T5878] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 477.438408][ T29] kauditd_printk_skb: 20 callbacks suppressed [ 477.438426][ T29] audit: type=1326 audit(1731249227.371:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10767 comm="syz.1.1387" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8a9d7e719 code=0x0 [ 477.547670][ T5878] usb 6-1: Using ep0 maxpacket: 32 [ 477.572096][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 477.591971][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 477.618607][ T5878] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 477.634462][ T5878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.648355][ T5878] usb 6-1: config 0 descriptor?? [ 477.655027][ T5878] hub 6-1:0.0: USB hub found [ 478.031139][ T5878] hub 6-1:0.0: 1 port detected [ 478.458246][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1396'. [ 478.489680][ T5878] hub 6-1:0.0: activate --> -90 [ 478.560763][T10806] fuse: Bad value for 'rootmode' [ 478.701987][T10808] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1397'. [ 478.739724][T10808] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1397'. [ 478.776745][T10808] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1397'. [ 478.828365][T10805] binder: 10803:10805 ioctl c0306201 20000400 returned -22 [ 479.046517][T10808] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1397'. [ 479.805934][T10757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 479.834379][T10757] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 479.849304][ T5878] usb 6-1-port1: cannot reset (err = -71) [ 479.855468][ T5878] usb 6-1-port1: Cannot enable. Maybe the USB cable is bad? [ 479.863392][ T5917] usb 6-1: USB disconnect, device number 2 [ 479.878500][ T5878] usb 6-1-port1: cannot disable (err = -71) [ 479.899519][ T5878] usb 6-1-port1: attempt power cycle [ 481.440658][T10826] trusted_key: encrypted_key: insufficient parameters specified [ 482.055895][T10840] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1408'. [ 482.615493][ T5882] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 482.772010][ T5882] usb 1-1: Using ep0 maxpacket: 16 [ 482.792892][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.814227][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.865363][ T5882] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 483.139395][ T969] IPVS: starting estimator thread 0... [ 483.296523][T10850] IPVS: using max 32 ests per chain, 76800 per kthread [ 483.322401][ T5882] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 483.341963][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.384588][ T5882] usb 1-1: config 0 descriptor?? [ 483.451178][T10851] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1411'. [ 483.471881][T10851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1411'. [ 483.483691][T10851] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1411'. [ 483.492457][T10853] netlink: 'syz.5.1412': attribute type 1 has an invalid length. [ 483.508363][T10851] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1411'. [ 483.587592][T10851] binder: 10847:10851 ioctl c0306201 20000400 returned -22 [ 483.603359][T10853] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1412'. [ 483.986821][T10857] Trying to write to read-only block-device nullb0 [ 484.499832][T10836] tipc: Failed to remove unknown binding: 66,1,1/0:1678002449/1678002451 [ 484.508782][T10836] tipc: Failed to remove unknown binding: 66,1,1/0:1678002449/1678002451 [ 484.658033][ T5882] usbhid 1-1:0.0: can't add hid device: -71 [ 484.674904][ T5882] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 484.695296][ T5882] usb 1-1: USB disconnect, device number 28 [ 484.772525][T10868] FAULT_INJECTION: forcing a failure. [ 484.772525][T10868] name failslab, interval 1, probability 0, space 0, times 0 [ 484.847382][T10868] CPU: 0 UID: 0 PID: 10868 Comm: syz.1.1416 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 484.858298][T10868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 484.868381][T10868] Call Trace: [ 484.871696][T10868] [ 484.874652][T10868] dump_stack_lvl+0x241/0x360 [ 484.879375][T10868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 484.884604][T10868] ? __pfx__printk+0x10/0x10 [ 484.889225][T10868] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 484.894796][T10868] ? __pfx___might_resched+0x10/0x10 [ 484.900118][T10868] should_fail_ex+0x3b0/0x4e0 [ 484.904816][T10868] ? ep_ptable_queue_proc+0x5b/0x210 [ 484.910120][T10868] should_failslab+0xac/0x100 [ 484.914826][T10868] ? ep_ptable_queue_proc+0x5b/0x210 [ 484.920134][T10868] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 484.925534][T10868] ep_ptable_queue_proc+0x5b/0x210 [ 484.930663][T10868] ? fuse_dev_poll+0x9e/0x1e0 [ 484.935346][T10868] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 484.941065][T10868] fuse_dev_poll+0xad/0x1e0 [ 484.945566][T10868] ? __pfx_fuse_dev_poll+0x10/0x10 [ 484.950679][T10868] ep_insert+0x10a3/0x1aa0 [ 484.955105][T10868] ? __pfx_ep_insert+0x10/0x10 [ 484.959876][T10868] ? do_epoll_ctl+0x435/0xf60 [ 484.964555][T10868] ? __pfx___mutex_lock+0x10/0x10 [ 484.969577][T10868] ? __fget_files+0x29/0x470 [ 484.974171][T10868] ? __pfx_ep_ptable_queue_proc+0x10/0x10 [ 484.979889][T10868] ? __fget_files+0x29/0x470 [ 484.984487][T10868] do_epoll_ctl+0x8c9/0xf60 [ 484.988989][T10868] ? do_epoll_ctl+0x7b1/0xf60 [ 484.993663][T10868] __x64_sys_epoll_ctl+0x161/0x1a0 [ 484.998782][T10868] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 485.004439][T10868] ? do_syscall_64+0x100/0x230 [ 485.009212][T10868] ? do_syscall_64+0xb6/0x230 [ 485.013901][T10868] do_syscall_64+0xf3/0x230 [ 485.018423][T10868] ? clear_bhb_loop+0x35/0x90 [ 485.023104][T10868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.029079][T10868] RIP: 0033:0x7fb8a9d7e719 [ 485.033491][T10868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.053096][T10868] RSP: 002b:00007fb8aaad0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 485.061616][T10868] RAX: ffffffffffffffda RBX: 00007fb8a9f35f80 RCX: 00007fb8a9d7e719 [ 485.069587][T10868] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 485.077556][T10868] RBP: 00007fb8aaad0090 R08: 0000000000000000 R09: 0000000000000000 [ 485.085523][T10868] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 485.093490][T10868] R13: 0000000000000000 R14: 00007fb8a9f35f80 R15: 00007fff2cd34168 [ 485.101467][T10868] [ 485.443056][T10881] No such timeout policy "syz0" [ 486.199507][T10884] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1420'. [ 486.210114][T10884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1420'. [ 486.269389][T10884] gre1: entered promiscuous mode [ 486.290584][T10884] gre1: entered allmulticast mode [ 488.621733][T10887] vivid-001: ================= START STATUS ================= [ 488.629888][T10887] vivid-001: Radio HW Seek Mode: Bounded [ 488.635944][T10887] vivid-001: Radio Programmable HW Seek: false [ 489.355230][T10887] vivid-001: RDS Rx I/O Mode: Block I/O [ 489.360926][T10887] vivid-001: Generate RBDS Instead of RDS: false [ 489.367332][T10887] vivid-001: RDS Reception: true [ 489.372363][T10887] vivid-001: RDS Program Type: 0 inactive [ 489.378172][T10887] vivid-001: RDS PS Name: inactive [ 489.383394][T10887] vivid-001: RDS Radio Text: inactive [ 489.388897][T10887] vivid-001: RDS Traffic Announcement: false inactive [ 489.395810][T10887] vivid-001: RDS Traffic Program: false inactive [ 489.402259][T10887] vivid-001: RDS Music: false inactive [ 489.407943][T10887] vivid-001: ================== END STATUS ================== [ 490.724732][T10931] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1433'. [ 493.745841][T10968] CUSE: DEVNAME unspecified [ 493.843133][T10974] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1445'. [ 495.705918][T10996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 495.739215][T10996] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 497.198011][ T5882] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 497.358415][ T5882] usb 4-1: New USB device found, idVendor=05ac, idProduct=b301, bcdDevice=e4.00 [ 497.371656][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.382229][ T5882] usb 4-1: Product: syz [ 497.389390][ T5882] usb 4-1: Manufacturer: syz [ 497.394866][ T5882] usb 4-1: SerialNumber: syz [ 497.401841][ T5882] usb 4-1: config 0 descriptor?? [ 497.618409][ T5878] usb 4-1: USB disconnect, device number 22 [ 498.033996][ T5882] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 498.092581][ T5932] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 498.203397][T11021] ip6t_REJECT: ECHOREPLY is not supported [ 498.234645][ T5882] usb 5-1: too many configurations: 35, using maximum allowed: 8 [ 498.254130][ T5932] usb 2-1: Using ep0 maxpacket: 8 [ 498.309897][ T5882] usb 5-1: config 0 has no interfaces? [ 498.349980][ T5882] usb 5-1: config 0 has no interfaces? [ 498.441237][ T5882] usb 5-1: config 0 has no interfaces? [ 498.447325][ T5932] usb 2-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 498.457623][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.471213][ T5882] usb 5-1: config 0 has no interfaces? [ 498.479330][ T5882] usb 5-1: config 0 has no interfaces? [ 498.488136][ T5882] usb 5-1: config 0 has no interfaces? [ 498.500703][ T5932] usb 2-1: Product: syz [ 498.510336][ T5882] usb 5-1: config 0 has no interfaces? [ 498.523371][ T5932] usb 2-1: Manufacturer: syz [ 498.529667][ T5882] usb 5-1: config 0 has no interfaces? [ 498.550398][ T5932] usb 2-1: SerialNumber: syz [ 498.555360][ T5882] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=91.b7 [ 498.569807][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.583039][ T5882] usb 5-1: Product: syz [ 498.587331][ T5882] usb 5-1: Manufacturer: syz [ 498.661149][ T5932] usb 2-1: config 0 descriptor?? [ 498.686757][ T5932] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 498.719251][ T5882] usb 5-1: SerialNumber: syz [ 498.773333][T11025] CUSE: DEVNAME unspecified [ 498.793866][ T5882] usb 5-1: config 0 descriptor?? [ 498.886805][ T5932] gspca_sn9c2028: read1 error -32 [ 499.040266][T11035] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1467'. [ 499.051468][T11031] netlink: 'syz.0.1466': attribute type 1 has an invalid length. [ 499.071945][T11031] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1466'. [ 499.095121][ T5917] usb 5-1: USB disconnect, device number 15 [ 499.252116][T11038] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1468'. [ 499.295806][ T5878] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 499.305004][T11038] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1468'. [ 499.345679][T11038] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1468'. [ 499.354685][T11038] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1468'. [ 499.395975][T11040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1469'. [ 499.405613][ T5932] gspca_sn9c2028: read1 error -110 [ 499.410816][ T5932] sn9c2028 2-1:0.0: probe with driver sn9c2028 failed with error -110 [ 499.419803][T11040] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1469'. [ 499.445297][T11040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1469'. [ 499.475520][T11040] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1469'. [ 499.495673][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 499.510225][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 499.534582][ T5878] usb 6-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 499.558885][ T5878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.574262][T11040] binder: 11039:11040 ioctl c0306201 20000400 returned -22 [ 499.593379][ T5878] usb 6-1: config 0 descriptor?? [ 499.612554][T11047] overlayfs: failed to resolve './file0': -2 [ 500.117673][ T5878] elecom 0003:056E:00FB.0007: hidraw0: USB HID v0.00 Device [HID 056e:00fb] on usb-dummy_hcd.5-1/input0 [ 500.589179][ T5932] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 500.682388][T11062] dvmrp0: entered allmulticast mode [ 500.711009][ T5917] usb 6-1: USB disconnect, device number 7 [ 500.733922][T11062] pimreg: entered allmulticast mode [ 500.757546][ T5932] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 500.769781][ T5932] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 500.787730][ T5932] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 500.819405][ T5932] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 500.837426][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.845541][ T5932] usb 4-1: Product: syz [ 500.865367][ T5932] usb 4-1: Manufacturer: syz [ 500.870429][ T5932] usb 4-1: SerialNumber: syz [ 500.891755][ T5932] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 500.918974][T11070] CUSE: DEVNAME unspecified [ 500.925340][ T5932] cdc_ncm 4-1:1.0: bind() failure [ 501.118036][ T5917] usb 2-1: USB disconnect, device number 34 [ 501.203463][ T5882] usb 4-1: USB disconnect, device number 23 [ 501.944402][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.951008][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.271505][T11107] CUSE: DEVNAME unspecified [ 502.716573][T11125] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 502.723100][T11125] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 502.808532][T11127] lo speed is unknown, defaulting to 1000 [ 502.832601][T11127] lo speed is unknown, defaulting to 1000 [ 502.841514][T11127] lo speed is unknown, defaulting to 1000 [ 503.441094][T11127] infiniband syz1: set active [ 503.445993][T11127] infiniband syz1: added lo [ 503.451238][T11127] syz1: rxe_create_cq: returned err = -12 [ 503.457097][T11127] infiniband syz1: Couldn't create ib_mad CQ [ 503.465116][T11127] infiniband syz1: Couldn't open port 1 [ 503.475661][ T5932] lo speed is unknown, defaulting to 1000 [ 503.528187][T11127] RDS/IB: syz1: added [ 503.532303][T11127] smc: adding ib device syz1 with port count 1 [ 503.532633][T11129] hsr_slave_0: left promiscuous mode [ 503.538872][T11127] smc: ib device syz1 port 1 has pnetid [ 503.557400][T11129] hsr_slave_1: left promiscuous mode [ 503.638209][T11127] lo speed is unknown, defaulting to 1000 [ 503.638254][T11137] netlink: 'syz.0.1500': attribute type 39 has an invalid length. [ 503.765873][T11127] lo speed is unknown, defaulting to 1000 [ 503.831534][ T5882] lo speed is unknown, defaulting to 1000 [ 503.842829][T11127] lo speed is unknown, defaulting to 1000 [ 503.903640][T11127] lo speed is unknown, defaulting to 1000 [ 503.963807][T11127] lo speed is unknown, defaulting to 1000 [ 504.150167][T11143] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 504.368406][ T5878] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 504.391604][ T25] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 504.586861][ T25] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 504.681914][ T5878] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 505.285989][ T25] usb 4-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.40 [ 505.315272][ T5878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 505.340961][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.392602][ T5878] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 505.409034][ T25] usb 4-1: Product: syz [ 505.414373][ T25] usb 4-1: Manufacturer: syz [ 505.419456][ T25] usb 4-1: SerialNumber: syz [ 505.428780][ T5878] usb 2-1: New USB device found, idVendor=2304, idProduct=021a, bcdDevice=18.29 [ 505.438966][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.471770][T11159] __nla_validate_parse: 12 callbacks suppressed [ 505.471790][T11159] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1506'. [ 505.488177][ T5878] usb 2-1: Product: syz [ 505.491978][ T25] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input27 [ 505.506053][ T5878] usb 2-1: Manufacturer: syz [ 505.510690][ T5878] usb 2-1: SerialNumber: syz [ 505.553327][ T5878] usb 2-1: config 0 descriptor?? [ 505.561302][T11159] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1506'. [ 505.578586][ T5878] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2304:021a, interface 0, class 0) [ 505.589913][ T5878] em28xx 2-1:0.0: Video interface 0 found: isoc [ 505.597532][T11159] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1506'. [ 505.616871][T11159] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1506'. [ 505.641750][ T5917] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 505.759355][ T5188] bcm5974 4-1:1.0: could not read from device [ 505.769343][ T5188] bcm5974 4-1:1.0: could not read from device [ 505.811849][ T5917] usb 5-1: Using ep0 maxpacket: 8 [ 505.826250][ T5188] bcm5974 4-1:1.0: could not read from device [ 505.842956][ T5188] bcm5974 4-1:1.0: could not read from device [ 505.843578][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 505.867800][ T25] usb 4-1: USB disconnect, device number 24 [ 505.939390][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 505.952027][T11167] FAULT_INJECTION: forcing a failure. [ 505.952027][T11167] name failslab, interval 1, probability 0, space 0, times 0 [ 505.952060][T11167] CPU: 0 UID: 0 PID: 11167 Comm: syz.5.1508 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 505.952084][T11167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 505.952096][T11167] Call Trace: [ 505.952105][T11167] [ 505.952114][T11167] dump_stack_lvl+0x241/0x360 [ 505.952145][T11167] ? __pfx_dump_stack_lvl+0x10/0x10 [ 505.952168][T11167] ? __pfx__printk+0x10/0x10 [ 505.952192][T11167] ? __kmalloc_node_track_caller_noprof+0xb2/0x440 [ 505.952216][T11167] ? __pfx___might_resched+0x10/0x10 [ 505.952244][T11167] should_fail_ex+0x3b0/0x4e0 [ 505.952270][T11167] should_failslab+0xac/0x100 [ 505.952298][T11167] __kmalloc_node_track_caller_noprof+0xda/0x440 [ 505.952318][T11167] ? ovl_parse_layer+0x128/0x1080 [ 505.952348][T11167] kstrdup+0x3a/0x80 [ 505.952370][T11167] ovl_parse_layer+0x128/0x1080 [ 505.952401][T11167] ? __pfx_ovl_parse_layer+0x10/0x10 [ 505.952430][T11167] ? rcu_is_watching+0x15/0xb0 [ 505.952451][T11167] ? trace_kmalloc+0x1f/0xd0 [ 505.952473][T11167] ? __asan_memcpy+0x40/0x70 [ 505.952502][T11167] ovl_parse_param+0xc87/0x10b0 [ 505.952535][T11167] ? __pfx_ovl_parse_param+0x10/0x10 [ 505.952564][T11167] ? static_key_count+0x41/0x70 [ 505.952591][T11167] vfs_parse_fs_param+0x1a5/0x420 [ 505.952616][T11167] ? __pfx_ovl_next_opt+0x10/0x10 [ 505.952641][T11167] vfs_parse_monolithic_sep+0x2d9/0x420 [ 505.952670][T11167] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 505.952712][T11167] do_new_mount+0x28f/0xb40 [ 505.952747][T11167] ? __pfx_do_new_mount+0x10/0x10 [ 505.952780][T11167] __se_sys_mount+0x2d6/0x3c0 [ 505.952810][T11167] ? __pfx___se_sys_mount+0x10/0x10 [ 505.952843][T11167] ? do_syscall_64+0x100/0x230 [ 505.952868][T11167] ? __x64_sys_mount+0x20/0xc0 [ 505.952894][T11167] do_syscall_64+0xf3/0x230 [ 505.952915][T11167] ? clear_bhb_loop+0x35/0x90 [ 505.952939][T11167] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.952959][T11167] RIP: 0033:0x7f6797d7e719 [ 505.952982][T11167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 505.953000][T11167] RSP: 002b:00007f6798b1e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 505.953023][T11167] RAX: ffffffffffffffda RBX: 00007f6797f35f80 RCX: 00007f6797d7e719 [ 505.953038][T11167] RDX: 0000000020000380 RSI: 0000000020000140 RDI: 0000000000000000 [ 505.953051][T11167] RBP: 00007f6798b1e090 R08: 00000000200003c0 R09: 0000000000000000 [ 505.953065][T11167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 505.953079][T11167] R13: 0000000000000000 R14: 00007f6797f35f80 R15: 00007ffe788189d8 [ 505.953108][T11167] [ 506.243687][ T5917] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 506.259050][ T5917] usb 5-1: New USB device found, idVendor=058f, idProduct=9410, bcdDevice= 0.00 [ 506.268291][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.279836][ T5917] usb 5-1: config 0 descriptor?? [ 506.759158][ T5878] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 506.820438][ T5917] maltron 0003:058F:9410.0008: unknown main item tag 0x0 [ 507.193547][ T25] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 507.207325][ T5878] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 507.237849][ T5917] maltron 0003:058F:9410.0008: unknown main item tag 0x0 [ 507.245206][ T5878] em28xx 2-1:0.0: board has no eeprom [ 507.323213][ T5878] em28xx 2-1:0.0: Identified as Pinnacle Dazzle DVC 90/100/101/107 / Kaiser Baas Video to DVD maker / Kworld DVD Maker 2 / Plextor ConvertX PX-AV100U (card=9) [ 507.353598][ T5917] maltron 0003:058F:9410.0008: hidraw0: USB HID v0.00 Device [HID 058f:9410] on usb-dummy_hcd.4-1/input0 [ 507.385911][ T5878] em28xx 2-1:0.0: analog set to isoc mode. [ 507.392253][ T5828] em28xx 2-1:0.0: Registering V4L2 extension [ 507.399488][ T5917] usb 5-1: USB disconnect, device number 16 [ 507.507760][ T5828] em28xx 2-1:0.0: reading from i2c device at 0x4a failed (error=-5) [ 507.518057][ T5828] em28xx 2-1:0.0: reading from i2c device at 0x48 failed (error=-5) [ 507.528321][ T5828] em28xx 2-1:0.0: reading from i2c device at 0x42 failed (error=-5) [ 507.537306][ T5828] em28xx 2-1:0.0: reading from i2c device at 0x40 failed (error=-5) [ 507.549708][ T5828] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 507.559097][ T5828] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 507.569687][ T5828] em28xx 2-1:0.0: No AC97 audio processor [ 507.606923][ T25] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 507.625879][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.634584][ T25] usb 4-1: Product: syz [ 507.638937][ T25] usb 4-1: Manufacturer: syz [ 507.643824][ T25] usb 4-1: SerialNumber: syz [ 507.671864][ T25] usb 4-1: config 0 descriptor?? [ 507.680600][ T25] ch341 4-1:0.0: ch341-uart converter detected [ 507.714452][ T5828] usb 2-1: Decoder not found [ 507.719208][ T5828] em28xx 2-1:0.0: failed to create media graph [ 507.726543][ T5828] em28xx 2-1:0.0: V4L2 device video103 deregistered [ 507.756497][ T5828] em28xx 2-1:0.0: Remote control support is not available for this card. [ 508.623001][T11194] ieee802154 phy0 wpan0: encryption failed: -22 [ 509.273089][ T25] usb 4-1: failed to receive control message: -110 [ 509.305121][ T25] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110 [ 509.425622][ T25] usb 4-1: USB disconnect, device number 25 [ 509.433128][ T25] ch341 4-1:0.0: device disconnected [ 509.693230][ T969] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 509.900710][ T969] usb 5-1: Using ep0 maxpacket: 8 [ 509.914444][ T969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.926141][ T969] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 510.016413][ T969] usb 5-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00 [ 510.034809][T11222] FAULT_INJECTION: forcing a failure. [ 510.034809][T11222] name failslab, interval 1, probability 0, space 0, times 0 [ 510.048499][ T969] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.064910][ T969] usb 5-1: config 0 descriptor?? [ 510.070139][T11222] CPU: 0 UID: 0 PID: 11222 Comm: syz.3.1522 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 510.080938][T11222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 510.091025][T11222] Call Trace: [ 510.094336][T11222] [ 510.097292][T11222] dump_stack_lvl+0x241/0x360 [ 510.102003][T11222] ? __pfx_dump_stack_lvl+0x10/0x10 [ 510.107238][T11222] ? __pfx__printk+0x10/0x10 [ 510.111841][T11222] ? fs_reclaim_acquire+0x93/0x130 [ 510.116951][T11222] ? __pfx___might_resched+0x10/0x10 [ 510.122236][T11222] should_fail_ex+0x3b0/0x4e0 [ 510.126915][T11222] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 510.132634][T11222] should_failslab+0xac/0x100 [ 510.137312][T11222] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 510.143039][T11222] __kmalloc_noprof+0xd8/0x400 [ 510.147811][T11222] tomoyo_realpath_from_path+0xcf/0x5e0 [ 510.153365][T11222] tomoyo_path_number_perm+0x23a/0x880 [ 510.158838][T11222] ? rcu_read_lock_any_held+0xb7/0x160 [ 510.164425][T11222] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 510.170361][T11222] ? tomoyo_path_number_perm+0x208/0x880 [ 510.176045][T11222] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 510.182041][T11222] ? sb_end_write+0xe9/0x1c0 [ 510.186645][T11222] ? vfs_write+0x730/0xd30 [ 510.191075][T11222] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 510.197068][T11222] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 510.203409][T11222] security_file_ioctl+0xc6/0x2a0 [ 510.208452][T11222] __se_sys_ioctl+0x47/0x170 [ 510.213039][T11222] do_syscall_64+0xf3/0x230 [ 510.217540][T11222] ? clear_bhb_loop+0x35/0x90 [ 510.222218][T11222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.228109][T11222] RIP: 0033:0x7fb85177e719 [ 510.232521][T11222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.252131][T11222] RSP: 002b:00007fb852547038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 510.260566][T11222] RAX: ffffffffffffffda RBX: 00007fb851936058 RCX: 00007fb85177e719 [ 510.268561][T11222] RDX: 0000000020000280 RSI: 00000000c4c85512 RDI: 0000000000000007 [ 510.276566][T11222] RBP: 00007fb852547090 R08: 0000000000000000 R09: 0000000000000000 [ 510.284539][T11222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.292509][T11222] R13: 0000000000000000 R14: 00007fb851936058 R15: 00007ffea29000c8 [ 510.300485][T11222] [ 510.396773][T11222] ERROR: Out of memory at tomoyo_realpath_from_path. [ 510.399241][T11227] 9pnet_fd: Insufficient options for proto=fd [ 510.757639][ T969] wacom 0003:056A:0333.0009: hidraw0: USB HID v0.00 Device [HID 056a:0333] on usb-dummy_hcd.4-1/input0 [ 510.849330][ T25] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 511.095443][ T25] usb 6-1: Using ep0 maxpacket: 16 [ 511.127290][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 511.365974][ T969] usb 5-1: USB disconnect, device number 17 [ 511.371932][ T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 511.462016][ T25] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 511.492999][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.952884][ T25] usb 6-1: config 0 descriptor?? [ 512.404340][T11245] A link change request failed with some changes committed already. Interface geneve2 may have been left with an inconsistent configuration, please check. [ 513.022868][T11250] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1531'. [ 513.677926][ T5917] hid (null): unknown global tag 0xe [ 513.683717][ T5917] hid (null): unknown global tag 0xc [ 513.689080][ T5917] hid (null): report_id 478499916 is invalid [ 513.702540][ T5917] hid-generic 0098:0000:0009.000B: unknown global tag 0xe [ 513.711073][ T5917] hid-generic 0098:0000:0009.000B: item 0 2 1 14 parsing failed [ 513.719756][ T5917] hid-generic 0098:0000:0009.000B: probe with driver hid-generic failed with error -22 [ 513.752459][ T25] letsketch 0003:6161:4D15.000A: Device info: Ъ [ 514.052392][T11264] FAULT_INJECTION: forcing a failure. [ 514.052392][T11264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 514.058045][ T5828] usb 2-1: USB disconnect, device number 35 [ 514.104208][ T5828] em28xx 2-1:0.0: Disconnecting em28xx [ 514.106224][T11264] CPU: 0 UID: 0 PID: 11264 Comm: syz.4.1534 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 514.120135][ T5828] em28xx 2-1:0.0: Closing input extension [ 514.120481][T11264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 514.120498][T11264] Call Trace: [ 514.120506][T11264] [ 514.120516][T11264] dump_stack_lvl+0x241/0x360 [ 514.120543][T11264] ? __pfx_dump_stack_lvl+0x10/0x10 [ 514.152737][T11264] ? __pfx__printk+0x10/0x10 [ 514.157360][T11264] ? __pfx_lock_release+0x10/0x10 [ 514.162423][T11264] should_fail_ex+0x3b0/0x4e0 [ 514.167133][T11264] _copy_from_iter+0x21f/0x1e70 [ 514.172025][T11264] ? __virt_addr_valid+0x183/0x530 [ 514.177161][T11264] ? skb_set_owner_w+0x238/0x3e0 [ 514.182136][T11264] ? __pfx_lock_release+0x10/0x10 [ 514.187193][T11264] ? __pfx__copy_from_iter+0x10/0x10 [ 514.192507][T11264] ? __pfx__copy_from_iter+0x10/0x10 [ 514.196486][ T5828] em28xx 2-1:0.0: Freeing device [ 514.197808][T11264] ? page_copy_sane+0x154/0x260 [ 514.207639][T11264] copy_page_from_iter+0x7a/0x100 [ 514.212735][T11264] skb_copy_datagram_from_iter+0x2d9/0x6a0 [ 514.218589][T11264] tun_get_user+0xec3/0x47e0 [ 514.223246][T11264] ? __lock_acquire+0x1384/0x2050 [ 514.228320][T11264] ? __pfx_tun_get_user+0x10/0x10 [ 514.233389][T11264] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 514.238885][T11264] ? tun_get+0x1e/0x2f0 [ 514.243074][T11264] ? __pfx_lock_release+0x10/0x10 [ 514.248149][T11264] ? tun_get+0x1e/0x2f0 [ 514.252335][T11264] ? tun_get+0x27d/0x2f0 [ 514.256604][T11264] tun_chr_write_iter+0x10d/0x1f0 [ 514.261667][T11264] vfs_write+0xaeb/0xd30 [ 514.265947][T11264] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 514.271608][T11264] ? __pfx_vfs_write+0x10/0x10 [ 514.276412][T11264] ? fdget_pos+0x19a/0x320 [ 514.280985][T11264] ksys_write+0x183/0x2b0 [ 514.285389][T11264] ? __pfx_ksys_write+0x10/0x10 [ 514.290272][T11264] ? do_syscall_64+0x100/0x230 [ 514.295064][T11264] ? do_syscall_64+0xb6/0x230 [ 514.299781][T11264] do_syscall_64+0xf3/0x230 [ 514.304308][T11264] ? clear_bhb_loop+0x35/0x90 [ 514.309008][T11264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.314924][T11264] RIP: 0033:0x7fe3c877d1ff [ 514.319446][T11264] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 514.339080][T11264] RSP: 002b:00007fe3c9629000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 514.347527][T11264] RAX: ffffffffffffffda RBX: 00007fe3c8935f80 RCX: 00007fe3c877d1ff [ 514.355526][T11264] RDX: 000000000000fdef RSI: 0000000020000280 RDI: 00000000000000c8 [ 514.363522][T11264] RBP: 00007fe3c9629090 R08: 0000000000000000 R09: 0000000000000000 [ 514.371516][T11264] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000002 [ 514.379518][T11264] R13: 0000000000000000 R14: 00007fe3c8935f80 R15: 00007ffd4a5ad858 [ 514.387534][T11264] [ 514.635125][ T25] usb 6-1: Max retries (5) exceeded reading string descriptor 201 [ 514.643228][ T25] letsketch 0003:6161:4D15.000A: probe with driver letsketch failed with error -71 [ 515.286495][ T25] usb 6-1: USB disconnect, device number 8 [ 516.910525][ T969] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 517.687453][T11302] lo speed is unknown, defaulting to 1000 [ 517.693928][T11302] lo speed is unknown, defaulting to 1000 [ 517.701260][ T969] usb 1-1: Using ep0 maxpacket: 16 [ 517.708840][ T969] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 517.728274][ T969] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 517.767817][ T969] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 517.791850][ T969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.837730][ T969] usb 1-1: config 0 descriptor?? [ 517.851569][ T969] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input31 [ 517.954032][T11310] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 517.961521][T11310] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 518.602756][ T5932] usb 1-1: USB disconnect, device number 29 [ 519.197577][T11324] veth1_macvtap: left promiscuous mode [ 519.211457][T11324] veth1_macvtap: entered promiscuous mode [ 519.227991][T11324] veth1_macvtap: entered allmulticast mode [ 519.416973][T11337] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1552'. [ 520.347056][T11337] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1552'. [ 521.633296][T11367] tmpfs: Bad value for 'mpol' [ 521.739834][ T5932] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 521.917274][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 521.931663][ T5932] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 521.952692][ T5932] usb 1-1: New USB device found, idVendor=056a, idProduct=0317, bcdDevice= 0.00 [ 521.965015][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.005035][ T5932] usb 1-1: config 0 descriptor?? [ 523.970981][ T5932] usbhid 1-1:0.0: can't add hid device: -71 [ 523.977014][ T5932] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 523.996867][ T5932] usb 1-1: USB disconnect, device number 30 [ 524.030799][ T25] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 524.174708][ T25] usb 2-1: device descriptor read/64, error -71 [ 524.459551][ T25] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 524.648578][ T25] usb 2-1: device descriptor read/64, error -71 [ 524.791486][ T25] usb usb2-port1: attempt power cycle [ 525.314392][T11402] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1575'. [ 526.336276][T11415] trusted_key: encrypted_key: master key parameter 'qŠAES Ë'Ê«ùò%.ÁÃ6ÿ[Zh‰ï™Ñ-Êï¡ÈŸ [ 526.336276][T11415] ÿ¬þ_ê=ïéÄ~‘@}' is invalid [ 526.360043][T11416] 9pnet_fd: Insufficient options for proto=fd [ 526.529726][T11408] ip6t_REJECT: ECHOREPLY is not supported [ 527.217733][T11423] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 527.446663][T11434] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1588'. [ 528.876541][T11454] unknown channel width for channel at 909000KHz? [ 528.884440][T11454] unknown channel width for channel at 909000KHz? [ 529.191727][T11462] 9pnet_fd: Insufficient options for proto=fd [ 529.552694][T11459] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1596'. [ 529.715841][T11459] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1596'. [ 529.956332][T11459] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1596'. [ 530.330222][T11457] binder: 11455:11457 ioctl c0306201 20000400 returned -22 [ 530.368445][T11459] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1596'. [ 531.723307][T11489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1604'. [ 531.783636][T11491] fuse: Bad value for 'rootmode' [ 533.019089][T11512] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1611'. [ 533.078143][T11514] misc userio: Invalid payload size [ 533.083930][T11514] misc userio: No port type given on /dev/userio [ 533.169213][T11518] misc userio: The device must be registered before sending interrupts [ 533.178320][T11518] misc userio: The device must be registered before sending interrupts [ 533.897131][T11527] fuse: Unknown parameter 'use00000000000000000000' [ 536.055898][T11536] 9pnet: Found fid 0 not clunked [ 536.629385][T11549] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1626'. [ 537.130596][T11552] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1625'. [ 538.101601][T11563] misc userio: Invalid payload size [ 538.109204][T11563] misc userio: No port type given on /dev/userio [ 538.167127][T11570] misc userio: The device must be registered before sending interrupts [ 538.176737][T11570] misc userio: The device must be registered before sending interrupts [ 538.363657][T11565] FAULT_INJECTION: forcing a failure. [ 538.363657][T11565] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 538.404416][T11565] CPU: 0 UID: 0 PID: 11565 Comm: syz.4.1632 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 538.415232][T11565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 538.425375][T11565] Call Trace: [ 538.428659][T11565] [ 538.431592][T11565] dump_stack_lvl+0x241/0x360 [ 538.436273][T11565] ? __pfx_dump_stack_lvl+0x10/0x10 [ 538.441478][T11565] ? __pfx__printk+0x10/0x10 [ 538.446300][T11565] ? __pfx_lock_release+0x10/0x10 [ 538.451333][T11565] should_fail_ex+0x3b0/0x4e0 [ 538.456023][T11565] _copy_from_user+0x2f/0xc0 [ 538.460636][T11565] memdup_user+0x64/0xc0 [ 538.464883][T11565] strndup_user+0x68/0xc0 [ 538.469297][T11565] __se_sys_fsconfig+0x746/0xf70 [ 538.474233][T11565] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 538.480577][T11565] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 538.486043][T11565] ? __x64_sys_fsconfig+0x20/0xc0 [ 538.491063][T11565] do_syscall_64+0xf3/0x230 [ 538.495569][T11565] ? clear_bhb_loop+0x35/0x90 [ 538.500245][T11565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.506484][T11565] RIP: 0033:0x7fe3c877e719 [ 538.510896][T11565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.530500][T11565] RSP: 002b:00007fe3c9629038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 538.538919][T11565] RAX: ffffffffffffffda RBX: 00007fe3c8935f80 RCX: 00007fe3c877e719 [ 538.546887][T11565] RDX: 0000000020000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 538.554855][T11565] RBP: 00007fe3c9629090 R08: 0000000000000000 R09: 0000000000000000 [ 538.562824][T11565] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 538.570789][T11565] R13: 0000000000000000 R14: 00007fe3c8935f80 R15: 00007ffd4a5ad858 [ 538.578769][T11565] [ 538.984431][T11582] fuse: Unknown parameter 'use00000000000000000000' [ 539.091018][T11588] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1637'. [ 540.284080][T11595] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1639'. [ 540.317515][T11595] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1639'. [ 540.595736][T11601] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1642'. [ 540.774700][T11595] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1639'. [ 540.794717][T11595] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1639'. [ 540.904665][T11607] rdma_rxe: rxe_newlink: failed to add lo [ 541.510026][T11613] input: syz0 as /devices/virtual/input/input32 [ 542.314773][T11623] misc userio: Invalid payload size [ 542.320644][T11623] misc userio: No port type given on /dev/userio [ 542.379171][T11627] misc userio: The device must be registered before sending interrupts [ 542.388151][T11627] misc userio: The device must be registered before sending interrupts [ 544.026966][T11639] FAULT_INJECTION: forcing a failure. [ 544.026966][T11639] name failslab, interval 1, probability 0, space 0, times 0 [ 544.055742][T11639] CPU: 0 UID: 0 PID: 11639 Comm: syz.4.1653 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 544.066632][T11639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 544.076724][T11639] Call Trace: [ 544.080017][T11639] [ 544.082965][T11639] dump_stack_lvl+0x241/0x360 [ 544.087668][T11639] ? __pfx_dump_stack_lvl+0x10/0x10 [ 544.092878][T11639] ? __pfx__printk+0x10/0x10 [ 544.097486][T11639] ? __kmalloc_cache_node_noprof+0x4c/0x300 [ 544.103412][T11639] ? __pfx___might_resched+0x10/0x10 [ 544.108728][T11639] should_fail_ex+0x3b0/0x4e0 [ 544.113417][T11639] should_failslab+0xac/0x100 [ 544.118120][T11639] __kmalloc_cache_node_noprof+0x74/0x300 [ 544.123875][T11639] ? page_pool_create_percpu+0x77/0xa00 [ 544.129461][T11639] ? rcu_is_watching+0x15/0xb0 [ 544.134267][T11639] page_pool_create_percpu+0x77/0xa00 [ 544.139700][T11639] bpf_test_run_xdp_live+0x2e6/0x21b0 [ 544.145085][T11639] ? arch_stack_walk+0xfd/0x150 [ 544.149946][T11639] ? __lock_acquire+0x1384/0x2050 [ 544.154986][T11639] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 544.160885][T11639] ? mark_lock+0x9a/0x360 [ 544.165269][T11639] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 544.171180][T11639] ? __might_fault+0xaa/0x120 [ 544.175940][T11639] ? __might_fault+0xc6/0x120 [ 544.180626][T11639] ? _copy_from_user+0x99/0xc0 [ 544.185396][T11639] ? bpf_test_init+0x15a/0x180 [ 544.190151][T11639] ? xdp_convert_md_to_buff+0x5b/0x330 [ 544.195632][T11639] bpf_prog_test_run_xdp+0x805/0x11e0 [ 544.201015][T11639] ? __pfx_lock_release+0x10/0x10 [ 544.206046][T11639] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 544.211845][T11639] ? __fget_files+0x29/0x470 [ 544.216438][T11639] ? fput+0x1a8/0x230 [ 544.220416][T11639] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 544.226215][T11639] bpf_prog_test_run+0x2e4/0x360 [ 544.231169][T11639] __sys_bpf+0x48d/0x810 [ 544.235422][T11639] ? __pfx___sys_bpf+0x10/0x10 [ 544.240197][T11639] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 544.246173][T11639] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 544.252512][T11639] ? do_syscall_64+0x100/0x230 [ 544.257315][T11639] __x64_sys_bpf+0x7c/0x90 [ 544.261738][T11639] do_syscall_64+0xf3/0x230 [ 544.266246][T11639] ? clear_bhb_loop+0x35/0x90 [ 544.270921][T11639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 544.276814][T11639] RIP: 0033:0x7fe3c877e719 [ 544.281220][T11639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 544.300840][T11639] RSP: 002b:00007fe3c9629038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 544.309266][T11639] RAX: ffffffffffffffda RBX: 00007fe3c8935f80 RCX: 00007fe3c877e719 [ 544.317236][T11639] RDX: 0000000000000048 RSI: 00000000200000c0 RDI: 000000000000000a [ 544.325291][T11639] RBP: 00007fe3c9629090 R08: 0000000000000000 R09: 0000000000000000 [ 544.333259][T11639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 544.341224][T11639] R13: 0000000000000000 R14: 00007fe3c8935f80 R15: 00007ffd4a5ad858 [ 544.349462][T11639] [ 545.546616][T11646] trusted_key: encrypted_key: master key parameter 'qŠAES Ë'Ê«ùò%.ÁÃ6ÿ[Zh‰ï™Ñ-Êï¡ÈŸ [ 545.546616][T11646] ÿ¬þ_ê=ïéÄ~‘@}' is invalid [ 548.513511][ T5932] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 548.541621][T11690] FAULT_INJECTION: forcing a failure. [ 548.541621][T11690] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 548.578057][T11691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1666'. [ 548.915337][T11696] misc userio: Invalid payload size [ 548.922451][T11690] CPU: 1 UID: 0 PID: 11690 Comm: syz.4.1665 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 548.933257][T11690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 548.943334][T11690] Call Trace: [ 548.946615][T11690] [ 548.949544][T11690] dump_stack_lvl+0x241/0x360 [ 548.954228][T11690] ? __pfx_dump_stack_lvl+0x10/0x10 [ 548.959440][T11690] ? __pfx__printk+0x10/0x10 [ 548.964460][T11690] ? __pfx_lock_release+0x10/0x10 [ 548.969502][T11690] should_fail_ex+0x3b0/0x4e0 [ 548.974245][T11690] _copy_from_user+0x2f/0xc0 [ 548.978830][T11690] __sys_bpf+0x1a4/0x810 [ 548.983159][T11690] ? __pfx___sys_bpf+0x10/0x10 [ 548.988099][T11690] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 548.994184][T11690] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 549.000513][T11690] ? do_syscall_64+0x100/0x230 [ 549.005282][T11690] __x64_sys_bpf+0x7c/0x90 [ 549.009883][T11690] do_syscall_64+0xf3/0x230 [ 549.014416][T11690] ? clear_bhb_loop+0x35/0x90 [ 549.019086][T11690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.024993][T11690] RIP: 0033:0x7fe3c877e719 [ 549.029429][T11690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.049046][T11690] RSP: 002b:00007fe3c9608038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 549.057543][T11690] RAX: ffffffffffffffda RBX: 00007fe3c8936058 RCX: 00007fe3c877e719 [ 549.065507][T11690] RDX: 0000000000000090 RSI: 0000000020000080 RDI: 0000000000000005 [ 549.073471][T11690] RBP: 00007fe3c9608090 R08: 0000000000000000 R09: 0000000000000000 [ 549.081506][T11690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 549.089483][T11690] R13: 0000000000000001 R14: 00007fe3c8936058 R15: 00007ffd4a5ad858 [ 549.097549][T11690] [ 549.139065][ T5932] usb 4-1: Using ep0 maxpacket: 16 [ 549.241546][T11698] misc userio: The device must be registered before sending interrupts [ 549.295579][T11699] misc userio: The device must be registered before sending interrupts [ 549.304985][ T5932] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00 [ 549.323002][ T5932] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.352628][ T5932] usb 4-1: config 0 descriptor?? [ 549.381742][ T5932] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 549.390355][ T5932] usb 4-1: Detected FT4232H [ 550.133265][ T5932] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 550.147043][ T5932] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 550.186770][T11704] trusted_key: encrypted_key: master key parameter 'qŠAES Ë'Ê«ùò%.ÁÃ6ÿ[Zh‰ï™Ñ-Êï¡ÈŸ [ 550.186770][T11704] ÿ¬þ_ê=ïéÄ~‘@}' is invalid [ 550.469910][T11719] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1675'. [ 550.559691][T11719] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1675'. [ 550.939511][T11719] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1675'. [ 550.979627][T11719] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1675'. [ 551.018564][ T969] usb 4-1: USB disconnect, device number 26 [ 551.056621][ T969] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 551.066677][ T969] ftdi_sio 4-1:0.0: device disconnected [ 552.042709][T11737] netlink: 'syz.0.1680': attribute type 27 has an invalid length. [ 552.084509][ T5828] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 552.098160][T11733] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1679'. [ 552.107455][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1679'. [ 552.118544][T11733] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1679'. [ 552.128305][T11733] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1679'. [ 552.204581][T11736] binder: 11731:11736 ioctl c0306201 20000400 returned -22 [ 552.237344][ T5828] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 552.260933][ T5828] usb 2-1: config 0 has no interface number 0 [ 552.302410][ T5828] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 552.360676][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.374304][ T5828] usb 2-1: Product: syz [ 552.378964][ T5828] usb 2-1: Manufacturer: syz [ 552.389044][ T5828] usb 2-1: SerialNumber: syz [ 552.516859][ T5828] usb 2-1: config 0 descriptor?? [ 552.872010][ T5828] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 552.884775][ T5828] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 552.895779][ T5828] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 552.903961][ T5828] usb 2-1: media controller created [ 552.922111][ T5828] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 552.924031][T11744] netlink: 'syz.3.1684': attribute type 3 has an invalid length. [ 552.939318][T11744] netlink: 'syz.3.1684': attribute type 1 has an invalid length. [ 552.947344][T11744] netlink: 130160 bytes leftover after parsing attributes in process `syz.3.1684'. [ 552.972582][ T29] audit: type=1800 audit(1731249303.241:157): pid=11744 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1684" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 553.103051][ T5828] usb 2-1: DVB: registering adapter 1 frontend 0 (E3C EC100 DVB-T)... [ 553.114151][ T5828] dvbdev: dvb_create_media_entity: media entity 'E3C EC100 DVB-T' registered. [ 553.351833][T11746] trusted_key: encrypted_key: master key parameter 'qŠAES Ë'Ê«ùò%.ÁÃ6ÿ[Zh‰ï™Ñ-Êï¡ÈŸ [ 553.351833][T11746] ÿ¬þ_ê=ïéÄ~‘@}' is invalid [ 553.501963][ T5828] DVB: Unable to find symbol mxl5005s_attach() [ 553.560347][ T5828] usb 2-1: USB disconnect, device number 39 [ 554.684034][T11777] __nla_validate_parse: 5 callbacks suppressed [ 554.684048][T11777] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1695'. [ 555.191508][T11784] vivid-002: disconnect [ 555.205823][T11777] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1695'. [ 555.244837][T11783] vivid-002: reconnect [ 555.348559][T11777] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1695'. [ 555.450529][T11786] binder: 11775:11786 ioctl c0306201 20000400 returned -22 [ 555.486131][T11777] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1695'. [ 555.606082][T11795] FAULT_INJECTION: forcing a failure. [ 555.606082][T11795] name failslab, interval 1, probability 0, space 0, times 0 [ 555.648436][T11795] CPU: 0 UID: 0 PID: 11795 Comm: syz.3.1702 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 555.659262][T11795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 555.669331][T11795] Call Trace: [ 555.672631][T11795] [ 555.675576][T11795] dump_stack_lvl+0x241/0x360 [ 555.680284][T11795] ? __pfx_dump_stack_lvl+0x10/0x10 [ 555.685521][T11795] ? __pfx__printk+0x10/0x10 [ 555.690143][T11795] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 555.695625][T11795] ? __pfx___might_resched+0x10/0x10 [ 555.700948][T11795] should_fail_ex+0x3b0/0x4e0 [ 555.705673][T11795] should_failslab+0xac/0x100 [ 555.710384][T11795] ? snd_pcm_oss_change_params_locked+0x17b/0x3d60 [ 555.716928][T11795] __kmalloc_cache_noprof+0x6c/0x2c0 [ 555.722239][T11795] snd_pcm_oss_change_params_locked+0x17b/0x3d60 [ 555.728578][T11795] ? __pfx___might_resched+0x10/0x10 [ 555.733870][T11795] ? __pfx___mutex_trylock_common+0x10/0x10 [ 555.739761][T11795] ? rcu_is_watching+0x15/0xb0 [ 555.744537][T11795] ? trace_contention_end+0x3c/0x120 [ 555.749819][T11795] ? __mutex_lock+0x2ef/0xd70 [ 555.754493][T11795] ? tomoyo_path_number_perm+0x208/0x880 [ 555.760138][T11795] ? __pfx_lock_release+0x10/0x10 [ 555.765168][T11795] ? lockdep_hardirqs_on+0x99/0x150 [ 555.770368][T11795] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 555.777597][T11795] ? __pfx___mutex_lock+0x10/0x10 [ 555.782619][T11795] ? tomoyo_path_number_perm+0x68d/0x880 [ 555.788257][T11795] ? tomoyo_path_number_perm+0x71a/0x880 [ 555.793904][T11795] snd_pcm_oss_make_ready+0x11d/0x350 [ 555.799282][T11795] snd_pcm_oss_get_ptr+0x11d/0xfb0 [ 555.804393][T11795] ? smk_access+0x4ab/0x4e0 [ 555.808907][T11795] ? __pfx_snd_pcm_oss_get_ptr+0x10/0x10 [ 555.814569][T11795] ? smack_file_ioctl+0x2f7/0x3a0 [ 555.819616][T11795] snd_pcm_oss_ioctl+0x939/0xff0 [ 555.824572][T11795] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 555.830046][T11795] ? __fget_files+0x3f3/0x470 [ 555.834739][T11795] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 555.840203][T11795] __se_sys_ioctl+0xf9/0x170 [ 555.844792][T11795] do_syscall_64+0xf3/0x230 [ 555.849302][T11795] ? clear_bhb_loop+0x35/0x90 [ 555.853983][T11795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 555.859886][T11795] RIP: 0033:0x7fb85177e719 [ 555.864298][T11795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 555.883910][T11795] RSP: 002b:00007fb852568038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 555.892327][T11795] RAX: ffffffffffffffda RBX: 00007fb851935f80 RCX: 00007fb85177e719 [ 555.900304][T11795] RDX: 0000000020000080 RSI: 00000000800c5011 RDI: 0000000000000004 [ 555.908287][T11795] RBP: 00007fb852568090 R08: 0000000000000000 R09: 0000000000000000 [ 555.916291][T11795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 555.924268][T11795] R13: 0000000000000000 R14: 00007fb851935f80 R15: 00007ffea29000c8 [ 555.932256][T11795] [ 558.054368][T11822] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1712'. [ 558.078265][ T969] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 558.107114][T11822] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1712'. [ 558.143211][T11822] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1712'. [ 558.157268][T11822] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1712'. [ 558.240074][ T969] usb 2-1: Using ep0 maxpacket: 8 [ 558.250207][ T5932] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 558.277223][ T969] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 558.287746][ T969] usb 2-1: config 179 has no interface number 0 [ 558.296771][ T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 558.315283][ T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 558.341810][ T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 558.355123][ T969] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 558.383811][ T969] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 558.408525][ T969] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 558.426617][ T969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.437376][ T5932] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 558.449778][ T5932] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 558.458679][ T5932] usb 1-1: config 1 has no interface number 0 [ 558.475386][T11815] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 558.488004][ T5932] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 558.542971][ T5932] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 558.563209][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.578917][ T5932] usb 1-1: Product: syz [ 558.587270][ T5932] usb 1-1: Manufacturer: syz [ 558.606709][T11825] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1713'. [ 558.607529][ T5932] usb 1-1: SerialNumber: syz [ 558.646498][ T5932] usb 1-1: selecting invalid altsetting 1 [ 558.884917][ T969] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input33 [ 559.091852][ T5932] cdc_ncm 1-1:1.1: failed GET_NTB_PARAMETERS [ 559.101312][ T5932] cdc_ncm 1-1:1.1: bind() failure [ 559.113851][ T5932] usb 1-1: USB disconnect, device number 31 [ 560.527756][ T5932] usb 2-1: USB disconnect, device number 40 [ 560.533704][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 560.533732][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 560.571996][ T5932] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 560.590578][T11845] Process accounting resumed [ 560.595931][T11845] kernel write not supported for file /asound/timers (pid: 11845 comm: syz.3.1717) [ 560.700337][ T969] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 560.821170][T11848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1719'. [ 560.857281][ T969] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 560.868546][ T969] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 895 [ 560.883744][ T969] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 560.902998][ T969] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 1024 [ 560.985183][ T969] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 1024 [ 561.014459][ T969] usb 1-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice= 0.00 [ 561.034356][ T969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 561.042372][ T969] usb 1-1: SerialNumber: syz [ 561.069177][ T969] usb 1-1: config 0 descriptor?? [ 561.084366][T11846] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 561.091744][T11846] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 561.114831][ C0] port100 1-1:0.0: NFC: Urb failure (status -71) [ 561.122275][ C0] port100 1-1:0.0: NFC: Urb failure (status -71) [ 561.552713][ T969] port100 1-1:0.0: NFC: Could not get supported command types [ 561.573350][ T969] usb 1-1: USB disconnect, device number 32 [ 562.834640][T11873] netlink: 'syz.1.1726': attribute type 3 has an invalid length. [ 562.882267][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.888790][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.905298][T11875] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1727'. [ 565.626716][T11913] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1738'. [ 566.794932][T11921] FAULT_INJECTION: forcing a failure. [ 566.794932][T11921] name failslab, interval 1, probability 0, space 0, times 0 [ 566.852183][T11921] CPU: 0 UID: 0 PID: 11921 Comm: syz.5.1743 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 566.862977][T11921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 566.873200][T11921] Call Trace: [ 566.876475][T11921] [ 566.879422][T11921] dump_stack_lvl+0x241/0x360 [ 566.884099][T11921] ? __pfx_dump_stack_lvl+0x10/0x10 [ 566.889290][T11921] ? __pfx__printk+0x10/0x10 [ 566.893910][T11921] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 566.899380][T11921] ? __pfx___might_resched+0x10/0x10 [ 566.904664][T11921] should_fail_ex+0x3b0/0x4e0 [ 566.909352][T11921] should_failslab+0xac/0x100 [ 566.914020][T11921] ? __se_sys_mount+0x15a/0x3c0 [ 566.918860][T11921] __kmalloc_cache_noprof+0x6c/0x2c0 [ 566.924150][T11921] ? memdup_user+0x9f/0xc0 [ 566.928582][T11921] __se_sys_mount+0x15a/0x3c0 [ 566.933259][T11921] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 566.939249][T11921] ? __pfx___se_sys_mount+0x10/0x10 [ 566.944538][T11921] ? do_syscall_64+0x100/0x230 [ 566.949302][T11921] ? __x64_sys_mount+0x20/0xc0 [ 566.954087][T11921] do_syscall_64+0xf3/0x230 [ 566.958589][T11921] ? clear_bhb_loop+0x35/0x90 [ 566.963258][T11921] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.969142][T11921] RIP: 0033:0x7f6797d7e719 [ 566.973547][T11921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.993166][T11921] RSP: 002b:00007f6798b1e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 567.001600][T11921] RAX: ffffffffffffffda RBX: 00007f6797f35f80 RCX: 00007f6797d7e719 [ 567.009569][T11921] RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000 [ 567.017540][T11921] RBP: 00007f6798b1e090 R08: 0000000020000400 R09: 0000000000000000 [ 567.025515][T11921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 567.033484][T11921] R13: 0000000000000000 R14: 00007f6797f35f80 R15: 00007ffe788189d8 [ 567.041559][T11921] [ 567.381207][ T5932] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 567.585064][ T5932] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 567.605477][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.623606][ T5932] usb 2-1: config 0 descriptor?? [ 567.642365][ T5932] cp210x 2-1:0.0: cp210x converter detected [ 568.353378][ T5932] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 568.589757][ T5878] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 568.776199][ T5878] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 12592, setting to 1024 [ 568.814464][ T5878] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 568.816998][ T5932] usb 2-1: cp210x converter now attached to ttyUSB0 [ 568.934633][T11919] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1742'. [ 568.951696][ T5878] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 568.989642][T11919] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1742'. [ 569.018272][T11919] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1742'. [ 569.038449][ T5878] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 569.076000][ T5878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 569.076839][T11939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 569.084922][T11919] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1742'. [ 569.112530][ T5878] usb 6-1: SerialNumber: syz [ 569.143227][T11930] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 569.152474][T11939] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 569.696808][T11930] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 569.920831][ T5917] usb 2-1: USB disconnect, device number 41 [ 569.964044][ T5917] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 570.016772][ T5917] cp210x 2-1:0.0: device disconnected [ 570.053824][T11954] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1754'. [ 570.154479][T11955] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1753'. [ 570.298702][ T5878] cdc_ether 6-1:1.0 wwan0: register 'cdc_ether' at usb-dummy_hcd.5-1, Mobile Broadband Network Device, 42:42:42:42:42:42 [ 570.772038][ T5878] usb 6-1: USB disconnect, device number 9 [ 570.817789][ T5878] cdc_ether 6-1:1.0 wwan0: unregister 'cdc_ether' usb-dummy_hcd.5-1, Mobile Broadband Network Device [ 570.926078][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1753'. [ 571.039387][T11964] netlink: 236 bytes leftover after parsing attributes in process `syz.3.1755'. [ 571.048699][T11964] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1755'. [ 571.058379][T11964] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1755'. [ 571.784883][T11963] lo speed is unknown, defaulting to 1000 [ 574.464297][T11995] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 574.471320][T11995] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 574.674484][T12004] openvswitch: netlink: Actions may not be safe on all matching packets [ 574.769094][T11995] vhci_hcd vhci_hcd.0: Device attached [ 574.787092][T12004] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 574.799005][T12004] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 575.180687][ T5878] vhci_hcd: vhci_device speed not set [ 575.191970][ T5917] usb 2-1: new low-speed USB device number 42 using dummy_hcd [ 575.306401][ T5878] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 575.436185][ T5917] usb 2-1: config 0 has no interfaces? [ 575.449386][ T5917] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 575.610013][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.654934][ T5917] usb 2-1: config 0 descriptor?? [ 575.957711][T11995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 575.991252][T11995] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 576.039075][ T29] audit: type=1800 audit(1731249326.217:158): pid=12015 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1771" name="/" dev="9p" ino=2 res=0 errno=0 [ 576.058128][T11997] vhci_hcd: unknown pdu 1 [ 576.069393][T12022] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1773'. [ 576.076902][T11995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 576.087254][ T6276] vhci_hcd: stop threads [ 576.146820][ T6276] vhci_hcd: release socket [ 576.174159][ T6276] vhci_hcd: disconnect device [ 576.381559][T11995] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 576.585067][ T5932] usb 2-1: USB disconnect, device number 42 [ 576.814408][ T5878] vhci_hcd: vhci_device speed not set [ 576.822838][T12030] fuse: Unknown parameter 'grou00000000000000000000' [ 577.754299][T12048] openvswitch: netlink: Missing key (keys=100000040, expected=2000) [ 578.267229][T12042] overlayfs: failed to resolve './file1': -2 [ 578.743486][T12061] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1785'. [ 580.074479][T12064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1787'. [ 580.707672][T12074] fuse: Unknown parameter 'grou00000000000000000000' [ 581.075646][T12077] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1790'. [ 582.272819][T12097] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1797'. [ 582.435479][ T969] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 582.507965][T12100] ip6t_REJECT: ECHOREPLY is not supported [ 582.585335][ T969] usb 6-1: Using ep0 maxpacket: 16 [ 582.657449][ T969] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 582.670643][ T969] usb 6-1: config 0 has no interface number 0 [ 582.693802][ T969] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 582.713296][ T969] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.733198][ T969] usb 6-1: Product: syz [ 582.739884][ T969] usb 6-1: Manufacturer: syz [ 582.744655][ T969] usb 6-1: SerialNumber: syz [ 582.761604][T12104] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode [ 582.770106][ T969] usb 6-1: config 0 descriptor?? [ 582.791403][ T969] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 582.808790][T12104] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 583.766733][ T969] gspca_spca1528: reg_w err -110 [ 583.891554][ T969] spca1528 6-1:0.1: probe with driver spca1528 failed with error -110 [ 585.769554][ T5932] usb 6-1: USB disconnect, device number 10 [ 585.825522][T12130] futex_wake_op: syz.5.1805 tries to shift op by 32; fix this program [ 586.946175][T12138] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1807'. [ 587.181914][T12141] ebt_among: wrong size: 2080 against expected 2280, rounded to 2280 [ 587.575730][T12147] fuse: Unknown parameter '0x0000000000000004' [ 588.603916][T12161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 588.979999][T12166] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1817'. [ 589.003938][T12166] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1817'. [ 589.083124][T12166] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1817'. [ 589.531294][T12166] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1817'. [ 589.938959][T12177] overlayfs: failed to resolve './file0/file0': -2 [ 590.087529][T12183] fuse: Unknown parameter '0x0000000000000004' [ 592.323384][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 592.353773][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 592.365166][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 592.374316][ T5834] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 592.383090][ T5834] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 592.390443][ T5834] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 592.410460][ T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 592.420049][ T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 592.480614][T12209] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1831'. [ 592.504908][T12209] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1831'. [ 592.514616][ T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 592.522476][ T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 592.530600][ T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 592.538278][ T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 592.588492][T12201] lo speed is unknown, defaulting to 1000 [ 592.681341][T12209] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1831'. [ 592.744557][T12209] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1831'. [ 593.028099][T12213] fuse: Unknown parameter 'group_i00000000000000000000' [ 593.216150][ T6769] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 593.259123][T12216] FAULT_INJECTION: forcing a failure. [ 593.259123][T12216] name failslab, interval 1, probability 0, space 0, times 0 [ 593.322898][T12201] chnl_net:caif_netlink_parms(): no params data found [ 593.390345][T12216] CPU: 0 UID: 0 PID: 12216 Comm: syz.1.1833 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 593.401129][T12216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 593.411178][T12216] Call Trace: [ 593.414445][T12216] [ 593.417364][T12216] dump_stack_lvl+0x241/0x360 [ 593.422040][T12216] ? __pfx_dump_stack_lvl+0x10/0x10 [ 593.427245][T12216] ? __pfx__printk+0x10/0x10 [ 593.431830][T12216] should_fail_ex+0x3b0/0x4e0 [ 593.436494][T12216] should_failslab+0xac/0x100 [ 593.441180][T12216] ? sctp_add_bind_addr+0x89/0x3a0 [ 593.446321][T12216] __kmalloc_cache_noprof+0x6c/0x2c0 [ 593.451608][T12216] sctp_add_bind_addr+0x89/0x3a0 [ 593.456742][T12216] sctp_copy_local_addr_list+0x311/0x500 [ 593.462401][T12216] ? sctp_copy_local_addr_list+0xab/0x500 [ 593.468119][T12216] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 593.474287][T12216] ? sctp_v4_is_any+0x35/0x60 [ 593.478962][T12216] sctp_bind_addr_copy+0xad/0x3b0 [ 593.484007][T12216] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 593.490338][T12216] sctp_connect_new_asoc+0x2f3/0x6c0 [ 593.495657][T12216] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 593.501481][T12216] ? sctp_sendmsg+0xbb9/0x3520 [ 593.506256][T12216] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 593.512061][T12216] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 593.517605][T12216] sctp_sendmsg+0x219a/0x3520 [ 593.522287][T12216] ? __pfx_sctp_sendmsg+0x10/0x10 [ 593.527296][T12216] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 593.534076][T12216] ? inet_sendmsg+0x330/0x390 [ 593.538760][T12216] __sock_sendmsg+0x1a6/0x270 [ 593.543434][T12216] ____sys_sendmsg+0x52a/0x7e0 [ 593.548194][T12216] ? __pfx_____sys_sendmsg+0x10/0x10 [ 593.553491][T12216] __sys_sendmsg+0x292/0x380 [ 593.558080][T12216] ? __pfx___sys_sendmsg+0x10/0x10 [ 593.563200][T12216] ? __pfx_vfs_write+0x10/0x10 [ 593.567979][T12216] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.574300][T12216] ? do_syscall_64+0x100/0x230 [ 593.579082][T12216] ? do_syscall_64+0xb6/0x230 [ 593.583748][T12216] do_syscall_64+0xf3/0x230 [ 593.588237][T12216] ? clear_bhb_loop+0x35/0x90 [ 593.592925][T12216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.598809][T12216] RIP: 0033:0x7fb8a9d7e719 [ 593.603217][T12216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 593.622825][T12216] RSP: 002b:00007fb8aaad0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 593.631227][T12216] RAX: ffffffffffffffda RBX: 00007fb8a9f35f80 RCX: 00007fb8a9d7e719 [ 593.639196][T12216] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 593.647250][T12216] RBP: 00007fb8aaad0090 R08: 0000000000000000 R09: 0000000000000000 [ 593.655218][T12216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 593.663194][T12216] R13: 0000000000000000 R14: 00007fb8a9f35f80 R15: 00007fff2cd34168 [ 593.671170][T12216] [ 593.839250][ T6769] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.089727][ T5882] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 594.293199][T12226] fuse: Unknown parameter '0x0000000000000004' [ 594.369351][ T5882] usb 6-1: Using ep0 maxpacket: 32 [ 594.408498][ T5882] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 594.506886][ T5882] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.556985][ T5882] usb 6-1: config 0 descriptor?? [ 594.569449][ T5882] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 594.589522][ T54] Bluetooth: hci5: command tx timeout [ 594.616003][ T6769] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 594.720900][T12201] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.728085][T12201] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.736317][T12201] bridge_slave_0: entered allmulticast mode [ 594.748039][T12201] bridge_slave_0: entered promiscuous mode [ 594.824588][T12236] openvswitch: netlink: EtherType 50a is less than min 600 [ 595.357096][ T5882] gspca_vc032x: reg_r err -110 [ 595.414264][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.419881][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.425188][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.430691][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.435965][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.441451][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.446721][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.452202][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.457479][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.463075][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.468771][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.474074][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.479392][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.484666][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.490045][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.495334][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.500679][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.505971][ T5882] gspca_vc032x: I2c Bus Busy Wait 00 [ 595.511345][ T5882] gspca_vc032x: Unknown sensor... [ 595.516397][ T5882] vc032x 6-1:0.0: probe with driver vc032x failed with error -22 [ 595.584879][T12220] libceph: resolve '0' (ret=-3): failed [ 596.043771][ T6769] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.082419][T12201] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.090492][T12201] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.097890][T12201] bridge_slave_1: entered allmulticast mode [ 596.114101][T12201] bridge_slave_1: entered promiscuous mode [ 596.272632][T12201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 596.310895][T12201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 596.326117][T12243] netlink: 'syz.1.1840': attribute type 6 has an invalid length. [ 596.407438][T12243] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1840'. [ 596.667487][ T54] Bluetooth: hci5: command tx timeout [ 596.947581][T12201] team0: Port device team_slave_0 added [ 596.967812][T12201] team0: Port device team_slave_1 added [ 597.117975][ T6769] batman_adv: batadv0: Interface deactivated: geneve2 [ 597.377001][ T7222] usb 6-1: USB disconnect, device number 11 [ 598.661943][ T6769] dvmrp0 (unregistering): left allmulticast mode [ 598.753882][ T54] Bluetooth: hci5: command tx timeout [ 598.768412][ T6769] batman_adv: batadv0: Removing interface: geneve2 [ 599.224278][ T6769]  (unregistering): Released all slaves [ 599.274479][T12201] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 599.291663][T12201] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 599.362835][T12201] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 599.568152][T12201] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 599.590053][T12201] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 599.590165][T12273] fuse: Unknown parameter '0x0000000000000004' [ 599.660635][T12201] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 599.785732][T12201] hsr_slave_0: entered promiscuous mode [ 599.847899][T12201] hsr_slave_1: entered promiscuous mode [ 599.868286][T12201] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 599.896847][T12201] Cannot create hsr debugfs directory [ 600.821910][ T54] Bluetooth: hci5: command tx timeout [ 600.847308][ T6769] veth1_macvtap: left promiscuous mode [ 600.889058][T12279] ip6t_REJECT: ECHOREPLY is not supported [ 600.968134][ T6769] veth0_macvtap: left promiscuous mode [ 601.110361][ T6769] veth1_vlan: left promiscuous mode [ 601.135402][ T6769] veth0_vlan: left promiscuous mode [ 601.146859][T12289] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 601.396517][ T6769] pimreg (unregistering): left allmulticast mode [ 602.973522][T12296] FAULT_INJECTION: forcing a failure. [ 602.973522][T12296] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 603.001458][T12201] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 603.008772][T12296] CPU: 0 UID: 0 PID: 12296 Comm: syz.0.1854 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 603.019570][T12296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 603.029679][T12296] Call Trace: [ 603.032979][T12296] [ 603.035919][T12296] dump_stack_lvl+0x241/0x360 [ 603.040614][T12296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 603.045816][T12296] ? __pfx__printk+0x10/0x10 [ 603.050410][T12296] ? snprintf+0xda/0x120 [ 603.054654][T12296] should_fail_ex+0x3b0/0x4e0 [ 603.059342][T12296] _copy_to_user+0x31/0xb0 [ 603.063755][T12296] simple_read_from_buffer+0xca/0x150 [ 603.069129][T12296] proc_fail_nth_read+0x1e9/0x250 [ 603.074153][T12296] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 603.079808][T12296] ? rw_verify_area+0x55e/0x6f0 [ 603.085125][T12296] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 603.090695][T12296] vfs_read+0x1fc/0xb70 [ 603.094868][T12296] ? fdget_pos+0x24e/0x320 [ 603.099293][T12296] ? __pfx_vfs_read+0x10/0x10 [ 603.103979][T12296] ? __fget_files+0x3f3/0x470 [ 603.108663][T12296] ? fdget_pos+0x24e/0x320 [ 603.113101][T12296] ksys_read+0x183/0x2b0 [ 603.117369][T12296] ? __pfx_ksys_read+0x10/0x10 [ 603.122138][T12296] ? do_syscall_64+0x100/0x230 [ 603.126903][T12296] ? do_syscall_64+0xb6/0x230 [ 603.131587][T12296] do_syscall_64+0xf3/0x230 [ 603.136091][T12296] ? clear_bhb_loop+0x35/0x90 [ 603.140767][T12296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.146691][T12296] RIP: 0033:0x7f8cbb37d15c [ 603.151140][T12296] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 603.170789][T12296] RSP: 002b:00007f8cbc103030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 603.179220][T12296] RAX: ffffffffffffffda RBX: 00007f8cbb535f80 RCX: 00007f8cbb37d15c [ 603.187191][T12296] RDX: 000000000000000f RSI: 00007f8cbc1030a0 RDI: 0000000000000004 [ 603.195162][T12296] RBP: 00007f8cbc103090 R08: 0000000000000000 R09: 0000000000000000 [ 603.203130][T12296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 603.211111][T12296] R13: 0000000000000000 R14: 00007f8cbb535f80 R15: 00007fffb70eb7d8 [ 603.219104][T12296] [ 603.254030][T12201] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 603.299183][T12201] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 603.338230][T12303] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1856'. [ 603.338239][T12201] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 603.347354][T12303] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1856'. [ 604.032330][T12309] fuse: Unknown parameter '0x0000000000000004' [ 604.118902][T12201] 8021q: adding VLAN 0 to HW filter on device bond0 [ 604.186311][T12201] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.236959][ T6276] bridge0: port 1(bridge_slave_0) entered blocking state [ 604.244120][ T6276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 604.305124][ T6276] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.312317][ T6276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 604.357686][T12311] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1855'. [ 604.490815][T12311] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1855'. [ 604.505910][T12311] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 604.514992][T12311] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 604.524390][T12311] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 604.533582][T12311] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 604.543022][T12311] geneve2: entered allmulticast mode [ 605.020027][T12201] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 605.030980][T12201] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 605.091416][T12316] 9pnet_fd: Insufficient options for proto=fd [ 607.001858][ T6769] IPVS: stop unused estimator thread 0... [ 607.066292][T12334] FAULT_INJECTION: forcing a failure. [ 607.066292][T12334] name failslab, interval 1, probability 0, space 0, times 0 [ 607.131369][T12201] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 607.155642][T12334] CPU: 0 UID: 0 PID: 12334 Comm: syz.3.1865 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 607.166454][T12334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 607.176505][T12334] Call Trace: [ 607.179772][T12334] [ 607.182691][T12334] dump_stack_lvl+0x241/0x360 [ 607.187368][T12334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 607.192554][T12334] ? __pfx__printk+0x10/0x10 [ 607.197131][T12334] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 607.202664][T12334] ? __pfx___might_resched+0x10/0x10 [ 607.207952][T12334] should_fail_ex+0x3b0/0x4e0 [ 607.212622][T12334] ? getname_kernel+0x59/0x2f0 [ 607.217370][T12334] should_failslab+0xac/0x100 [ 607.222035][T12334] ? getname_kernel+0x59/0x2f0 [ 607.226787][T12334] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 607.232150][T12334] getname_kernel+0x59/0x2f0 [ 607.236725][T12334] kern_path+0x1d/0x50 [ 607.240780][T12334] ovl_parse_layer+0x34e/0x1080 [ 607.245702][T12334] ? __pfx_ovl_parse_layer+0x10/0x10 [ 607.251007][T12334] ? rcu_is_watching+0x15/0xb0 [ 607.255774][T12334] ? trace_kmalloc+0x1f/0xd0 [ 607.260705][T12334] ? __asan_memcpy+0x40/0x70 [ 607.265298][T12334] ovl_parse_param+0xc87/0x10b0 [ 607.270145][T12334] ? __pfx_ovl_parse_param+0x10/0x10 [ 607.275423][T12334] ? static_key_count+0x41/0x70 [ 607.280264][T12334] vfs_parse_fs_param+0x1a5/0x420 [ 607.285287][T12334] ? __pfx_ovl_next_opt+0x10/0x10 [ 607.290297][T12334] vfs_parse_monolithic_sep+0x2d9/0x420 [ 607.295835][T12334] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 607.301898][T12334] do_new_mount+0x28f/0xb40 [ 607.304491][T11178] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 607.306476][T12334] ? __pfx_do_new_mount+0x10/0x10 [ 607.319038][T12334] __se_sys_mount+0x2d6/0x3c0 [ 607.323715][T12334] ? __pfx___se_sys_mount+0x10/0x10 [ 607.328908][T12334] ? do_syscall_64+0x100/0x230 [ 607.333664][T12334] ? __x64_sys_mount+0x20/0xc0 [ 607.338417][T12334] do_syscall_64+0xf3/0x230 [ 607.342910][T12334] ? clear_bhb_loop+0x35/0x90 [ 607.347576][T12334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.353454][T12334] RIP: 0033:0x7fb85177e719 [ 607.357858][T12334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 607.377456][T12334] RSP: 002b:00007fb852568038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 607.385858][T12334] RAX: ffffffffffffffda RBX: 00007fb851935f80 RCX: 00007fb85177e719 [ 607.393832][T12334] RDX: 0000000020000380 RSI: 0000000020000140 RDI: 0000000000000000 [ 607.401807][T12334] RBP: 00007fb852568090 R08: 00000000200003c0 R09: 0000000000000000 [ 607.409799][T12334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 607.417762][T12334] R13: 0000000000000000 R14: 00007fb851935f80 R15: 00007ffea29000c8 [ 607.425749][T12334] [ 607.500159][T12334] overlayfs: failed to resolve './file0': -12 [ 607.614851][T11178] usb 6-1: Using ep0 maxpacket: 16 [ 607.634732][T11178] usb 6-1: config 0 has an invalid interface number: 4 but max is 0 [ 607.661262][T11178] usb 6-1: config 0 has no interface number 0 [ 607.818783][T11178] usb 6-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 607.969948][T11178] usb 6-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 608.088382][T11178] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 608.134237][T11178] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.169731][T11178] usb 6-1: config 0 descriptor?? [ 608.449795][T12352] : renamed from bond0 [ 610.479500][T12201] veth0_vlan: entered promiscuous mode [ 610.534919][T12201] veth1_vlan: entered promiscuous mode [ 610.678387][T12201] veth0_macvtap: entered promiscuous mode [ 610.704832][T12201] veth1_macvtap: entered promiscuous mode [ 610.851716][T12201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 610.997104][T12201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.016027][T12201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 611.037202][T12201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.311133][T12201] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 611.666596][T12201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.687653][T12201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.697640][T12201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.708559][T12201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.718715][T12201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 611.729351][T12201] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 611.745606][T12201] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 611.754851][T11178] usbhid 6-1:0.4: can't add hid device: -71 [ 611.762914][T11178] usbhid 6-1:0.4: probe with driver usbhid failed with error -71 [ 611.773307][T11178] usb 6-1: USB disconnect, device number 12 [ 611.788817][T12201] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.797996][T12201] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.807532][T12201] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 611.889088][T12201] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 613.870188][ T5933] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 613.885281][ T5933] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.065394][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 614.488694][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 614.530038][T12403] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1882'. [ 614.707029][T12408] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1883'. [ 616.509665][T12422] 9pnet_fd: Insufficient options for proto=fd [ 617.572003][T12443] openvswitch: netlink: Actions may not be safe on all matching packets [ 618.721505][T12460] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1897'. [ 619.287092][T12479] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1904'. [ 620.014069][T12490] macvtap1: entered promiscuous mode [ 620.022594][T12490] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 620.067539][T12490] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 620.287547][T12499] loop2: detected capacity change from 0 to 7 [ 620.295963][T12499] Dev loop2: unable to read RDB block 7 [ 620.296030][T12499] loop2: unable to read partition table [ 620.296188][T12499] loop2: partition table beyond EOD, truncated [ 620.296217][T12499] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 620.922739][ T5917] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 621.043251][T12520] 9pnet_fd: Insufficient options for proto=fd [ 621.182634][ T5917] usb 1-1: Using ep0 maxpacket: 16 [ 621.249821][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.437006][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 621.605692][ T5917] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 621.618656][ T5917] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 621.628107][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.680685][ T5917] usb 1-1: config 0 descriptor?? [ 621.908288][T12527] netlink: 'syz.3.1918': attribute type 13 has an invalid length. [ 621.916339][T12527] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1918'. [ 621.926024][T12527] erspan0: refused to change device tx_queue_len [ 621.932689][T12527] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 623.591197][T12547] fuse: Unknown parameter 'fd0x0000000000000004' [ 623.686469][T12550] futex_wake_op: syz.1.1926 tries to shift op by 32; fix this program [ 624.245477][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.252035][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.996966][ T5917] usbhid 1-1:0.0: can't add hid device: -71 [ 625.003107][ T5917] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 625.149243][ T5917] usb 1-1: USB disconnect, device number 33 [ 625.525480][T12576] block device autoloading is deprecated and will be removed. [ 625.990053][T12577] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1933'. [ 626.985626][T12587] fuse: Bad value for 'fd' [ 627.106615][T12591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1938'. [ 627.192573][T12596] futex_wake_op: syz.3.1941 tries to shift op by 32; fix this program [ 627.798706][T12599] netlink: 'syz.6.1942': attribute type 4 has an invalid length. [ 631.740649][T12651] futex_wake_op: syz.6.1956 tries to shift op by 32; fix this program [ 631.753731][T12652] fuse: Bad value for 'user_id' [ 631.758636][T12652] fuse: Bad value for 'user_id' [ 631.831986][T12654] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1957'. [ 631.943702][T12644] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1951'. [ 632.251154][T12667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1959'. [ 632.277123][T12660] FAULT_INJECTION: forcing a failure. [ 632.277123][T12660] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 632.330215][T12660] CPU: 1 UID: 0 PID: 12660 Comm: syz.0.1958 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 632.341031][T12660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 632.351119][T12660] Call Trace: [ 632.354415][T12660] [ 632.357356][T12660] dump_stack_lvl+0x241/0x360 [ 632.362059][T12660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 632.367276][T12660] ? __pfx__printk+0x10/0x10 [ 632.371876][T12660] ? snprintf+0xda/0x120 [ 632.376130][T12660] should_fail_ex+0x3b0/0x4e0 [ 632.380810][T12660] _copy_to_user+0x31/0xb0 [ 632.385260][T12660] simple_read_from_buffer+0xca/0x150 [ 632.390636][T12660] proc_fail_nth_read+0x1e9/0x250 [ 632.395661][T12660] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 632.401211][T12660] ? rw_verify_area+0x55e/0x6f0 [ 632.406060][T12660] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 632.411626][T12660] vfs_read+0x1fc/0xb70 [ 632.415789][T12660] ? fdget_pos+0x24e/0x320 [ 632.420205][T12660] ? __pfx_vfs_read+0x10/0x10 [ 632.424884][T12660] ? __fget_files+0x3f3/0x470 [ 632.429570][T12660] ? fdget_pos+0x24e/0x320 [ 632.433989][T12660] ksys_read+0x183/0x2b0 [ 632.438234][T12660] ? __pfx_ksys_read+0x10/0x10 [ 632.443000][T12660] ? do_syscall_64+0x100/0x230 [ 632.447767][T12660] ? do_syscall_64+0xb6/0x230 [ 632.452443][T12660] do_syscall_64+0xf3/0x230 [ 632.456967][T12660] ? clear_bhb_loop+0x35/0x90 [ 632.461664][T12660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.467565][T12660] RIP: 0033:0x7f8cbb37d15c [ 632.471993][T12660] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 632.491609][T12660] RSP: 002b:00007f8cbc103030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 632.500027][T12660] RAX: ffffffffffffffda RBX: 00007f8cbb535f80 RCX: 00007f8cbb37d15c [ 632.508001][T12660] RDX: 000000000000000f RSI: 00007f8cbc1030a0 RDI: 000000000000000c [ 632.515968][T12660] RBP: 00007f8cbc103090 R08: 0000000000000000 R09: 0000000000000000 [ 632.523946][T12660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 632.531915][T12660] R13: 0000000000000000 R14: 00007f8cbb535f80 R15: 00007fffb70eb7d8 [ 632.539910][T12660] [ 634.200882][T12693] loop7: detected capacity change from 0 to 1 [ 634.932481][T12699] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1970'. [ 635.022171][T12701] futex_wake_op: syz.1.1971 tries to shift op by 32; fix this program [ 636.773884][T12715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1973'. [ 648.183473][ C1] sched: DL replenish lagged too much [ 693.758225][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 693.767674][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 807.222183][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 807.229156][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P12776/1:b..l P12772/1:b..l [ 807.238851][ C0] rcu: (detected by 0, t=10503 jiffies, g=45793, q=1724 ncpus=2) [ 807.246645][ C0] task:modprobe state:R running task stack:23072 pid:12772 tgid:12772 ppid:6769 flags:0x00004002 [ 807.259470][ C0] Call Trace: [ 807.262749][ C0] [ 807.265673][ C0] __schedule+0x17fa/0x4bd0 [ 807.270175][ C0] ? __pfx_lock_release+0x10/0x10 [ 807.275189][ C0] ? validate_chain+0x11e/0x5920 [ 807.280135][ C0] ? __pfx___schedule+0x10/0x10 [ 807.284968][ C0] ? seqcount_lockdep_reader_access+0x1c1/0x220 [ 807.291199][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 807.297170][ C0] ? preempt_schedule+0xe1/0xf0 [ 807.302005][ C0] preempt_schedule_common+0x84/0xd0 [ 807.307278][ C0] preempt_schedule+0xe1/0xf0 [ 807.311939][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 807.317300][ C0] preempt_schedule_thunk+0x1a/0x30 [ 807.322489][ C0] unwind_next_frame+0x18f8/0x22d0 [ 807.327602][ C0] ? __slab_free+0x2ea/0x3d0 [ 807.332194][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 807.338426][ C0] arch_stack_walk+0x11c/0x150 [ 807.343177][ C0] ? qlist_free_all+0x9a/0x140 [ 807.347931][ C0] stack_trace_save+0x118/0x1d0 [ 807.352771][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 807.358138][ C0] save_stack+0xfb/0x1f0 [ 807.362370][ C0] ? __pfx_save_stack+0x10/0x10 [ 807.367212][ C0] ? free_unref_page+0xcd0/0xf00 [ 807.372150][ C0] ? __put_partials+0xeb/0x130 [ 807.376914][ C0] ? put_cpu_partial+0x17c/0x250 [ 807.381833][ C0] ? __slab_free+0x2ea/0x3d0 [ 807.386418][ C0] ? page_ext_get+0x20/0x2a0 [ 807.391106][ C0] __reset_page_owner+0x76/0x430 [ 807.396074][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 807.401277][ C0] free_unref_page+0xcd0/0xf00 [ 807.406056][ C0] __put_partials+0xeb/0x130 [ 807.410639][ C0] put_cpu_partial+0x17c/0x250 [ 807.415398][ C0] ? put_cpu_partial+0x70/0x250 [ 807.420240][ C0] __slab_free+0x2ea/0x3d0 [ 807.424649][ C0] ? __phys_addr+0xba/0x170 [ 807.429144][ C0] qlist_free_all+0x9a/0x140 [ 807.433726][ C0] kasan_quarantine_reduce+0x14f/0x170 [ 807.439188][ C0] __kasan_slab_alloc+0x23/0x80 [ 807.444030][ C0] kmem_cache_alloc_bulk_noprof+0x4fa/0x7c0 [ 807.449919][ C0] ? mas_alloc_nodes+0x26c/0x840 [ 807.454854][ C0] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 807.460208][ C0] ? kmem_cache_alloc_noprof+0x185/0x2a0 [ 807.465828][ C0] mas_alloc_nodes+0x3d5/0x840 [ 807.470587][ C0] mas_preallocate+0x554/0x8c0 [ 807.475348][ C0] ? __pfx_mas_preallocate+0x10/0x10 [ 807.480621][ C0] ? __mas_set_range+0x133/0x3c0 [ 807.485548][ C0] __split_vma+0x302/0xc50 [ 807.489952][ C0] ? __pfx_validate_chain+0x10/0x10 [ 807.495138][ C0] ? __pfx___split_vma+0x10/0x10 [ 807.500067][ C0] ? can_vma_merge_left+0x193/0x4c0 [ 807.505254][ C0] vma_modify+0x153a/0x1a80 [ 807.509749][ C0] ? __pfx_vma_modify+0x10/0x10 [ 807.514589][ C0] vma_modify_flags+0x3a5/0x430 [ 807.519425][ C0] ? __pfx_vma_modify_flags+0x10/0x10 [ 807.524788][ C0] mprotect_fixup+0x45a/0xaa0 [ 807.529458][ C0] ? __pfx_mprotect_fixup+0x10/0x10 [ 807.534642][ C0] ? mas_find+0x950/0xbb0 [ 807.538958][ C0] do_mprotect_pkey+0x8d4/0xd70 [ 807.543792][ C0] ? __might_fault+0xaa/0x120 [ 807.548460][ C0] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 807.553815][ C0] ? __might_fault+0xaa/0x120 [ 807.558489][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 807.564807][ C0] ? do_syscall_64+0x100/0x230 [ 807.569562][ C0] __x64_sys_mprotect+0x80/0x90 [ 807.574402][ C0] do_syscall_64+0xf3/0x230 [ 807.578891][ C0] ? clear_bhb_loop+0x35/0x90 [ 807.583572][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.589449][ C0] RIP: 0033:0x7f7f384a4bb7 [ 807.593852][ C0] RSP: 002b:00007ffdb514fdb8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 807.602262][ C0] RAX: ffffffffffffffda RBX: 00007f7f38481fc0 RCX: 00007f7f384a4bb7 [ 807.610228][ C0] RDX: 0000000000000001 RSI: 0000000000001000 RDI: 00007f7f381f9000 [ 807.618962][ C0] RBP: 00007ffdb514fed0 R08: 00007ffdb514fd48 R09: 00007f7f384815c0 [ 807.626915][ C0] R10: 00007f7f381d8168 R11: 0000000000000206 R12: 00007f7f38481fc0 [ 807.634869][ C0] R13: 00007f7f384aceda R14: 00007f7f381f9f40 R15: 00007f7f381f9740 [ 807.642834][ C0] [ 807.645843][ C0] task:modprobe state:R running task stack:23072 pid:12776 tgid:12776 ppid:35 flags:0x00000002 [ 807.657562][ C0] Call Trace: [ 807.660823][ C0] [ 807.663743][ C0] __schedule+0x17fa/0x4bd0 [ 807.668253][ C0] ? 0xffffffffa0003b40 [ 807.672403][ C0] ? kernel_text_address+0xa7/0xe0 [ 807.677528][ C0] ? __kernel_text_address+0xd/0x40 [ 807.682715][ C0] ? arch_stack_walk+0xfd/0x150 [ 807.687564][ C0] ? __pfx___schedule+0x10/0x10 [ 807.692410][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 807.698390][ C0] ? preempt_schedule_irq+0xf0/0x1c0 [ 807.703674][ C0] preempt_schedule_irq+0xfb/0x1c0 [ 807.708768][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 807.714488][ C0] irqentry_exit+0x5e/0x90 [ 807.718888][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 807.724852][ C0] RIP: 0010:lock_acquire+0x0/0x550 [ 807.729949][ C0] Code: 05 7d 90 93 7e a9 00 ff ff 00 0f 95 c0 c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 807.749552][ C0] RSP: 0018:ffffc9000ab575f8 EFLAGS: 00000246 [ 807.755612][ C0] RAX: 0000000000000001 RBX: ffffea0001a8da00 RCX: 0000000000000002 [ 807.763567][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8e937da0 [ 807.771520][ C0] RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000000 [ 807.779473][ C0] R10: dffffc0000000000 R11: ffffed100c64ebdc R12: 0000000000000000 [ 807.787426][ C0] R13: 1ffffd4000351b40 R14: ffffffff82084b90 R15: ffffea0001a8da00 [ 807.795381][ C0] ? page_ext_get+0x20/0x2a0 [ 807.799968][ C0] page_ext_get+0x3d/0x2a0 [ 807.804377][ C0] ? page_ext_get+0x20/0x2a0 [ 807.808966][ C0] __page_table_check_zero+0xb1/0x350 [ 807.814329][ C0] free_unref_page+0xce4/0xf00 [ 807.819109][ C0] __put_partials+0xeb/0x130 [ 807.823687][ C0] put_cpu_partial+0x17c/0x250 [ 807.828435][ C0] ? put_cpu_partial+0x70/0x250 [ 807.833276][ C0] __slab_free+0x2ea/0x3d0 [ 807.837680][ C0] ? __phys_addr+0xba/0x170 [ 807.842175][ C0] qlist_free_all+0x9a/0x140 [ 807.846757][ C0] kasan_quarantine_reduce+0x14f/0x170 [ 807.852206][ C0] __kasan_slab_alloc+0x23/0x80 [ 807.857134][ C0] ? alloc_empty_file+0x9e/0x1d0 [ 807.862059][ C0] kmem_cache_alloc_noprof+0x135/0x2a0 [ 807.867505][ C0] alloc_empty_file+0x9e/0x1d0 [ 807.872265][ C0] path_openat+0x107/0x3590 [ 807.876775][ C0] ? stack_trace_save+0x118/0x1d0 [ 807.881782][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 807.887142][ C0] ? mark_lock+0x9a/0x360 [ 807.891466][ C0] ? __lock_acquire+0x1384/0x2050 [ 807.896481][ C0] ? __pfx_path_openat+0x10/0x10 [ 807.901417][ C0] do_filp_open+0x235/0x490 [ 807.905905][ C0] ? __pfx_do_filp_open+0x10/0x10 [ 807.910924][ C0] ? _raw_spin_unlock+0x28/0x50 [ 807.915757][ C0] ? alloc_fd+0x5a1/0x640 [ 807.920087][ C0] do_sys_openat2+0x13e/0x1d0 [ 807.924795][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 807.930023][ C0] __x64_sys_openat+0x247/0x2a0 [ 807.934884][ C0] ? __pfx___x64_sys_openat+0x10/0x10 [ 807.940249][ C0] ? exc_page_fault+0x590/0x8c0 [ 807.945094][ C0] ? do_syscall_64+0xb6/0x230 [ 807.949760][ C0] do_syscall_64+0xf3/0x230 [ 807.954259][ C0] ? clear_bhb_loop+0x35/0x90 [ 807.958928][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.964813][ C0] RIP: 0033:0x7f04671b49a4 [ 807.969210][ C0] RSP: 002b:00007ffcd7e093a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 807.977608][ C0] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00007f04671b49a4 [ 807.985579][ C0] RDX: 0000000000080000 RSI: 00007f04670d1707 RDI: 00000000ffffff9c [ 807.993553][ C0] RBP: 00007f04670d1707 R08: 0000000000000008 R09: 0000000000000001 [ 808.001516][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000080000 [ 808.009482][ C0] R13: 00007f04670d17fc R14: 0000000000000001 R15: 0000000000000000 [ 808.017452][ C0] [ 808.020479][ C0] rcu: rcu_preempt kthread starved for 9535 jiffies! g45793 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 808.031567][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 808.041518][ C0] rcu: RCU grace-period kthread stack dump: [ 808.047475][ C0] task:rcu_preempt state:R running task stack:24272 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 808.059195][ C0] Call Trace: [ 808.062463][ C0] [ 808.065384][ C0] __schedule+0x17fa/0x4bd0 [ 808.069887][ C0] ? __pfx___schedule+0x10/0x10 [ 808.074727][ C0] ? __pfx_lock_release+0x10/0x10 [ 808.079735][ C0] ? __asan_memset+0x23/0x50 [ 808.084312][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 808.090105][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 808.096436][ C0] ? schedule+0x90/0x320 [ 808.100670][ C0] schedule+0x14b/0x320 [ 808.104822][ C0] schedule_timeout+0x1be/0x310 [ 808.109681][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 808.115062][ C0] ? __pfx_process_timeout+0x10/0x10 [ 808.120353][ C0] ? prepare_to_swait_event+0x330/0x350 [ 808.125894][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 808.130733][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 808.135922][ C0] ? rcu_gp_init+0x1256/0x1630 [ 808.140679][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 808.145598][ C0] ? __pfx_rcu_watching_snap_save+0x10/0x10 [ 808.151478][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 808.156745][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 808.162629][ C0] ? finish_swait+0xd4/0x1e0 [ 808.167216][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 808.171795][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 808.176983][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 808.182866][ C0] ? __kthread_parkme+0x169/0x1d0 [ 808.187885][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 808.193066][ C0] kthread+0x2f0/0x390 [ 808.197123][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 808.202304][ C0] ? __pfx_kthread+0x10/0x10 [ 808.206881][ C0] ret_from_fork+0x4b/0x80 [ 808.211299][ C0] ? __pfx_kthread+0x10/0x10 [ 808.215966][ C0] ret_from_fork_asm+0x1a/0x30 [ 808.220734][ C0] [ 808.223739][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 808.230048][ C0] Sending NMI from CPU 0 to CPUs 1: [ 808.235254][ C1] NMI backtrace for cpu 1 [ 808.235268][ C1] CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 808.235287][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 808.235297][ C1] RIP: 0010:kvm_wait+0x250/0x2c0 [ 808.235320][ C1] Code: 3b 45 0f b6 f6 44 89 ff 44 89 f6 e8 6a 33 54 00 e8 d5 f9 5b 00 45 38 f7 75 15 66 90 e8 d9 32 54 00 0f 00 2d 72 8d c7 0a fb f4 50 fe ff ff e8 c6 32 54 00 fb e9 45 fe ff ff 89 d9 80 e1 07 38 [ 808.235334][ C1] RSP: 0018:ffffc900001e6ee0 EFLAGS: 00000246 [ 808.235349][ C1] RAX: ffffffff8140a727 RBX: ffff888059878900 RCX: ffff88801da88000 [ 808.235362][ C1] RDX: 0000000000000100 RSI: ffffffff8c0acac0 RDI: ffffffff8c6035e0 [ 808.235374][ C1] RBP: ffffc900001e6fb0 R08: ffffffff94298987 R09: 1ffffffff2853130 [ 808.235387][ C1] R10: dffffc0000000000 R11: fffffbfff2853131 R12: 1ffff9200003cde0 [ 808.235400][ C1] R13: dffffc0000000000 R14: 0000000000000003 R15: 0000000000000003 [ 808.235412][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 808.235426][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 808.235438][ C1] CR2: 00007f6797f09178 CR3: 00000000351e6000 CR4: 00000000003526f0 [ 808.235454][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 808.235464][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 808.235474][ C1] Call Trace: [ 808.235482][ C1] [ 808.235488][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 808.235513][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 808.235538][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 808.235561][ C1] ? nmi_handle+0x2a/0x5a0 [ 808.235585][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 808.235606][ C1] ? nmi_handle+0x14f/0x5a0 [ 808.235621][ C1] ? nmi_handle+0x2a/0x5a0 [ 808.235638][ C1] ? kvm_wait+0x250/0x2c0 [ 808.235654][ C1] ? default_do_nmi+0x63/0x160 [ 808.235679][ C1] ? exc_nmi+0x123/0x1f0 [ 808.235702][ C1] ? end_repeat_nmi+0xf/0x53 [ 808.235723][ C1] ? kvm_wait+0x247/0x2c0 [ 808.235740][ C1] ? kvm_wait+0x250/0x2c0 [ 808.235756][ C1] ? kvm_wait+0x250/0x2c0 [ 808.235773][ C1] ? kvm_wait+0x250/0x2c0 [ 808.235789][ C1] [ 808.235794][ C1] [ 808.235802][ C1] ? __pfx_kvm_wait+0x10/0x10 [ 808.235818][ C1] ? __pfx_pv_hash+0x10/0x10 [ 808.235839][ C1] ? rcu_is_watching+0x15/0xb0 [ 808.235858][ C1] __pv_queued_spin_lock_slowpath+0x8d0/0xdb0 [ 808.235884][ C1] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 808.235911][ C1] queued_spin_lock_slowpath+0x42/0x50 [ 808.235932][ C1] do_raw_spin_lock+0x272/0x370 [ 808.235955][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 808.235974][ C1] ? arch_stack_walk+0x11c/0x150 [ 808.235996][ C1] __dev_queue_xmit+0x17ca/0x3ed0 [ 808.236025][ C1] ? __dev_queue_xmit+0x2da/0x3ed0 [ 808.236045][ C1] ? stack_depot_save_flags+0x29/0x830 [ 808.236065][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 808.236085][ C1] ? kasan_save_track+0x51/0x80 [ 808.236106][ C1] ? kasan_save_track+0x3f/0x80 [ 808.236125][ C1] ? __kasan_slab_alloc+0x66/0x80 [ 808.236147][ C1] ? kmem_cache_alloc_noprof+0x135/0x2a0 [ 808.236163][ C1] ? skb_clone+0x20c/0x390 [ 808.236183][ C1] ? can_can_gw_rcv+0x3ce/0x1070 [ 808.236204][ C1] ? can_rcv_filter+0x20b/0x7f0 [ 808.236222][ C1] ? can_receive+0x31c/0x470 [ 808.236241][ C1] ? can_rcv+0x144/0x260 [ 808.236258][ C1] ? __netif_receive_skb+0x2e0/0x650 [ 808.236280][ C1] ? process_backlog+0x662/0x15b0 [ 808.236295][ C1] ? __napi_poll+0xcb/0x490 [ 808.236316][ C1] ? net_rx_action+0x89b/0x1240 [ 808.236330][ C1] ? handle_softirqs+0x2c5/0x980 [ 808.236350][ C1] ? run_ksoftirqd+0xca/0x130 [ 808.236371][ C1] ? smpboot_thread_fn+0x544/0xa30 [ 808.236392][ C1] ? kthread+0x2f0/0x390 [ 808.236406][ C1] ? ret_from_fork+0x4b/0x80 [ 808.236428][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 808.236463][ C1] ? __copy_skb_header+0x437/0x5b0 [ 808.236486][ C1] can_send+0x8b3/0xcd0 [ 808.236503][ C1] ? __copy_skb_header+0x437/0x5b0 [ 808.236528][ C1] ? __pfx_can_send+0x10/0x10 [ 808.236548][ C1] ? skb_clone+0x240/0x390 [ 808.236568][ C1] ? can_can_gw_rcv+0x3c1/0x1070 [ 808.236584][ C1] can_can_gw_rcv+0xde7/0x1070 [ 808.236603][ C1] ? __pfx_can_can_gw_rcv+0x10/0x10 [ 808.236617][ C1] can_rcv_filter+0x20b/0x7f0 [ 808.236637][ C1] ? can_receive+0x1cd/0x470 [ 808.236655][ C1] ? can_receive+0x1cd/0x470 [ 808.236674][ C1] can_receive+0x31c/0x470 [ 808.236695][ C1] can_rcv+0x144/0x260 [ 808.236713][ C1] ? __pfx_can_rcv+0x10/0x10 [ 808.236732][ C1] __netif_receive_skb+0x2e0/0x650 [ 808.236757][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 808.236779][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 808.236801][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 808.236825][ C1] ? __pfx_lock_release+0x10/0x10 [ 808.236848][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 808.236870][ C1] process_backlog+0x662/0x15b0 [ 808.236888][ C1] ? process_backlog+0x33b/0x15b0 [ 808.236907][ C1] ? __pfx_process_backlog+0x10/0x10 [ 808.236922][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 808.236946][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 808.236971][ C1] __napi_poll+0xcb/0x490 [ 808.236995][ C1] net_rx_action+0x89b/0x1240 [ 808.237021][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 808.237038][ C1] ? rcu_qs+0xf1/0x190 [ 808.237061][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 808.237089][ C1] handle_softirqs+0x2c5/0x980 [ 808.237112][ C1] ? run_ksoftirqd+0xca/0x130 [ 808.237135][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 808.237161][ C1] run_ksoftirqd+0xca/0x130 [ 808.237183][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 808.237213][ C1] ? __pfx_ksoftirqd_should_run+0x10/0x10 [ 808.237235][ C1] ? smpboot_thread_fn+0x2d3/0xa30 [ 808.237256][ C1] ? smpboot_thread_fn+0x4fb/0xa30 [ 808.237276][ C1] ? smpboot_thread_fn+0x656/0xa30 [ 808.237298][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 808.237319][ C1] smpboot_thread_fn+0x544/0xa30 [ 808.237341][ C1] ? smpboot_thread_fn+0x4e/0xa30 [ 808.237365][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 808.237386][ C1] kthread+0x2f0/0x390 [ 808.237401][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 808.237423][ C1] ? __pfx_kthread+0x10/0x10 [ 808.237438][ C1] ret_from_fork+0x4b/0x80 [ 808.237460][ C1] ? __pfx_kthread+0x10/0x10 [ 808.237475][ C1] ret_from_fork_asm+0x1a/0x30 [ 808.237504][ C1]