last executing test programs: 29m31.467498856s ago: executing program 32 (id=431): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x2000000000000069, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a5"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r0, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x60, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0xfdef}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000600)='z', 0xfdef}], 0x1}}], 0x3, 0x0) socket$l2tp6(0xa, 0x2, 0x73) socket$inet6(0xa, 0x3, 0x8000000003c) socket$igmp6(0xa, 0x3, 0x2) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 25m8.763401484s ago: executing program 33 (id=907): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000006000/0x4000)=nil) openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x1ff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x10001, 0x6, 0x4, 0x1, 0x5, "ee807b216054ff758be89345f0a933f4ffa824", 0xac, 0x4}) r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r2, &(0x7f0000000000)=ANY=[], 0x920) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r5}, 0x10) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) prctl$PR_SET_VMA(0x23, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000040)='#\':-:)*!/^\xbb\x17(])}\x00') connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) syz_emit_ethernet(0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="ffffffbfffffbbbbbbbbbbbb86dd6002adf700383aff00000000000000000000ffff0a010102ff02000000000000243154a80000000102009078000000006000641a00003aff00000000000000b3a9a07686b007c800ff0200000000000000000000000000011e520b4c951ee12e"], 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) madvise(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x16) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x59) 21m38.53663112s ago: executing program 34 (id=1615): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000040000000000000000000000959900000000000000cf8462acd3c51c940c77d511b7056ad638b08222990b4fc8e5a3425250c3bfb1b6e0"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) ftruncate(0xffffffffffffffff, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x700, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x100000000) 20m15.268003141s ago: executing program 3 (id=1785): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0xff, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000a1dac7a98e49edbfe648a8d9d4b020e782b025e52981d8f57a8e8bb99dfd3c3b74d974a1b37fce114f40b629115f276638dadb466bb7ac552d2c9d6a2aa6923fd5d5b0997ed7b025a99bed5dfdc67e1b7699bd252b0000000000000005439d1e40b0e1abc93234e0747816fa5f41279288ca215179d250"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$inet(0x2, 0x4000000000000001, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) r5 = socket$key(0xf, 0x3, 0x2) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r7}, 0x10) sendmsg$key(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020a000002"], 0x10}}, 0x0) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) 20m12.736156407s ago: executing program 3 (id=1789): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_netfilter(0x10, 0x3, 0xc) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNDEL(r6, 0x400448c9, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@set2={{0x28}, {{0x0, 0x40}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) 20m11.073501572s ago: executing program 3 (id=1790): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_netfilter(0x10, 0x3, 0xc) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0xb, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x230, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@set2={{0x28}, {{0x0, 0x40}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) 20m9.868481569s ago: executing program 3 (id=1793): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r0, 0x1) connect$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) 20m8.802551896s ago: executing program 3 (id=1795): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) 20m7.416269846s ago: executing program 3 (id=1797): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000001c0)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000300)) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x0) mmap(&(0x7f0000aed000/0x2000)=nil, 0x2000, 0x100000a, 0x4000010, 0xffffffffffffffff, 0x5f07e000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x18024, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r3 = socket$nl_generic(0x10, 0x3, 0x10) bind$vsock_stream(r3, &(0x7f0000000000)={0x10}, 0x10) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0xf}}) 19m52.060354965s ago: executing program 35 (id=1797): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000001c0)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000300)) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x0) mmap(&(0x7f0000aed000/0x2000)=nil, 0x2000, 0x100000a, 0x4000010, 0xffffffffffffffff, 0x5f07e000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x18024, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) r3 = socket$nl_generic(0x10, 0x3, 0x10) bind$vsock_stream(r3, &(0x7f0000000000)={0x10}, 0x10) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000004780)={'syz_tun\x00', &(0x7f0000000400)=@ethtool_link_settings={0xf}}) 7m31.544631821s ago: executing program 0 (id=2971): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x48, 0x0, r2, 0x21eae}}, 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r4) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000080), 0x6) ioctl$sock_bt_hci(r5, 0x400448e7, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6c0100000b0601080005840008800c00078008001c40000000080c000580050015000f0000001c00078018000180140002400000000000000000000000000000000018010780140017007465616d5f736c6176655f31000000000c00078008000a40000000040c0007800800084000000084100007800900130073797a32000000000c00078008000840000001ac20000880100007800a001100192702c5669d00000c00078008000a40000100000900020073797a30"], 0x16c}, 0x1, 0x0, 0x0, 0x4008000}, 0x44) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2c0000000d0a010e000000"], 0x2c}}, 0x0) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 7m28.682517667s ago: executing program 0 (id=2979): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$kcm(0xa, 0x3, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x200, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf25090002007379fa32000000000800410073697700140033006c6f000000000000000000000000000095cd84dd94a6551b86099cb852eff7a3e7d80c3bc3b0794d3e44c2e53ac065da4b93f4131bf21b8b91d863f3e9a4f0a168b92bff6aa3a9107aa764ee51f5019057f26b271d6aae78d6db021cdfe05297f80dbc903ce74d70cdf86bc33fc28a1d614ac9c19cd6d540c9797f3fd0031bbadcb0d15e280f9fa39d46c50ba19e448e6a0b9d0595c21ff76bbdf056c43c1bbc8c047e73fb96ee979948936934129a0a490d266307eaf545"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) r7 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_ifreq(r7, 0x8923, &(0x7f0000000040)={'lo\x00', @ifru_hwaddr=@multicast}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESHEX=0x0, @ANYRES32=0x0, @ANYBLOB="010000000000000008"], 0x28}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xffffffffffffcd8b, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r10, @ANYBLOB="0a0006000802110000000000380050800800030005ac0f0011000100cabee339084eeef109002471f40000000800070000000000050002"], 0x60}}, 0x0) 7m26.727120124s ago: executing program 0 (id=2982): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) socket$can_raw(0x1d, 0x3, 0x1) fcntl$setsig(0xffffffffffffffff, 0xa, 0x21) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_VERSION(r1, 0xc0406441, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff16, 0x0}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 7m22.850359917s ago: executing program 7 (id=2990): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$kcm(0xa, 0x3, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x200, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf25090002007379fa32000000000800410073697700140033006c6f000000000000000000000000000095cd84dd94a6551b86099cb852eff7a3e7d80c3bc3b0794d3e44c2e53ac065da4b93f4131bf21b8b91d863f3e9a4f0a168b92bff6aa3a9107aa764ee51f5019057f26b271d6aae78d6db021cdfe05297f80dbc903ce74d70cdf86bc33fc28a1d614ac9c19cd6d540c9797f3fd0031bbadcb0d15e280f9fa39d46c50ba19e448e6a0b9d0595c21ff76bbdf056c43c1bbc8c047e73fb96ee979948936934129a0a490d266307eaf545"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) r7 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_ifreq(r7, 0x8923, &(0x7f0000000040)={'lo\x00', @ifru_hwaddr=@multicast}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESHEX=0x0, @ANYRES32=0x0, @ANYBLOB="010000000000000008"], 0x28}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xffffffffffffcd8b, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r10, @ANYBLOB="0a0006000802110000000000380050800800030005ac0f0011000100cabee339084eeef109002471f40000000800070000000000050002"], 0x60}}, 0x0) 7m21.692115612s ago: executing program 7 (id=2993): r0 = inotify_init() sendfile(r0, 0xffffffffffffffff, &(0x7f0000000000)=0x5, 0x9) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) rt_sigprocmask(0x0, 0x0, 0x0, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = inotify_init() inotify_add_watch(r6, &(0x7f0000000300)='./file0\x00', 0xa50003d1) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000", @ANYRES32=r9, @ANYBLOB="080026008f0900000800b7"], 0x2c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24008040) r10 = syz_open_procfs(0x0, 0x0) readlinkat(r10, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000002780)=""/4112, 0x1010) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x2404c854) r11 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003000601000004000200110000", 0x5b}, {&(0x7f0000000680)='\'', 0x1}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0) 7m20.181109103s ago: executing program 7 (id=2994): syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r0 = socket$kcm(0xa, 0x3, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x200, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf25090002007379fa32000000000800410073697700140033006c6f000000000000000000000000000095cd84dd94a6551b86099cb852eff7a3e7d80c3bc3b0794d3e44c2e53ac065da4b93f4131bf21b8b91d863f3e9a4f0a168b92bff6aa3a9107aa764ee51f5019057f26b271d6aae78d6db021cdfe05297f80dbc903ce74d70cdf86bc33fc28a1d614ac9c19cd6d540c9797f3fd0031bbadcb0d15e280f9fa39d46c50ba19e448e6a0b9d0595c21ff76bbdf056c43c1bbc8c047e73fb96ee979948936934129a0a490d266307eaf545"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) r6 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_ifreq(r6, 0x8923, &(0x7f0000000040)={'lo\x00', @ifru_hwaddr=@multicast}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESHEX=0x0, @ANYRES32=0x0, @ANYBLOB="010000000000000008"], 0x28}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xffffffffffffcd8b, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 7m20.164362252s ago: executing program 0 (id=2995): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000130a01"], 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'\x00', 0x400}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000380)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) listen(r3, 0x1ad72f7) socket$inet6_icmp(0xa, 0x2, 0x3a) r4 = fanotify_init(0xf00, 0x1000) fanotify_mark(r4, 0x105, 0x5000003a, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r4, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 7m17.717177993s ago: executing program 7 (id=2999): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000130a01"], 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'\x00', 0x400}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000380)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) listen(r3, 0x1ad72f7) socket$inet6_icmp(0xa, 0x2, 0x3a) r4 = fanotify_init(0xf00, 0x1000) fanotify_mark(r4, 0x105, 0x5000003a, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r4, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 7m15.291947445s ago: executing program 0 (id=3002): syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r0 = socket$kcm(0xa, 0x3, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x200, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf25090002007379fa32000000000800410073697700140033006c6f000000000000000000000000000095cd84dd94a6551b86099cb852eff7a3e7d80c3bc3b0794d3e44c2e53ac065da4b93f4131bf21b8b91d863f3e9a4f0a168b92bff6aa3a9107aa764ee51f5019057f26b271d6aae78d6db021cdfe05297f80dbc903ce74d70cdf86bc33fc28a1d614ac9c19cd6d540c9797f3fd0031bbadcb0d15e280f9fa39d46c50ba19e448e6a0b9d0595c21ff76bbdf056c43c1bbc8c047e73fb96ee979948936934129a0a490d266307eaf545"], 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x810) r6 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_ifreq(r6, 0x8923, &(0x7f0000000040)={'lo\x00', @ifru_hwaddr=@multicast}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESHEX=0x0, @ANYRES32=0x0, @ANYBLOB="010000000000000008"], 0x28}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xffffffffffffcd8b, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 7m13.30038273s ago: executing program 7 (id=3003): syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) socket$kcm(0xa, 0x3, 0x3a) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0x200, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) 7m12.95085842s ago: executing program 0 (id=3004): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000130a01"], 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'\x00', 0x400}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000380)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) listen(r3, 0x1ad72f7) socket$inet6_icmp(0xa, 0x2, 0x3a) r4 = fanotify_init(0xf00, 0x1000) fanotify_mark(r4, 0x105, 0x5000003a, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r4, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 7m11.385141688s ago: executing program 7 (id=3006): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000130a01"], 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'\x00', 0x400}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000380)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) listen(r3, 0x1ad72f7) socket$inet6_icmp(0xa, 0x2, 0x3a) r4 = fanotify_init(0xf00, 0x1000) fanotify_mark(r4, 0x105, 0x5000003a, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r4, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 6m57.172246375s ago: executing program 36 (id=3004): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000130a01"], 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'\x00', 0x400}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000380)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) listen(r3, 0x1ad72f7) socket$inet6_icmp(0xa, 0x2, 0x3a) r4 = fanotify_init(0xf00, 0x1000) fanotify_mark(r4, 0x105, 0x5000003a, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r4, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 6m55.287094744s ago: executing program 37 (id=3006): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000130a01"], 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'\x00', 0x400}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r3, &(0x7f0000000380)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) listen(r3, 0x1ad72f7) socket$inet6_icmp(0xa, 0x2, 0x3a) r4 = fanotify_init(0xf00, 0x1000) fanotify_mark(r4, 0x105, 0x5000003a, r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r4, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 3m53.694898616s ago: executing program 9 (id=3449): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_route(0x10, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) syz_open_dev$rtc(&(0x7f0000000000), 0x0, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000027c0)=@newtaction={0xeb0, 0x30, 0xb, 0x0, 0x0, {}, [{0xe9c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x5}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0xe50, 0x2, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{{0x0, 0x0, 0x0, 0x0, 0x4}, 0x1}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffc}, {}, {}, {0x0, 0x2}, {}, {}, {}, {0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {0x0, 0x2000}, {0x0, 0x0, 0x0, 0x0, 0xec0}, {0x0, 0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x7f0}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3}, {}, {}, {0xfffffffc}, {0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {0x0, 0x4, 0x0, 0x0, 0x20000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {}, {0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x3}, {}, {}, {0x0, 0xcb1}, {}, {0x0, 0x0, 0x0, 0x80000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, {0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x2}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x1, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {0x2}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000040)={0x0, 0x1, 0xd, 0x2, 0x3}) mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f0000000080)={0xb6, 0x0, 0x8000000000000001}) read(r0, &(0x7f0000000280)=""/188, 0xbc) dup(0xffffffffffffffff) 3m46.127109724s ago: executing program 9 (id=3469): io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x20, 0x0) 3m45.218688577s ago: executing program 9 (id=3472): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000780)={0x0, 0x60, &(0x7f0000000280)={&(0x7f00000003c0)=@can_newroute={0x34, 0x18, 0x1, 0x70bd26, 0x0, {}, [@CGW_MOD_XOR={0x15, 0x3, {{{}, 0x0, 0x2, 0x0, 0x0, "8ca5be073cff296e"}, 0x2}}, @CGW_CS_XOR={0x8, 0x5, {0x0, 0xfc, 0x7}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40050}, 0x0) 3m45.098653276s ago: executing program 9 (id=3475): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x47000) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000004ab6f6b2335a55eaf61f00000000000000009500000000000000f08523ab465cdb36dfeff268d00992ca000c042eebc2958b2f6c443ac0c6fd331a9d2a46c1453a12079b51419b576c21e9bd3fd8dfc4eb14b50b707562707b8ce7d838503abff742575205a445ca4f70a5c77ede9814b832d21d67a1eaaa9d95a9264e1b4d16818bfc39914ab59b384aafca566e11ccefd6e4ac618b0dd2fc59"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) io_setup(0x3, 0x0) io_submit(0x0, 0x0, 0x0) syz_io_uring_setup(0x239, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) syz_emit_ethernet(0x0, 0x0, 0x0) syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000abe92710b1134200fe76010203010902"], 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'veth0_to_team\x00', 0x100}) write$cgroup_devices(r2, &(0x7f0000000100)=ANY=[], 0x9d87) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1, 0x0, 0x480000}, 0x18) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x141802) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x1, 0xb, 0xbe6}) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r3, 0x100000000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000100001002a000000000000000000000a60000000060a090400000000000000000200006d6564696174650000001c000280100002800c00028008000180fffffffc08000140000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a61e1612c625ea2fa51828d86100f9066a8ed74a57c71424c6440825b66d13598a3db64103173c7c62f810a17a5d25e8c25adfa5ebf3a43e3fde81e4d9f4e3929fb766c8c16f1cc90cde8923e0a701e9afc09f431b71cc683ee9f7fbd4d8acc816fecea3fe56a6d10a168c953b28eee00c2d69459541291a4"], 0x88}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2b, 0x25dfdbfb, {0x60, 0x0, 0x0, 0x0, {0x1, 0x5}, {0xffff, 0xc}, {0xffff, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x2400b091}, 0x3000c80c) creat(&(0x7f0000000400)='./bus\x00', 0x0) lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000140)=ANY=[@ANYBLOB="04"], 0x2, 0x0) finit_module(0xffffffffffffffff, 0x0, 0x100000000000000) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0x0, 0x36314d4e, 0x2, @discrete={0xb, 0x6}}) open(&(0x7f0000000240)='./file1\x00', 0x800001, 0x20) 3m41.889580432s ago: executing program 9 (id=3487): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) (async) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async) syz_open_dev$sndmidi(0x0, 0x2, 0x385101) (async) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x101800, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(r2, 0xc0045401, &(0x7f00000000c0)=0x111) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$alg(r3, &(0x7f0000000240)=""/4096, 0xfffffdef) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000040)={0x3, 0xfffffffe, 0xff}) (async) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 3m41.587162735s ago: executing program 9 (id=3491): socket$netlink(0x10, 0x3, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000240), &(0x7f0000000280)=0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, 0x0) open(0x0, 0x0, 0x0) r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000140)='#$*\x00', r4) keyctl$restrict_keyring(0xa, r4, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e') r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {@in6=@local, 0x0, 0x33}, @in=@remote, {}, {0x4}, {}, 0x0, 0x0, 0x2, 0x0, 0xa, 0x22}, [@algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x13c}}, 0x0) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)={0x21e, 0x2, 0x0, {{0x500, 0xdd, 0x0, 0x0, {}, 0x2810000, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pg>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, '\b\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, 0x0, 0xee01}}, 0x21e) 3m26.515880516s ago: executing program 38 (id=3491): socket$netlink(0x10, 0x3, 0x0) r0 = socket$tipc(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000240), &(0x7f0000000280)=0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, 0x0) open(0x0, 0x0, 0x0) r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000140)='#$*\x00', r4) keyctl$restrict_keyring(0xa, r4, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e') r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {@in6=@local, 0x0, 0x33}, @in=@remote, {}, {0x4}, {}, 0x0, 0x0, 0x2, 0x0, 0xa, 0x22}, [@algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x13c}}, 0x0) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000580)={0x21e, 0x2, 0x0, {{0x500, 0xdd, 0x0, 0x0, {}, 0x2810000, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pg>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x2, '\b\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0x0, 0x0, 0xee01}}, 0x21e) 2m47.177189648s ago: executing program 8 (id=3657): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x141842, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000380)) r1 = socket(0x1e, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b006c3fff670000d7c9000009000000010011c2177e32891bbde3d470eb4e2d8228", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) epoll_create1(0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYRESOCT=r2], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='contention_end\x00', r3}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x1}, 0x6) write$binfmt_misc(r4, &(0x7f0000000000), 0xd) writev(r0, &(0x7f0000000480)=[{&(0x7f00000006c0)="58423229a023a757ebc3663279be6e735ff7dd27d033d6cd52e2cb75364e57b960f6199139ac4097547e67b47456aa872f82fa247050293e64581f5add0e52b421a972b35798ab52952b95723aa7dc35dc10a7e72024fb2c2f15eda88b956268b4ca73a1ce74b77861eb67b1f7df3d", 0x45}], 0x1) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="8510000004000000950000000000000000950000000000000085100000fcffffff9500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000100008000000000800000008500000000000000000000000000000059e60882e570c74d87356f74f51be35ab7859d9d43d10491d20945af43fe7f044ebe856d12f2290b3f2b085ea9"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="60000000020601020000000000000000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000040008001240fffffffa11000300686173683a6e65742c6e657400000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 2m46.96153387s ago: executing program 8 (id=3658): getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in6=@dev, @in=@dev}}, {{@in=@multicast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xe8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)=0x3, 0x12) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r3, &(0x7f0000000340)='\b', 0x1, 0x0, 0x0, 0x0) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25) 2m45.859037809s ago: executing program 8 (id=3661): syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) (async) r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x2, @win={{0x9, 0x8001, 0xb, 0x4}, 0x0, 0x3ff, 0x0, 0x6, 0x0, 0x5f}}) socket$inet6_sctp(0xa, 0x1, 0x84) (async) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @multicast}) (async) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @multicast}) writev(r2, &(0x7f0000000480)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712", 0x15}, {&(0x7f00000001c0)="0100000000000000581f4578d05b328cb0a73c269beace4f933411460456457ea408d5d94969d4", 0x27}], 0x2) (async) writev(r2, &(0x7f0000000480)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712", 0x15}, {&(0x7f00000001c0)="0100000000000000581f4578d05b328cb0a73c269beace4f933411460456457ea408d5d94969d4", 0x27}], 0x2) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000480)={0x3, 0x5, 0xe, 0xda, 0x0, 0x18, 0x20, 0x7e, 0x3f, 0x3, 0xff, 0x7, 0xa0, 0x2}, 0xe) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x4, 0x2003, 0xc, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x4, 0x1, 0x1100, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000100b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018010000202070250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002200000018010000202070250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) (async) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) (async) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) 2m45.478274559s ago: executing program 8 (id=3663): syz_usb_connect(0x0, 0x24, &(0x7f0000000900)={{0x12, 0x1, 0x0, 0xe2, 0xdc, 0x1c, 0x40, 0x57c, 0x2200, 0x3d6c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6d, 0x75, 0xc8}}]}}]}}, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000180)=0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mountstats\x00') preadv2(r2, &(0x7f00000001c0)=[{&(0x7f0000002240)=""/148, 0x94}], 0x1, 0xd0d, 0x0, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r1, @in={{0x2, 0x1000, @empty}}, 0x7fff, 0x0, 0xd78e, 0x0, 0x5a1, 0x0, 0x7}, 0x9c) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000002c0)={r4, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x4, 0x29}, &(0x7f00000003c0)=0x9c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'ecryptfs', 0x20, 'user:', '&#,!\'\\4'}, 0x1d, 0xfffffffffffffffc) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) syz_usb_connect$cdc_ncm(0x0, 0x94, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x82, 0x2, 0x1, 0x2, 0x80, 0x80, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "ef4a963f"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x81, 0x6, 0x7ff, 0x60}, {0x6, 0x24, 0x1a, 0x81, 0x10}, [@network_terminal={0x7, 0x24, 0xa, 0x0, 0x3, 0xd, 0x8}, @mbim={0xc, 0x24, 0x1b, 0x0, 0x1b, 0x6, 0x3, 0x1, 0x9}, @mbim_extended={0x8, 0x24, 0x1c, 0x4b, 0x6}, @dmm={0x7, 0x24, 0x14, 0x7, 0x9}]}, {{0x9, 0x5, 0x81, 0x3, 0x20, 0xa1, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x9a, 0xd, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x77, 0x5, 0x9}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x65, 0xbc, 0x90, 0x8, 0x2e}, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="000f050000"], 0x4, [{0x52, &(0x7f0000000140)=@string={0x52, 0x3, "5f24250953e4d3743664a26a0063b08758fee969692f9e741fcc5c07e5dcb2328e58c4088d2f27796900b3862c075ab8f50c95562924e5c7be5ec605046a4e57a21e4a4418678bba4be6da94426a06fb"}}, {0x60, &(0x7f00000001c0)=@string={0x60, 0x3, "2fade1f84830e7c752f98106b88064ca5fc73743442709449c50b5d11d5af2a57c8f3457efdf1d08930921889a0e55791e58e16389a4db169d3c167ea0b9d2dfd1be36e6a2428ccd60261a7e0fef890fd538ec560b28b8c0fb4b0933979d"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x843}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0xf8ff}}]}) 2m43.443049221s ago: executing program 8 (id=3672): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000356ffc)=0xeb46, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) listen(r0, 0x2040000) 2m43.385029024s ago: executing program 8 (id=3673): r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x1054c3b7, 0x40801) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0xfff8, 0xd366, 0x10000, 0x5, 0x6}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12012, r2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) ioctl$SNDCTL_DSP_GETIPTR(r1, 0x800c5011, &(0x7f0000000100)) 2m27.368584824s ago: executing program 39 (id=3673): r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x1054c3b7, 0x40801) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000040)={'\x00', 0xfff8, 0xd366, 0x10000, 0x5, 0x6}) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12012, r2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) ioctl$SNDCTL_DSP_GETIPTR(r1, 0x800c5011, &(0x7f0000000100)) 13.454036102s ago: executing program 6 (id=4045): sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004084) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = socket$inet6(0xa, 0x806, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r4 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r4, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5, 0x12, 0xffffffffffffffff, 0x5333b000) r5 = accept4(r0, 0x0, 0x0, 0x0) r6 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno', @ANYRESHEX]) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, 0x0) sendmmsg(r5, &(0x7f0000001500), 0x588, 0x3000000) 12.547513058s ago: executing program 1 (id=4047): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000130a01"], 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000100)={'\x00', 0x400}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r2, &(0x7f0000000380)={{0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) listen(r2, 0x1ad72f7) socket$inet6_icmp(0xa, 0x2, 0x3a) r3 = fanotify_init(0xf00, 0x1000) fanotify_mark(r3, 0x105, 0x5000003a, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) readv(r3, &(0x7f0000000c40)=[{&(0x7f0000000500)=""/169, 0xffffffa0}], 0x1) 9.062453686s ago: executing program 5 (id=4058): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, 0x0, &(0x7f0000000100)) r2 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000001400b5952cbd7097024c0858dc0ce33b7400ffdbdf250a808000", @ANYRES32=r4, @ANYBLOB="14000100ff010000000000000000000000000001080008009c060000"], 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x1400000000000000) setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f00000000c0), 0x4) socket$nl_route(0x10, 0x3, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32], 0x50) mmap(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x2, 0x13, r5, 0x0) r6 = openat$smackfs_ptrace(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r6, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r7, 0x560e, &(0x7f0000000000)) ioctl$TIOCSWINSZ(r7, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5}) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPATH(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x28, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1}}}}}, 0x28}}, 0x8080) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002740)=ANY=[@ANYBLOB="a198af9e8c4acbacd4ba373dd77ab3ddf14fb64cfdb0a19df98f6c6526e525fc03272014466b61a7bdba7d57615b27d5e9ff0edd60ec84df84a46109b8cf0d59df092da8257861cc7cbcbbf690d1808be691", @ANYBLOB="3000000010000100edff39194618d94a6d2e855358fe3a34b0722bb4fd3b966b5572260b3e705430c1cfb9e508a0a4441a851216784fe34e508e29ade317d23ce853d09621f7231339e3e088a93d558f479d8f496f124ff0f95d09fb3a87a9eda46c4366091c537978cff766996807486d17123de1ffa512a0bd93e916c5358bd3d70238418b0bbbb0054ddc633e837dc44232e2994bbcc81534feb05661cbe4be7e727e7a6a542653cd3007e88fa45cdd7f1ec9e1ed73c8139540609993cb901166d3d8daf5e96aabbf4af12081b46171821b7930c20b7dfa6f2c5727c133159e43757174ed5297933b3002b8da6ecfb80befc3447dc0d40b70259b2daf5270f94e2bf901bed9452d1f3653104975282c4cf93b8194a63dff85f8551235f91d220998e19d0a3f246377d6d336359b33", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="ff43bad24a4e3cd4c5542592ec60fd37cd14ea40689b9765040176f179523f6ccc2fae0608d6779d43a447b32a58169cd7a3f47a488355ec7d125d64c28a1415f3f68b9c40428f0f534a4f123b161b88468d4f78bcd600bc3540f35c772c494fe4be74b6c764230bb0c1d51db1235aecf6c40f105a17b35e655e34cefa71f646210ec732bb6cff2b8f2d7780ace3cfacaaeaf7e54495ef0ba5537fd3d878c0d2e6d39a4e1d26ef0d9bf8e394ebf2e2cf4605a023a7e6d50a6459543757e7dce7277ef47dd6e91b7e3597a0d0254f5b054697a4f974acdb982ff82b431a5150804a5278b7f15c26ac1a36197b3b7de27a79d9df488b5a613bfa0fa0adc0f5ec5c709c14005f3bc84db911a53373c846a19c54bcf24b9d1e993591e6ccbf027cf190cc4f1ef1dac64c624098e246ec794aaa3d83dfc8d88f5ca6e4498ccdaf6a2d15268643cbd7ac02d095e4994d165bab36eb941ae6af54deff4ca7590d759ec575eaf993dfc5f25436ae0feac21195519851c562fedf7761edaf67e7bd6fb74303bcfa9ae43219eca0f06af07effbed3a9609245f6fd9fe2c5dae93f95e0e180030bb5dca4c3086d8510a8a627a6a9c8ba7677f72c9d45b8ee886baca781334269d9d030350ebaaee45a42bee21731cd08a93256ee580595aff7a21dcb947cb22c08cbb997b8214c0d1d4ac2d75682533825c04870fc4be9f198f7ee86aba27da8292c4f42d9865a3cb9e9e6dbe02b406dba123c2cab3503ce4db7e233f9c19bb3d24eda14553500373fd00b2f36d94f28c56782769044ca15ac32c2f3b5344ab1a5909b23d8194fc16d7a309a1f014e22288c0a50060b7a392f32a0fbd9105aeff1bdde6922841a3324df94ba0bad6bda602b612e772af756ad9f893d017d62804658ce39767dbb0635629240d30b8ee7f837421e391e97fefd552c7a9215b1ca35fcd287860df22c15ed2456b169270d538471b2a4803dad796c1fd370f68d862f2c3f5b50a9f57ac3a51dcf026e290778ea2b48e86c1f0c18283d2fd95e53dbcfdceec3ee8494c226784f009b41279c24ee0f4f86c3c69f8cf1233b97296826d373dd6f6009e7e2d42ce2e0697be983484cd33617e3ebb490f041cdb7c753be6237e826482a6a9b6f1edc328efe073257cbc286efed65f86283eb5d80b624a1a17d59df9d3d5f002e276d40d52fae2490ee1cf68513145f621b3a25867c72ea3628ec451853c48bde63a668417aacafabe4097c88bcb9ab1af09e9736fc3d37297e1d3cf5c38d37ee90e675b64c289f032620a6c9d2239f4fc23041aa0121b46e3b0319ca3cee2ce397a242d53e4c9d5e4fe282dc650c3fd46efa9af477de1206e66437a5f9b6ebbc642f3168c28edf4b922b1ed3b196a5e1aa638c864671e60113cf5d61d40d107608a63cedad07b36e14d3eb62d0496fac660e2fe21b4533520092d257f449d7483318c9e460e3de9ecaa07bb419f76f4e80d46413ace4c3537981e2f0c5c845f74ed359ff85d0fcf1b825402bddd9623e8ce971ae402b10fd11627ba83cfa8343255a41dfd3ef4961e9ee552a872ef7f71cad18e253d7d750df31f67ce04fce4948f61a50c6ea2cfd7355987a1c221243c0969f2adc2e7efd85f95eb188f4f97b2620d4708525039fabf5ad81bfd8396ab0839caa00fdce309f4af8bf18939019805c5043f9244941788b092545751d5f83927c53302d3e5a3cb90506f699311f682806485f513f3e6815db629c4f648b46a130aeca42d5371acba19c8eb7cc0773eb3798142d691d4331087bf8d30a66a38339529f773daf409c59f855fd5e5cd1bcbf980a2898b7c4b3375394a1c343670689bf72e6130bdd26f024a993ba156b50d6d23db35dad7fc16a4e10d2e16d347eadb752619fd9df7b14c5c0a000da8d8d84b2d5dd50fe0d61e93f6fdc87746760f26a48f9c3bd3f584e5e11690224dafd1694cbd62023241548da6794e0bf8a16aee2a3854c64e5999ec2e5b791301ff2249e310f864ac00ce84c1781567c6783a08b9526c681f88a92eae0c00760d7f159cc58248dbc4c95cf0bd478f5ab53a6e3cdb6e45b722dbea45dead1548105ecd4f7ffdfd82264b941c2c0a1b321beff5e0385977abd5ba50b9fefd43df472bb587dd76946fb57c09573bf2d078e38b59638b9c99ba5215dfc456924b6a109e659779e3cd58d92c278bf0594d1cd576cb037771d2e7f1cfb583009805e2772986e4b4e5132a536fcf9a2bb4e746578f8d61c4424b4717cdc233f5b2049ea13716b5abf06cfb4accbdde40e304c66e8bc709ff7092f5191e0b9dd884624ba8c3045524e26988d5dba0d675681b783f83f11c2788e2a9aa506050ea2ac8c2f92e41633b2a076048926c57b9c47f51e1991a165c9410d98ac3cb425479ac57cd6a862737ade87af6f4eb51918d8b8240ef0d3aca42f746ced4312b05ba2c13ea26ef7aab7e2e1cec7c639c07ffc141517a516b0257edd5e1bc26bcab6b91dda429270e428893726b30826cb77293eee780e65587aa599e5464f7fae074f4688eb89f88f5d020b14312b8242bb87833a34853989a5dd97124697c96e5836b43af65db41089b65b9795f85ef5806e0ba4c8a347398d23884d71d79988598756e850af90eb4aae42f8a285571b126686ed6d4dc30bd2fcb50f5006c433e16d8c1e23a8557ac790c1f404c8334d7e4b898cc015f0b739623275b44edeb7fa119723d3cf114f76d63ca95c0f5516e18319c0ad409b69945179567f9deb851c9d2182ac9e4377421a401bf9967b2301cf0e2cddc813ab6d3d9bc708beadc7831afc922125849f82c4539882361d79443b614b5550509a2f0347c66765881e78102c34083c4448c0abc89e6b040f824b0d35845de21e050aee0b30b046f2078b7f8a16dfd1dabe7d0762e67b155b5426fcfb9a2ece56af74b87438d2d5886d140f088926087c39697d00fbcc875a89100c58723a55603aa80474b63ca0974ecabd637d6021201ea2d31fe00d074b58b561168f9de6e849b5e55363559fcbc140c8088fd3c6c46247a88948d2c9c5c9c7b33be48ad4dfcc97f60fddf05df93dcedd73fc242f613e096c086872aef099066f760f1ba9ec55732b47b9867f4fb1362a6d2d32199b5b6f630626215d82fab668030a3f1c3e3b80726bd1fbb273046925899a5d221b62d105cbf981162503483b9df5d133e8fd2ead5ff89f8845c025d16bf4306c84023ba608d0ed2ce125666e2f46c6aaa10d8acd4375db1f2a561d11890c2dc05598e4929e7a7e665f0adf43a39906b37d7eedf27450298dc5b7f6e73b9d0825780e9255873cfe0b9608692825202f3db9a1b847dc1bbe375111432ee69a05aa3988c4df2a27be636b0f7709acdb8cc57a9ac33cb9652f8db552a8fce901189676454cc0fa848ed8e18649c4033c150d506a40dfbad0df9b381e007ced31413fe46883f38ea4d64e5279acda823c9f6c68ee6191b97a400b374a215d57c7bfac953604b623ea3fde9b6117bd17db7bf6246d582573572ce6906467428727b2949706cb41666f9a2f00f250f3b24ab04dda54c4047b804860cd2014e05e71c4e3835ed36b56bb08f49e26443f921834cbd51854b5fc876ed8b2fdc287f1dbe40921e427cbe83c0b56432b252b3e67d5416bc3d67f59a7392b2de325dbd6c5be8b520043418bf68747060af3573390ee58c0a711d91cefa2872a0e19955d2d5c7386794d81e64720cdba9d1e79b2447c23b04377cf10db6eb16af78e021f8bac6684f7a22623347b8be1dc4fa39718d06e45eafec1f9cc5a1746f596524d29449147b9e740da87573a24482a59ee2886a2798d6df7a9ca456d9c1c370f58e25dc08a0bc28171c6818c64ecac38ecf4aea8f54a1c5719798a0a9fdb2a1f4deba240596c15e26d4520f2b05817a32611fb92612efcdb1f57cd946dcecfc3efd67a118ce3c0cc6cee2f38fad48f8bf07a1ab139f7891b24dc3b57a5d551b16dc431cf27457c5adb1ee5f1d26866c69230f72245a257939ce4ef7f5bad51afc69b89f1a33dc9a279dbbd5e2f761ec3d1a7f8a68881ada2392a7ecc072cdb5e4b63fc725bfb4e19aa091c84ac907c48dc23d7fe81114690f6c1674a24d7afa885e005d2bc94d6154a8f41cebc493a319b263e2ae572ea16764cc24143d7c38a419f3d487cd74085fdf8d8f01faf1ebb727c67fd33ff01c45c99bea94b687611f3f3d3c02a3d6d971f682db17c1426e3eae4a8d75a4e477be6a15337de0ce9953a048b24ed410b16dca8526b91e99f2d5c63f8f2aa994bd0b24de15810b0d405d46850e0fbe4228a80f5a51f0d19a952ff8f43e200ee757946adfa66831c31e752af26b0e73dadad0664bad6b8bc93698de9ba563d7f6af0b1080576553aabeded44c58e2811e4be023614ef71aba003fa77e9644568414422c13b8b7f44567d34968b7c055cec045e421e1df34b6c6e77802fd28aafb14aa119e2ce826f186d23c02df9e3a9dc2fcd0217aa764903ed0f5b22709593142fbc83bb6eb1e22510f659b1912a28b3750cfd93c94b362ff71b2ff8fef08eb05d75a08003ff38457ce9cff0ee778080e70c7c6778476ae1295570178303a20c7d728d1a97a80a16456f974b2ccffc756ab0622d34132eb080ae0a73d00fec0304e236bf9861273bed57a0f440ac92d92657098706a13b09c32d5b0aca6d68dccb55c563423c452801345d4fceedc26fe740c8395e532f541ddb01571cfb0395c726906e5ab2e2dce0542f2913c35261d835d2fab5ce6cddd2ffe9d626bd25ec0415cfca81be416f90da748976480634ae3352fa365f0ecf46f74f47c4738f7811e19999c4f244fdda32a9505617070a8d69870ab537e835aa9e1ae3739c3a3c7914bc817258c8f9ca89994cc5ae5e358e0b79e2eae4cfa5f7b8ef003a12d7cbeca08bca9af627957b5b18a154fa3ea85a6691252c937b8021a0c1cd71ffbe1177a873c78b4ff612660a5a42d318dab7570cb45bd6e1e33cb26caec1309eb913ebb772a3700cd7b9f220ec52efa74f7200fdbb27de4880e2ad6abe9e283fad5635c015b3d36e184cfdb6001b3508dbfffb348277e057622913e6dc34aa1d353d568993ff176b3cc58f216625455d0719716f79fcff44511039444d22d3ac0e231325162b0a66a372b23b50cad10bdfb06cf9bbefd89a67936f201e578964bd807b5b2db87e5290f522f61d002e01213c7f759c70528185ad8ac3edff8dd682f7bc956efd5ff0e3d623ef63a90c8481f83eaf28acf31ef9ccf34172fd922df0a3584f4605612e3b4cda8d436b0697ffdb292ebfa8bde562950cfb8beb2c03ab884a734960a79bace9a4e2cebab11adceddf7abf1e3ed553e421c22ccbd8662d0974dac7230db807f4320c1d3feb58512f1fe94a3ceea63bced42119ea427e58ace7a17dbe26178dfdcb7c5aad15a9bf9563b2278efb3d4f42a26dcd841fd7145872894e1a1feb6ea898aa310903a792a0eeb8b6c812461cbd749994373532610cfca82e115e277f3e67da388dcf6586357a1dad1dcd4570669f0e451b3839e7ab05325dfe2c1ec369c7cc6fec444bd4a5c043958b0bada7aed1234d39fb3297e8630fe3f622355e6602baec00c2e0385a2d8e8f24ccccceb6d60cc58a673171850e0e7aa96b348d89a768cbe84598629ed6aa4a7d6470fd814429d508df950f10bdc3c8839a02e33dc8b54ce202340e38f2d17efe978fd15787bfc54257eb5655019bfc327707cf1d6dba0ff279379cbb14eebcb208dd5efead220d5852c3233ecf"], 0x30}}, 0x50) openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 8.771905785s ago: executing program 2 (id=4059): sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004084) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = socket$inet6(0xa, 0x806, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r4 = accept4(r0, 0x0, 0x0, 0x0) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, 0x0) sendmmsg(r4, &(0x7f0000001500), 0x588, 0x3000000) 8.299091347s ago: executing program 5 (id=4060): r0 = syz_io_uring_setup(0x73d, &(0x7f00000000c0)={0x0, 0xffffffff, 0x0, 0xfffffffd}, &(0x7f0000000080), &(0x7f0000000540)) r1 = socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8003}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0) preadv2(r8, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/100, 0x64}], 0x3, 0x2b, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f0000000000), 0x4) r9 = socket$phonet_pipe(0x23, 0x5, 0x2) syz_io_uring_submit(r6, r7, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x11, r9, 0x0, 0x0, 0x0, 0x1, 0x1, {0x3}}) io_uring_enter(r5, 0x6e2, 0x3900, 0x1, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000040), 0x4) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0xc0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './bus'}}]}) syz_socket_connect_nvme_tcp() r10 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r10, 0xc00464b4, &(0x7f0000000400)) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x20, 0x0) 7.841558845s ago: executing program 6 (id=4061): socket$nl_netfilter(0x10, 0x3, 0xc) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0, {0xa, 0x2, 0x0, @local}}}, 0x80, 0x0}, 0x0) mkdir(0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)={@desc={0x4000, 0x0, @desc3}}) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x109000) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x9, 0x0, [0x0], [0xff, 0x0, 0x39a], [], [0x100000001]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r3, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r4}) 7.80513542s ago: executing program 1 (id=4062): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000002f9b0000000000000000b50000000f004083c5000000a0000a4095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000002c0)='io_uring_register\x00', r1}, 0x2a) r2 = io_uring_setup(0x1de0, &(0x7f0000000440)={0x0, 0x0, 0x40, 0xfffffff9, 0xd4}) io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0x14, 0x20000038, 0x0) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$bt_hci(r4, 0x84, 0x80, &(0x7f0000000000)=""/4102, &(0x7f00000010c0)=0x1006) sendto$isdn(r4, &(0x7f00000004c0)={0x3, 0x2, "8968dbcb998203f0f510870127f086411dee4d5df7a8af9e579d25eff30fe28654ee1166e51bfd208577157c5d7c5550cd6963e1aed267b6fc454b5ff2182581a8dafa25657655f6bbfa426fe319feaf0ad80af270e1607ace000ea9886a3bf8a36ec88c918de8e1e2d58402f96339cd6fd2a2f8faef0a07f13c7cab0c5c37f907a7105f44ab417e792ff30306ae734171443f10e693a222f1d912fc303006e273612646ad76ac58be145ce59606e76e77eed803365b159d01f2c8024647"}, 0xc6, 0x20040058, &(0x7f0000000300)={0x22, 0x19, 0x5, 0x7, 0x7}, 0x6) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f00000000c0)=0x10814, 0xffffffffffffffc2) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000280)=0x20, 0x4) r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000380), 0x40f83, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0xd) r7 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r8 = syz_io_uring_setup(0x119, &(0x7f0000000140)={0x0, 0xfad6, 0x400}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xf, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r8, 0x47f6, 0x0, 0x0, 0x0, 0x0) r11 = dup(r7) write$UHID_INPUT(r11, 0x0, 0x0) bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x0, r5}, 0x2a) r12 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r12, 0x11b, 0x3, &(0x7f0000000240)=0x800, 0x4) bind$xdp(r12, &(0x7f0000000100)={0x2c, 0x1, r5, 0xa, r0}, 0x10) r13 = syz_open_dev$evdev(&(0x7f0000000140), 0x7, 0x0) ioctl$EVIOCSKEYCODE_V2(r13, 0x40284504, &(0x7f0000000180)={0x4, 0x20, 0x72, 0x42, "b0dbdb9af8000000000000000000008f46000400"}) 6.851706896s ago: executing program 5 (id=4063): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4600000010003be8c1d80100", @ANYBLOB="22c9db1a1d89b86e0ab066c92531df52da3f5c2d38aeede8b0c8e93b5bbb581e8bf0fbc7166c890acaf6088279396a8d2007e363ba21271f6796d8910ad36e00319253714f4ae688fdc5602ce5c2", @ANYBLOB="0000000000000000140012800b00010065727370616e000004000280"], 0x34}}, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007ce7c810d804300a47ce0102030109022400010000000009040000020de67a0009050402ecffffffff08058102"], 0x0) 6.810398392s ago: executing program 4 (id=4064): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000) ioperm(0x0, 0xa, 0x7) unshare(0x2a060a00) r1 = syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x490000) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140)={0xeeee0000, 0x1000}) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000180)=0x0) sched_setscheduler(r2, 0x4, &(0x7f00000001c0)=0xce) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000ac0)=@newtaction={0x6c, 0x30, 0x405, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xffffffff, 0x0, 0x20000000}, 0x5}}, @TCA_MPLS_LABEL={0x8}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) unshare(0x10000000) 6.201565446s ago: executing program 2 (id=4065): socket$nl_netfilter(0x10, 0x3, 0xc) connect$inet6(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x0) mkdir(0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)={@desc={0x4000, 0x0, @desc3}}) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x109000) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x9, 0x0, [0x0], [0xff, 0x0, 0x39a], [], [0x100000001]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6}) 6.062979741s ago: executing program 1 (id=4066): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000005ec0)={0x0, 0x0, &(0x7f0000005e80)={0x0}, 0x1, 0x0, 0x0, 0x48000}, 0x48010) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r1, &(0x7f0000000000)="db", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(r1, 0x1) recvfrom$inet(r1, 0x0, 0xfffffffffffffd43, 0x40000143, 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000080)=0x100) write$binfmt_script(r2, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) 6.01792817s ago: executing program 4 (id=4067): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2714, &(0x7f0000019580)=""/102400, &(0x7f0000000000)=0x19000) 5.983272671s ago: executing program 6 (id=4068): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$kvm(0xffffffffffffff9c, 0x0, 0x670ac1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001500)) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1100000004000000032000000c0000000803", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/11], 0x50) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d0df91b5b090987f70906d038e7ff7fc6e5539b0d3d0e8b089b32346d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 5.446390273s ago: executing program 4 (id=4069): sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004084) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = socket$inet6(0xa, 0x806, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5, 0x12, 0xffffffffffffffff, 0x5333b000) r6 = accept4(r0, 0x0, 0x0, 0x0) r7 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno', @ANYRESHEX]) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, 0x0) sendmmsg(r6, &(0x7f0000001500), 0x588, 0x3000000) 5.316446097s ago: executing program 5 (id=4070): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r1, 0x0, 0x40, 0x0, &(0x7f0000000100)) r2 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000001400b5952cbd7097024c0858dc0ce33b7400ffdbdf250a808000", @ANYRES32=r4, @ANYBLOB="14000100ff010000000000000000000000000001080008009c060000"], 0x34}, 0x1, 0x0, 0x0, 0x20000004}, 0x1400000000000000) setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f00000000c0), 0x4) socket$nl_route(0x10, 0x3, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32], 0x50) mmap(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x2, 0x13, r5, 0x0) r6 = openat$smackfs_ptrace(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r6, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r7, 0x560e, &(0x7f0000000000)) ioctl$TIOCSWINSZ(r7, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5}) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPATH(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x28, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1}}}}}, 0x28}}, 0x8080) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002740)=ANY=[@ANYBLOB="a198af9e8c4acbacd4ba373dd77ab3ddf14fb64cfdb0a19df98f6c6526e525fc03272014466b61a7bdba7d57615b27d5e9ff0edd60ec84df84a46109b8cf0d59df092da8257861cc7cbcbbf690d1808be691", @ANYBLOB="3000000010000100edff39194618d94a6d2e855358fe3a34b0722bb4fd3b966b5572260b3e705430c1cfb9e508a0a4441a851216784fe34e508e29ade317d23ce853d09621f7231339e3e088a93d558f479d8f496f124ff0f95d09fb3a87a9eda46c4366091c537978cff766996807486d17123de1ffa512a0bd93e916c5358bd3d70238418b0bbbb0054ddc633e837dc44232e2994bbcc81534feb05661cbe4be7e727e7a6a542653cd3007e88fa45cdd7f1ec9e1ed73c8139540609993cb901166d3d8daf5e96aabbf4af12081b46171821b7930c20b7dfa6f2c5727c133159e43757174ed5297933b3002b8da6ecfb80befc3447dc0d40b70259b2daf5270f94e2bf901bed9452d1f3653104975282c4cf93b8194a63dff85f8551235f91d220998e19d0a3f246377d6d336359b33", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="ff43bad24a4e3cd4c5542592ec60fd37cd14ea40689b9765040176f179523f6ccc2fae0608d6779d43a447b32a58169cd7a3f47a488355ec7d125d64c28a1415f3f68b9c40428f0f534a4f123b161b88468d4f78bcd600bc3540f35c772c494fe4be74b6c764230bb0c1d51db1235aecf6c40f105a17b35e655e34cefa71f646210ec732bb6cff2b8f2d7780ace3cfacaaeaf7e54495ef0ba5537fd3d878c0d2e6d39a4e1d26ef0d9bf8e394ebf2e2cf4605a023a7e6d50a6459543757e7dce7277ef47dd6e91b7e3597a0d0254f5b054697a4f974acdb982ff82b431a5150804a5278b7f15c26ac1a36197b3b7de27a79d9df488b5a613bfa0fa0adc0f5ec5c709c14005f3bc84db911a53373c846a19c54bcf24b9d1e993591e6ccbf027cf190cc4f1ef1dac64c624098e246ec794aaa3d83dfc8d88f5ca6e4498ccdaf6a2d15268643cbd7ac02d095e4994d165bab36eb941ae6af54deff4ca7590d759ec575eaf993dfc5f25436ae0feac21195519851c562fedf7761edaf67e7bd6fb74303bcfa9ae43219eca0f06af07effbed3a9609245f6fd9fe2c5dae93f95e0e180030bb5dca4c3086d8510a8a627a6a9c8ba7677f72c9d45b8ee886baca781334269d9d030350ebaaee45a42bee21731cd08a93256ee580595aff7a21dcb947cb22c08cbb997b8214c0d1d4ac2d75682533825c04870fc4be9f198f7ee86aba27da8292c4f42d9865a3cb9e9e6dbe02b406dba123c2cab3503ce4db7e233f9c19bb3d24eda14553500373fd00b2f36d94f28c56782769044ca15ac32c2f3b5344ab1a5909b23d8194fc16d7a309a1f014e22288c0a50060b7a392f32a0fbd9105aeff1bdde6922841a3324df94ba0bad6bda602b612e772af756ad9f893d017d62804658ce39767dbb0635629240d30b8ee7f837421e391e97fefd552c7a9215b1ca35fcd287860df22c15ed2456b169270d538471b2a4803dad796c1fd370f68d862f2c3f5b50a9f57ac3a51dcf026e290778ea2b48e86c1f0c18283d2fd95e53dbcfdceec3ee8494c226784f009b41279c24ee0f4f86c3c69f8cf1233b97296826d373dd6f6009e7e2d42ce2e0697be983484cd33617e3ebb490f041cdb7c753be6237e826482a6a9b6f1edc328efe073257cbc286efed65f86283eb5d80b624a1a17d59df9d3d5f002e276d40d52fae2490ee1cf68513145f621b3a25867c72ea3628ec451853c48bde63a668417aacafabe4097c88bcb9ab1af09e9736fc3d37297e1d3cf5c38d37ee90e675b64c289f032620a6c9d2239f4fc23041aa0121b46e3b0319ca3cee2ce397a242d53e4c9d5e4fe282dc650c3fd46efa9af477de1206e66437a5f9b6ebbc642f3168c28edf4b922b1ed3b196a5e1aa638c864671e60113cf5d61d40d107608a63cedad07b36e14d3eb62d0496fac660e2fe21b4533520092d257f449d7483318c9e460e3de9ecaa07bb419f76f4e80d46413ace4c3537981e2f0c5c845f74ed359ff85d0fcf1b825402bddd9623e8ce971ae402b10fd11627ba83cfa8343255a41dfd3ef4961e9ee552a872ef7f71cad18e253d7d750df31f67ce04fce4948f61a50c6ea2cfd7355987a1c221243c0969f2adc2e7efd85f95eb188f4f97b2620d4708525039fabf5ad81bfd8396ab0839caa00fdce309f4af8bf18939019805c5043f9244941788b092545751d5f83927c53302d3e5a3cb90506f699311f682806485f513f3e6815db629c4f648b46a130aeca42d5371acba19c8eb7cc0773eb3798142d691d4331087bf8d30a66a38339529f773daf409c59f855fd5e5cd1bcbf980a2898b7c4b3375394a1c343670689bf72e6130bdd26f024a993ba156b50d6d23db35dad7fc16a4e10d2e16d347eadb752619fd9df7b14c5c0a000da8d8d84b2d5dd50fe0d61e93f6fdc87746760f26a48f9c3bd3f584e5e11690224dafd1694cbd62023241548da6794e0bf8a16aee2a3854c64e5999ec2e5b791301ff2249e310f864ac00ce84c1781567c6783a08b9526c681f88a92eae0c00760d7f159cc58248dbc4c95cf0bd478f5ab53a6e3cdb6e45b722dbea45dead1548105ecd4f7ffdfd82264b941c2c0a1b321beff5e0385977abd5ba50b9fefd43df472bb587dd76946fb57c09573bf2d078e38b59638b9c99ba5215dfc456924b6a109e659779e3cd58d92c278bf0594d1cd576cb037771d2e7f1cfb583009805e2772986e4b4e5132a536fcf9a2bb4e746578f8d61c4424b4717cdc233f5b2049ea13716b5abf06cfb4accbdde40e304c66e8bc709ff7092f5191e0b9dd884624ba8c3045524e26988d5dba0d675681b783f83f11c2788e2a9aa506050ea2ac8c2f92e41633b2a076048926c57b9c47f51e1991a165c9410d98ac3cb425479ac57cd6a862737ade87af6f4eb51918d8b8240ef0d3aca42f746ced4312b05ba2c13ea26ef7aab7e2e1cec7c639c07ffc141517a516b0257edd5e1bc26bcab6b91dda429270e428893726b30826cb77293eee780e65587aa599e5464f7fae074f4688eb89f88f5d020b14312b8242bb87833a34853989a5dd97124697c96e5836b43af65db41089b65b9795f85ef5806e0ba4c8a347398d23884d71d79988598756e850af90eb4aae42f8a285571b126686ed6d4dc30bd2fcb50f5006c433e16d8c1e23a8557ac790c1f404c8334d7e4b898cc015f0b739623275b44edeb7fa119723d3cf114f76d63ca95c0f5516e18319c0ad409b69945179567f9deb851c9d2182ac9e4377421a401bf9967b2301cf0e2cddc813ab6d3d9bc708beadc7831afc922125849f82c4539882361d79443b614b5550509a2f0347c66765881e78102c34083c4448c0abc89e6b040f824b0d35845de21e050aee0b30b046f2078b7f8a16dfd1dabe7d0762e67b155b5426fcfb9a2ece56af74b87438d2d5886d140f088926087c39697d00fbcc875a89100c58723a55603aa80474b63ca0974ecabd637d6021201ea2d31fe00d074b58b561168f9de6e849b5e55363559fcbc140c8088fd3c6c46247a88948d2c9c5c9c7b33be48ad4dfcc97f60fddf05df93dcedd73fc242f613e096c086872aef099066f760f1ba9ec55732b47b9867f4fb1362a6d2d32199b5b6f630626215d82fab668030a3f1c3e3b80726bd1fbb273046925899a5d221b62d105cbf981162503483b9df5d133e8fd2ead5ff89f8845c025d16bf4306c84023ba608d0ed2ce125666e2f46c6aaa10d8acd4375db1f2a561d11890c2dc05598e4929e7a7e665f0adf43a39906b37d7eedf27450298dc5b7f6e73b9d0825780e9255873cfe0b9608692825202f3db9a1b847dc1bbe375111432ee69a05aa3988c4df2a27be636b0f7709acdb8cc57a9ac33cb9652f8db552a8fce901189676454cc0fa848ed8e18649c4033c150d506a40dfbad0df9b381e007ced31413fe46883f38ea4d64e5279acda823c9f6c68ee6191b97a400b374a215d57c7bfac953604b623ea3fde9b6117bd17db7bf6246d582573572ce6906467428727b2949706cb41666f9a2f00f250f3b24ab04dda54c4047b804860cd2014e05e71c4e3835ed36b56bb08f49e26443f921834cbd51854b5fc876ed8b2fdc287f1dbe40921e427cbe83c0b56432b252b3e67d5416bc3d67f59a7392b2de325dbd6c5be8b520043418bf68747060af3573390ee58c0a711d91cefa2872a0e19955d2d5c7386794d81e64720cdba9d1e79b2447c23b04377cf10db6eb16af78e021f8bac6684f7a22623347b8be1dc4fa39718d06e45eafec1f9cc5a1746f596524d29449147b9e740da87573a24482a59ee2886a2798d6df7a9ca456d9c1c370f58e25dc08a0bc28171c6818c64ecac38ecf4aea8f54a1c5719798a0a9fdb2a1f4deba240596c15e26d4520f2b05817a32611fb92612efcdb1f57cd946dcecfc3efd67a118ce3c0cc6cee2f38fad48f8bf07a1ab139f7891b24dc3b57a5d551b16dc431cf27457c5adb1ee5f1d26866c69230f72245a257939ce4ef7f5bad51afc69b89f1a33dc9a279dbbd5e2f761ec3d1a7f8a68881ada2392a7ecc072cdb5e4b63fc725bfb4e19aa091c84ac907c48dc23d7fe81114690f6c1674a24d7afa885e005d2bc94d6154a8f41cebc493a319b263e2ae572ea16764cc24143d7c38a419f3d487cd74085fdf8d8f01faf1ebb727c67fd33ff01c45c99bea94b687611f3f3d3c02a3d6d971f682db17c1426e3eae4a8d75a4e477be6a15337de0ce9953a048b24ed410b16dca8526b91e99f2d5c63f8f2aa994bd0b24de15810b0d405d46850e0fbe4228a80f5a51f0d19a952ff8f43e200ee757946adfa66831c31e752af26b0e73dadad0664bad6b8bc93698de9ba563d7f6af0b1080576553aabeded44c58e2811e4be023614ef71aba003fa77e9644568414422c13b8b7f44567d34968b7c055cec045e421e1df34b6c6e77802fd28aafb14aa119e2ce826f186d23c02df9e3a9dc2fcd0217aa764903ed0f5b22709593142fbc83bb6eb1e22510f659b1912a28b3750cfd93c94b362ff71b2ff8fef08eb05d75a08003ff38457ce9cff0ee778080e70c7c6778476ae1295570178303a20c7d728d1a97a80a16456f974b2ccffc756ab0622d34132eb080ae0a73d00fec0304e236bf9861273bed57a0f440ac92d92657098706a13b09c32d5b0aca6d68dccb55c563423c452801345d4fceedc26fe740c8395e532f541ddb01571cfb0395c726906e5ab2e2dce0542f2913c35261d835d2fab5ce6cddd2ffe9d626bd25ec0415cfca81be416f90da748976480634ae3352fa365f0ecf46f74f47c4738f7811e19999c4f244fdda32a9505617070a8d69870ab537e835aa9e1ae3739c3a3c7914bc817258c8f9ca89994cc5ae5e358e0b79e2eae4cfa5f7b8ef003a12d7cbeca08bca9af627957b5b18a154fa3ea85a6691252c937b8021a0c1cd71ffbe1177a873c78b4ff612660a5a42d318dab7570cb45bd6e1e33cb26caec1309eb913ebb772a3700cd7b9f220ec52efa74f7200fdbb27de4880e2ad6abe9e283fad5635c015b3d36e184cfdb6001b3508dbfffb348277e057622913e6dc34aa1d353d568993ff176b3cc58f216625455d0719716f79fcff44511039444d22d3ac0e231325162b0a66a372b23b50cad10bdfb06cf9bbefd89a67936f201e578964bd807b5b2db87e5290f522f61d002e01213c7f759c70528185ad8ac3edff8dd682f7bc956efd5ff0e3d623ef63a90c8481f83eaf28acf31ef9ccf34172fd922df0a3584f4605612e3b4cda8d436b0697ffdb292ebfa8bde562950cfb8beb2c03ab884a734960a79bace9a4e2cebab11adceddf7abf1e3ed553e421c22ccbd8662d0974dac7230db807f4320c1d3feb58512f1fe94a3ceea63bced42119ea427e58ace7a17dbe26178dfdcb7c5aad15a9bf9563b2278efb3d4f42a26dcd841fd7145872894e1a1feb6ea898aa310903a792a0eeb8b6c812461cbd749994373532610cfca82e115e277f3e67da388dcf6586357a1dad1dcd4570669f0e451b3839e7ab05325dfe2c1ec369c7cc6fec444bd4a5c043958b0bada7aed1234d39fb3297e8630fe3f622355e6602baec00c2e0385a2d8e8f24ccccceb6d60cc58a673171850e0e7aa96b348d89a768cbe84598629ed6aa4a7d6470fd814429d508df950f10bdc3c8839a02e33dc8b54ce202340e38f2d17efe978fd15787bfc54257eb5655019bfc327707cf1d6dba0ff279379cbb14eebcb208dd5efead220d5852c3233ecf"], 0x30}}, 0x50) openat$smackfs_ipv6host(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) 5.315965094s ago: executing program 2 (id=4071): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f0000000300)=0x100000001, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r3, &(0x7f0000000340)='\b', 0x1, 0x0, 0x0, 0x0) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x0, 0x0, 0xfffffffffffffd25) 5.291444864s ago: executing program 1 (id=4072): sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004084) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = socket$inet6(0xa, 0x806, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) bind$inet6(r0, 0x0, 0x0) listen(r0, 0x3) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r6 = socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5, 0x12, r6, 0x5333b000) r7 = accept4(r0, 0x0, 0x0, 0x0) r8 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno', @ANYRESHEX]) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, 0x0) sendmmsg(r7, &(0x7f0000001500), 0x588, 0x3000000) 4.346974145s ago: executing program 6 (id=4073): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0xf15, 0x5b81, 0x0, 0x9, 0x9, 0x20000000c, 0x0, 0x0, 0xde}) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, 0x0, 0x0) fchown(r0, 0xee01, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000400)={0x129042, 0x2fe1c396d5455eea, 0x2}, 0x18) sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0xffffffffffffffb6, 0xa, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_ADT={0x48, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_PACKETS={0xc, 0x19, 0x1, 0x0, 0xe6}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x3}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5, 0x3, 0x4}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x8}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAME={0x9, 0x12, 'syz2\x00'}}]}, @IPSET_ATTR_ADT={0x4}]}, 0x60}}, 0x20000080) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r2, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) dup(r0) 3.336280907s ago: executing program 4 (id=4074): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() r1 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0003ce000000ab03bbf41da67ff8d0caf50829237808ff41b0afc0c15773e27809c290662befceaffcf005738ee626103fc1e000de57ac64b3baaeb5fcedc4142255cefa8e2b37bce2badfd2ef62b154aa153fab5475a564709154c923eba183c36a17ecdc2a869b5775380673062a5ad0846c2b0f6e5c2788c6c509d9f9550811aa0b950e11e09a706edd176f4d4d4bd453b0b1a6834cccf8b552f3654851a99d307bc5bfb3de3faaf9a213b5991a135f"]}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) semctl$IPC_INFO(0x0, 0x0, 0x3, &(0x7f0000000300)=""/100) socket$vsock_stream(0x28, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) unshare(0x2000680) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x0, 0xc8, 0x8, 0x1c0, 0x5803, 0x300, 0x2e8, 0x2e8, 0x300, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5"}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0x108, 0x140, 0x0, {}, [@common=@unspec=@quota={{0x38}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket(0x40000000015, 0x5, 0x0) connect$inet(r4, 0x0, 0x0) bind$inet(r4, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) socket(0x15, 0x5, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) 2.511011646s ago: executing program 1 (id=4075): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040), 0x4) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x1}, 0x8) sendto$inet(r0, &(0x7f0000000180)="ab9c", 0x34000, 0x4000814, &(0x7f0000000100)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e23, 0xb368, @private0, 0x10001}}, 0x8, 0x1000}, &(0x7f00000000c0)=0x90) 1.962199683s ago: executing program 2 (id=4076): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1800000040000900fffffffffddbdf250100"], 0x660}, 0x1, 0x0, 0x0, 0x8000}, 0x40010) 1.494766215s ago: executing program 6 (id=4077): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=@mpls_delroute={0x1c, 0x19, 0x1, 0x70bd25, 0x25dfdbfc, {0x1c, 0x20, 0x20, 0x6, 0xfc, 0x2, 0xfe}}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x20000840) 1.443253172s ago: executing program 5 (id=4078): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000400)={0x1c, r1, 0x1, 0x70bd2d, 0x4, {{}, {@void, @val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) (fail_nth: 4) 1.344070458s ago: executing program 2 (id=4079): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/5, 0x1c000, 0x800}, 0x20) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f00000000c0)=0x40, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000280)=0x20, 0x4) bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x0, r2, 0x2}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x46700) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, 0x0, 0x0) r6 = landlock_create_ruleset(&(0x7f0000000000)={0x8498, 0x2, 0x1}, 0x18, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, 0x0) socket$netlink(0x10, 0x3, 0x14) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000380)={0x1f, 0x0, @none, 0x1}, 0xe) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c0000000203010100001400000000000700000008000540000000080800044000000024080001000100001f"], 0x2c}, 0x1, 0x0, 0x0, 0xddfbe4014c7178d9}, 0x0) socket$xdp(0x2c, 0x3, 0x0) 1.300076047s ago: executing program 6 (id=4080): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x13, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x40}}], {}, {{0x9, 0x5, 0x3, 0x2, 0x240}}}}}]}}]}}, 0x0) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x14, 0x0, 0x1}, 0x14}}, 0x0) 1.239092641s ago: executing program 5 (id=4081): syz_usb_connect(0x600, 0x24, &(0x7f0000000940)={{0x12, 0x1, 0x0, 0x21, 0x27, 0x57, 0x10, 0xb57, 0x2bbd, 0xe7cc, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x2}}]}}]}}, 0x0) 1.076823015s ago: executing program 4 (id=4082): socket$nl_netfilter(0x10, 0x3, 0xc) connect$inet6(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x0) mkdir(0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)={@desc={0x4000, 0x0, @desc3}}) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x109000) r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r4, 0x0, 0x0, 0x9, 0x0, [0x0], [0xff, 0x0, 0x39a], [], [0x100000001]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6}) 606.603748ms ago: executing program 1 (id=4083): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x10) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$kvm(0xffffffffffffff9c, 0x0, 0x670ac1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001500)) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1100000004000000032000000c0000000803", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/11], 0x50) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d0df91b5b090987f70906d038e7ff7fc6e5539b0d3d0e8b089b32346d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 111.416238ms ago: executing program 2 (id=4084): ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f00000001c0)=0x8000000) r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f0000000140)={&(0x7f0000000080)=@id={0x1e, 0x3, 0x0, {0x4e24}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000640)='\t', 0x1}], 0x1}, 0x800) recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)=""/130, 0x82}], 0x1, &(0x7f0000000340)=""/205, 0xcd}}], 0x1, 0x0, 0x0) r1 = socket$phonet(0x23, 0x2, 0x1) sendto$phonet(r1, &(0x7f0000000040)="0bbab5943069427e115d649869c6dc499dfff39b58af73235d3daf66b4916a072f95455507dfdf30054fb84a85037599beed58978b3b85430e9d6ec6b05811b44ad9fc49ced50b230b6f78a9a8310d0324faf93659f545a45c8a755fd12c529a52f5ac0b8d015b414499767a826fd78d85a3a72f5c42902cc7ba1f1d8bfafaaa8f280a96c45295bb75d4880719c48ffa59434adf3716f93225b92e1dbc1ca5004499de14e9d16ac51b2c65d28568b4397b1721", 0xffffffffffffffe0, 0x4000, &(0x7f0000000100), 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="30dd89004a00010000000000000000000a00806e0800000000000000140001800800bf00269b0000e92f54d1a98c2dd2"], 0x30}}, 0x0) syz_emit_ethernet(0x2f, &(0x7f0000000240)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800450c0021000000ac1414bbac1414aa08009078000f00073edefe66cb2853e6954056c3c2228eaddd84406d03cb05b5a74460f9ffb27a5b63466198fece3f2e37638a5e9a86319a2ff138279361bf03cddc1a7f383e8ceb13ebf3396fbc18d64c7f4e36ca2771522d1d49da0a7d132b8c73385c76f8e2d98337176d2e5999b249d979eea8dc4bde4f5e6db1af0971f825088a291202a194c6cd49445c1bde9611a4070b1cc2d470ef8c1efdbb6d5a42305f80947cdfb90c54a050340000000000e378f3048a2c17f757f40c6f2fb3a84caa390c955c9acdcdad01d4d0cf8daa2fa007c6f736749c1d34872eeba8d0fc709a1ac2747172641c961cc6e9962887854c391efa5f83a70e4b513b69b76a5d956e80e9bfa20b45b852cf9d7a84a525a26d5013ebb1fdda52f06b91d0f99cfcc440af9bd66f35ab617a093d52c31d4bfc934add8b94b6f081528a30ffe5c68a44e2ea084cf5978b72c41c1e88cc02f9d9ff0ad84cf7bfddc2543ffc6871fe5ba81c52ea20baface46789204e9ae47fc5f5defc7bcd231572257bdecb7923ba105d9e35ada8c61f1187af23df16f807281df416e761b18643d53aa5dc55ec987e18b95d8f2fe1efa58127f441dea800bb870366d54"], 0x0) r3 = getpid() r4 = socket(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) fstat(r1, &(0x7f0000000440)) sendmsg$BATADV_CMD_SET_HARDIF(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="01000000f40700aea60008000300000000003f87cad47b808ed4e181026eeebe4f6d1dfcee254365fa01d55dc45904845cec944d7606993a791b9f9ebce63975a1ad5f2ecc4856165efe48104a93158640daaa70cf1ef8", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x17, 0x2, {{0x0, 0xffffffff, 0x0, 0x0, 0xffffffff}, 0x22000, 0x0, 0xffffffff, 0x8, 0x101, 0x3, 0xfe, 0x0, 0x0, 0x0, {0x4, 0x6, 0xfffffffd}}}}]}, 0x78}}, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) capset(&(0x7f0000000000)={0x19980330, r3}, &(0x7f0000000140)={0x4, 0x8, 0x5, 0x2, 0xc3, 0x28000}) 0s ago: executing program 4 (id=4085): sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4004084) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = socket$inet6(0xa, 0x806, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) bind$inet6(r0, 0x0, 0x0) listen(r0, 0x3) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r6 = socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5, 0x12, r6, 0x5333b000) r7 = accept4(r0, 0x0, 0x0, 0x0) r8 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno', @ANYRESHEX]) ioctl$VT_GETMODE(0xffffffffffffffff, 0x5601, 0x0) sendmmsg(r7, &(0x7f0000001500), 0x588, 0x3000000) kernel console output (not intermixed with test programs): 98505][T18714] R13: 0000000000000000 R14: 00007f0b547a6160 R15: 00007fff545d5638 [ 1633.198524][T18714] [ 1633.198567][T18714] Mem-Info: [ 1633.467351][T18714] active_anon:3329 inactive_anon:25338 isolated_anon:0 [ 1633.467351][T18714] active_file:18141 inactive_file:41145 isolated_file:0 [ 1633.467351][T18714] unevictable:768 dirty:389 writeback:0 [ 1633.467351][T18714] slab_reclaimable:11156 slab_unreclaimable:104055 [ 1633.467351][T18714] mapped:42938 shmem:25627 pagetables:944 [ 1633.467351][T18714] sec_pagetables:0 bounce:0 [ 1633.467351][T18714] kernel_misc_reclaimable:0 [ 1633.467351][T18714] free:1278360 free_pcp:7244 free_cma:0 [ 1633.513203][T18714] Node 0 active_anon:13316kB inactive_anon:101352kB active_file:72492kB inactive_file:164580kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:171752kB dirty:1556kB writeback:0kB shmem:100972kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10936kB pagetables:3776kB sec_pagetables:0kB all_unreclaimable? no [ 1633.546301][T18714] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1633.577245][T18714] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1633.604385][T18714] lowmem_reserve[]: 0 2490 2490 0 0 [ 1633.609672][T18714] Node 0 DMA32 free:1208416kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:13284kB inactive_anon:101400kB active_file:72224kB inactive_file:164528kB unevictable:1536kB writepending:1556kB present:3129332kB managed:2550364kB mlocked:0kB bounce:0kB free_pcp:14400kB local_pcp:1332kB free_cma:0kB [ 1633.640966][T18714] lowmem_reserve[]: 0 0 0 0 0 [ 1633.698129][T18714] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:276kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:368kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1633.725385][T18714] lowmem_reserve[]: 0 0 0 0 0 [ 1633.730155][T18714] Node 1 Normal free:3889684kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:14532kB local_pcp:11624kB free_cma:0kB [ 1633.760184][T18714] lowmem_reserve[]: 0 0 0 0 0 [ 1633.764991][T18714] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1633.777788][T18714] Node 0 DMA32: 289*4kB (UME) 363*8kB (UE) 100*16kB (UE) 683*32kB (UME) 421*64kB (UME) 93*128kB (UME) 39*256kB (UME) 17*512kB (U) 13*1024kB (UM) 8*2048kB (UM) 269*4096kB (UM) = 1216572kB [ 1633.796603][T18714] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1633.808403][T18714] Node 1 Normal: 243*4kB (UME) 89*8kB (UME) 70*16kB (UME) 213*32kB (UME) 32*64kB (UME) 37*128kB (UME) 30*256kB (UME) 20*512kB (UM) 13*1024kB (UM) 4*2048kB (UE) 936*4096kB (UM) = 3889684kB [ 1633.827218][T18714] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1633.836835][T18714] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1633.846213][T18714] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1633.856334][T18714] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1633.865759][T18714] 84851 total pagecache pages [ 1633.871004][T18714] 0 pages in swap cache [ 1633.875217][T18714] Free swap = 124756kB [ 1633.879389][T18714] Total swap = 124996kB [ 1633.883569][T18714] 2097051 pages RAM [ 1633.887488][T18714] 0 pages HighMem/MovableOnly [ 1633.892184][T18714] 427736 pages reserved [ 1633.896428][T18714] 0 pages cma reserved [ 1635.381820][ T5832] Bluetooth: hci1: command 0x0406 tx timeout [ 1637.324685][T12687] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 1637.514687][T12687] usb 10-1: Using ep0 maxpacket: 16 [ 1637.553436][T12687] usb 10-1: config index 0 descriptor too short (expected 16456, got 72) [ 1637.611549][T12687] usb 10-1: config 0 has an invalid interface number: 125 but max is 1 [ 1637.664876][T12687] usb 10-1: config 0 has an invalid interface number: 125 but max is 1 [ 1637.711840][T12687] usb 10-1: config 0 has an invalid interface number: 125 but max is 1 [ 1637.751302][T12687] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1637.807228][T12687] usb 10-1: config 0 has no interface number 0 [ 1637.869304][T12687] usb 10-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1637.949694][T12687] usb 10-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1638.002109][T12687] usb 10-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1638.046398][T12687] usb 10-1: config 0 interface 125 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1638.124600][T12687] usb 10-1: config 0 interface 125 altsetting 190 has 0 endpoint descriptors, different from the interface descriptor's value: 13 [ 1638.192902][T12687] usb 10-1: config 0 interface 125 has no altsetting 1 [ 1638.240438][T12687] usb 10-1: config 0 interface 125 has no altsetting 2 [ 1638.272226][T12687] usb 10-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1638.305596][T12687] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1638.351161][T12687] usb 10-1: Product: syz [ 1638.364505][T12687] usb 10-1: Manufacturer: syz [ 1638.397367][T12687] usb 10-1: SerialNumber: syz [ 1638.448038][T12687] usb 10-1: config 0 descriptor?? [ 1638.476600][T12687] usb 10-1: selecting invalid altsetting 2 [ 1638.669693][T18763] bridge_slave_0: left allmulticast mode [ 1638.697419][T18763] bridge_slave_0: left promiscuous mode [ 1638.703443][T18763] bridge0: port 1(bridge_slave_0) entered disabled state [ 1638.791582][T18763] bridge_slave_1: left allmulticast mode [ 1638.808083][T18763] bridge_slave_1: left promiscuous mode [ 1638.836514][T18763] bridge0: port 2(bridge_slave_1) entered disabled state [ 1638.914245][T18763] bond0: (slave bond_slave_0): Releasing backup interface [ 1638.948796][T18770] FAULT_INJECTION: forcing a failure. [ 1638.948796][T18770] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1638.981140][T18763] bond0: (slave bond_slave_1): Releasing backup interface [ 1639.013772][T18770] CPU: 0 UID: 0 PID: 18770 Comm: syz.8.3280 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1639.013802][T18770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1639.013814][T18770] Call Trace: [ 1639.013820][T18770] [ 1639.013828][T18770] dump_stack_lvl+0x241/0x360 [ 1639.013853][T18770] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1639.013874][T18770] ? __pfx__printk+0x10/0x10 [ 1639.013908][T18770] should_fail_ex+0x40a/0x550 [ 1639.013935][T18770] _copy_from_user+0x2d/0xb0 [ 1639.013957][T18770] memdup_user_nul+0x6c/0x100 [ 1639.013977][T18770] device_write+0x80/0xf20 [ 1639.013995][T18770] ? rw_verify_area+0x243/0x630 [ 1639.014014][T18770] ? __pfx_device_write+0x10/0x10 [ 1639.014032][T18770] vfs_write+0x29f/0xd10 [ 1639.014054][T18770] ? __mutex_unlock_slowpath+0x227/0x800 [ 1639.014080][T18770] ? __pfx_vfs_write+0x10/0x10 [ 1639.014096][T18770] ? do_sys_openat2+0x17a/0x1d0 [ 1639.014116][T18770] ? __fget_files+0x2a/0x410 [ 1639.014133][T18770] ? __fget_files+0x395/0x410 [ 1639.014149][T18770] ? __fget_files+0x2a/0x410 [ 1639.014173][T18770] ksys_write+0x18f/0x2b0 [ 1639.014194][T18770] ? __pfx_ksys_write+0x10/0x10 [ 1639.014214][T18770] ? do_syscall_64+0x100/0x230 [ 1639.014238][T18770] ? do_syscall_64+0xb6/0x230 [ 1639.014261][T18770] do_syscall_64+0xf3/0x230 [ 1639.014281][T18770] ? clear_bhb_loop+0x35/0x90 [ 1639.014305][T18770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1639.014325][T18770] RIP: 0033:0x7fdb0678d169 [ 1639.014340][T18770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1639.014354][T18770] RSP: 002b:00007fdb07664038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1639.014373][T18770] RAX: ffffffffffffffda RBX: 00007fdb069a5fa0 RCX: 00007fdb0678d169 [ 1639.014385][T18770] RDX: 0000000000000068 RSI: 0000400000001380 RDI: 0000000000000003 [ 1639.014395][T18770] RBP: 00007fdb07664090 R08: 0000000000000000 R09: 0000000000000000 [ 1639.014406][T18770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1639.014415][T18770] R13: 0000000000000000 R14: 00007fdb069a5fa0 R15: 00007ffdae969c28 [ 1639.014436][T18770] [ 1639.567264][T18763] team0: Port device team_slave_0 removed [ 1639.616638][T18763] team0: Port device team_slave_1 removed [ 1639.623130][T18776] FAULT_INJECTION: forcing a failure. [ 1639.623130][T18776] name failslab, interval 1, probability 0, space 0, times 0 [ 1639.642468][T18763] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1639.657739][T18763] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1639.669016][T18776] CPU: 0 UID: 0 PID: 18776 Comm: syz.8.3281 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1639.669042][T18776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1639.669052][T18776] Call Trace: [ 1639.669059][T18776] [ 1639.669068][T18776] dump_stack_lvl+0x241/0x360 [ 1639.669091][T18776] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1639.669106][T18776] ? __pfx__printk+0x10/0x10 [ 1639.669129][T18776] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 1639.669155][T18776] ? __pfx___might_resched+0x10/0x10 [ 1639.669179][T18776] should_fail_ex+0x40a/0x550 [ 1639.669204][T18776] should_failslab+0xac/0x100 [ 1639.669227][T18776] kmem_cache_alloc_node_noprof+0x77/0x380 [ 1639.669251][T18776] ? __alloc_skb+0x1c3/0x440 [ 1639.669276][T18776] __alloc_skb+0x1c3/0x440 [ 1639.669302][T18776] ? __pfx___alloc_skb+0x10/0x10 [ 1639.669325][T18776] ? netlink_autobind+0xd6/0x2f0 [ 1639.669341][T18776] ? netlink_autobind+0x2b0/0x2f0 [ 1639.669363][T18776] netlink_sendmsg+0x634/0xcb0 [ 1639.669392][T18776] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1639.669419][T18776] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1639.669434][T18776] __sock_sendmsg+0x221/0x270 [ 1639.669464][T18776] ____sys_sendmsg+0x53a/0x860 [ 1639.669494][T18776] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1639.669515][T18776] ? __fget_files+0x2a/0x410 [ 1639.669534][T18776] ? __fget_files+0x2a/0x410 [ 1639.669559][T18776] __sys_sendmsg+0x269/0x350 [ 1639.669586][T18776] ? __pfx___sys_sendmsg+0x10/0x10 [ 1639.669620][T18776] ? do_sys_openat2+0x17a/0x1d0 [ 1639.669661][T18776] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1639.669684][T18776] ? do_syscall_64+0x100/0x230 [ 1639.669708][T18776] ? do_syscall_64+0xb6/0x230 [ 1639.669730][T18776] do_syscall_64+0xf3/0x230 [ 1639.669751][T18776] ? clear_bhb_loop+0x35/0x90 [ 1639.669775][T18776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1639.669795][T18776] RIP: 0033:0x7fdb0678d169 [ 1639.669810][T18776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1639.669824][T18776] RSP: 002b:00007fdb07664038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1639.669840][T18776] RAX: ffffffffffffffda RBX: 00007fdb069a5fa0 RCX: 00007fdb0678d169 [ 1639.669850][T18776] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000003 [ 1639.669859][T18776] RBP: 00007fdb07664090 R08: 0000000000000000 R09: 0000000000000000 [ 1639.669867][T18776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1639.669875][T18776] R13: 0000000000000000 R14: 00007fdb069a5fa0 R15: 00007ffdae969c28 [ 1639.669895][T18776] [ 1639.671972][T18763] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1639.951111][T18778] FAULT_INJECTION: forcing a failure. [ 1639.951111][T18778] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1639.975223][T18763] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1640.004539][T18778] CPU: 0 UID: 0 PID: 18778 Comm: syz.8.3282 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1640.004566][T18778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1640.004576][T18778] Call Trace: [ 1640.004582][T18778] [ 1640.004589][T18778] dump_stack_lvl+0x241/0x360 [ 1640.004613][T18778] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1640.004628][T18778] ? __pfx__printk+0x10/0x10 [ 1640.004654][T18778] ? snprintf+0xda/0x120 [ 1640.004673][T18778] should_fail_ex+0x40a/0x550 [ 1640.004699][T18778] _copy_to_user+0x31/0xb0 [ 1640.004728][T18778] simple_read_from_buffer+0xca/0x150 [ 1640.004756][T18778] proc_fail_nth_read+0x1e9/0x250 [ 1640.004784][T18778] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1640.004810][T18778] ? rw_verify_area+0x243/0x630 [ 1640.004829][T18778] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1640.004854][T18778] vfs_read+0x1f8/0xb40 [ 1640.004874][T18778] ? fdget_pos+0x254/0x320 [ 1640.004892][T18778] ? __pfx___mutex_lock+0x10/0x10 [ 1640.004913][T18778] ? __pfx_vfs_read+0x10/0x10 [ 1640.004935][T18778] ? __fget_files+0x2a/0x410 [ 1640.004953][T18778] ? __fget_files+0x395/0x410 [ 1640.004968][T18778] ? __fget_files+0x2a/0x410 [ 1640.004993][T18778] ksys_read+0x18f/0x2b0 [ 1640.005014][T18778] ? __pfx_ksys_read+0x10/0x10 [ 1640.005034][T18778] ? do_syscall_64+0x100/0x230 [ 1640.005057][T18778] ? do_syscall_64+0xb6/0x230 [ 1640.005080][T18778] do_syscall_64+0xf3/0x230 [ 1640.005100][T18778] ? clear_bhb_loop+0x35/0x90 [ 1640.005125][T18778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1640.005144][T18778] RIP: 0033:0x7fdb0678bb7c [ 1640.005159][T18778] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1640.005176][T18778] RSP: 002b:00007fdb07664030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1640.005195][T18778] RAX: ffffffffffffffda RBX: 00007fdb069a5fa0 RCX: 00007fdb0678bb7c [ 1640.005207][T18778] RDX: 000000000000000f RSI: 00007fdb076640a0 RDI: 0000000000000004 [ 1640.005218][T18778] RBP: 00007fdb07664090 R08: 0000000000000000 R09: 0000000000000010 [ 1640.005228][T18778] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001 [ 1640.005238][T18778] R13: 0000000000000000 R14: 00007fdb069a5fa0 R15: 00007ffdae969c28 [ 1640.005265][T18778] [ 1640.481810][ T9416] usb 10-1: USB disconnect, device number 4 [ 1640.496287][ T5832] Bluetooth: hci6: command 0x0406 tx timeout [ 1640.697050][T18782] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3284'. [ 1641.004614][T12687] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 1641.173811][T12687] usb 10-1: Using ep0 maxpacket: 32 [ 1641.191190][T12687] usb 10-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1641.201493][T12687] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1641.223215][T12687] usb 10-1: config 0 descriptor?? [ 1641.244267][T12687] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1641.463881][T18796] 9pnet_fd: Insufficient options for proto=fd [ 1641.598686][T18795] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3288'. [ 1641.905061][T12687] gspca_nw80x: reg_r err -71 [ 1641.909775][T12687] nw80x 10-1:0.0: probe with driver nw80x failed with error -71 [ 1642.112182][T18803] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3289'. [ 1642.633433][T12687] usb 10-1: USB disconnect, device number 5 [ 1643.924665][ T3700] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 1644.114673][ T3700] usb 10-1: Using ep0 maxpacket: 16 [ 1644.130857][ T3700] usb 10-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 1645.092892][ T3700] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1645.137743][ T3700] usb 10-1: Product: syz [ 1645.452377][ T3700] usb 10-1: Manufacturer: syz [ 1645.457601][ T3700] usb 10-1: SerialNumber: syz [ 1645.525784][ T3700] usb 10-1: config 0 descriptor?? [ 1645.535559][ T3700] usbhid 10-1:0.0: couldn't find an input interrupt endpoint [ 1645.776177][T18824] 9pnet_fd: Insufficient options for proto=fd [ 1645.875892][T12687] usb 10-1: USB disconnect, device number 6 [ 1646.360830][T18841] syz.8.3301: attempt to access beyond end of device [ 1646.360830][T18841] nbd8: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1646.378053][T18841] hpfs: hpfs_map_sector(): read error [ 1647.717036][T18848] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 1649.248059][T18854] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1649.275983][T18875] »»»»»»: entered allmulticast mode [ 1649.984636][T10393] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 1650.166084][T10393] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 1650.176462][T18883] dlm: no local IP address has been set [ 1650.183246][T18883] dlm: cannot start dlm midcomms -107 [ 1650.183848][T10393] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 1650.199968][T10393] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1650.209235][T10393] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1650.221252][T10393] usb 7-1: config 0 descriptor?? [ 1650.574006][T10393] ath6kl: Failed to submit usb control message: -71 [ 1650.590670][T10393] ath6kl: unable to send the bmi data to the device: -71 [ 1650.599335][T10393] ath6kl: Unable to send get target info: -71 [ 1650.965252][T10393] ath6kl: Failed to init ath6kl core: -71 [ 1650.981655][T10393] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1651.151568][T10393] usb 7-1: USB disconnect, device number 16 [ 1651.313538][ C0] Unknown status report in ack skb [ 1652.817252][T18915] gfs2: gfs2 mount does not exist [ 1653.787418][T18930] FAULT_INJECTION: forcing a failure. [ 1653.787418][T18930] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1653.814572][T18930] CPU: 1 UID: 0 PID: 18930 Comm: syz.8.3328 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1653.814599][T18930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1653.814609][T18930] Call Trace: [ 1653.814616][T18930] [ 1653.814625][T18930] dump_stack_lvl+0x241/0x360 [ 1653.814646][T18930] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1653.814662][T18930] ? __pfx__printk+0x10/0x10 [ 1653.814682][T18930] ? validate_chain+0x11e/0x5920 [ 1653.814705][T18930] should_fail_ex+0x40a/0x550 [ 1653.814729][T18930] prepare_alloc_pages+0x1da/0x5b0 [ 1653.814758][T18930] __alloc_frozen_pages_noprof+0x16f/0x710 [ 1653.814781][T18930] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1653.814813][T18930] ? __pfx_lock_acquire+0x10/0x10 [ 1653.814837][T18930] alloc_pages_mpol+0x311/0x660 [ 1653.814862][T18930] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1653.814892][T18930] vma_alloc_folio_noprof+0x12b/0x260 [ 1653.814918][T18930] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1653.814950][T18930] folio_prealloc+0x2e/0x170 [ 1653.814970][T18930] __handle_mm_fault+0x3e4b/0x70f0 [ 1653.815014][T18930] ? __pfx___handle_mm_fault+0x10/0x10 [ 1653.815044][T18930] ? mt_find+0x2a9/0x920 [ 1653.815064][T18930] ? __pfx_lock_release+0x10/0x10 [ 1653.815096][T18930] ? mt_find+0x2a9/0x920 [ 1653.815116][T18930] ? mt_find+0x6c8/0x920 [ 1653.815143][T18930] ? __pfx_mt_find+0x10/0x10 [ 1653.815181][T18930] ? find_vma+0xf9/0x170 [ 1653.815198][T18930] ? __pfx_find_vma+0x10/0x10 [ 1653.815218][T18930] handle_mm_fault+0x2c1/0x7e0 [ 1653.815245][T18930] exc_page_fault+0x2b9/0x8b0 [ 1653.815265][T18930] ? __might_fault+0xaa/0x120 [ 1653.815285][T18930] asm_exc_page_fault+0x26/0x30 [ 1653.815305][T18930] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 1653.815322][T18930] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 1653.815335][T18930] RSP: 0018:ffffc90004a57508 EFLAGS: 00050202 [ 1653.815351][T18930] RAX: ffffffff84ed7001 RBX: 0000400000001023 RCX: 0000000000000023 [ 1653.815362][T18930] RDX: 0000000000000000 RSI: ffffc90004a57900 RDI: 0000400000001000 [ 1653.815373][T18930] RBP: ffffc90004a57cf0 R08: ffffc90004a57922 R09: 1ffff9200094af24 [ 1653.815384][T18930] R10: dffffc0000000000 R11: fffff5200094af25 R12: 0000000000000063 [ 1653.815395][T18930] R13: 00007ffffffff000 R14: ffffc90004a578c0 R15: 0000400000000fc0 [ 1653.815414][T18930] ? _copy_to_user+0x61/0xb0 [ 1653.815440][T18930] _copy_to_user+0x8b/0xb0 [ 1653.815460][T18930] mptcp_getsockopt+0x1bba/0x20d0 [ 1653.815490][T18930] ? mark_lock+0x9a/0x360 [ 1653.815524][T18930] ? __pfx_mptcp_getsockopt+0x10/0x10 [ 1653.815546][T18930] ? __lock_acquire+0x1397/0x2100 [ 1653.815571][T18930] ? __pfx_validate_chain+0x10/0x10 [ 1653.815605][T18930] ? validate_chain+0x11e/0x5920 [ 1653.815621][T18930] ? __pfx_lock_acquire+0x10/0x10 [ 1653.815642][T18930] ? __pfx_validate_chain+0x10/0x10 [ 1653.815658][T18930] ? __pfx_lock_release+0x10/0x10 [ 1653.815681][T18930] ? unwind_next_frame+0x18e6/0x22d0 [ 1653.815707][T18930] ? __pfx_validate_chain+0x10/0x10 [ 1653.815725][T18930] ? __pfx_validate_chain+0x10/0x10 [ 1653.815762][T18930] ? __lock_acquire+0x1397/0x2100 [ 1653.815793][T18930] ? mark_lock+0x9a/0x360 [ 1653.815819][T18930] ? __lock_acquire+0x1397/0x2100 [ 1653.815873][T18930] ? __pfx___might_resched+0x10/0x10 [ 1653.815893][T18930] ? __might_fault+0xaa/0x120 [ 1653.815911][T18930] ? __pfx_lock_release+0x10/0x10 [ 1653.815940][T18930] ? __might_fault+0xaa/0x120 [ 1653.815960][T18930] ? sock_common_getsockopt+0x2e/0xb0 [ 1653.815979][T18930] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1653.816000][T18930] do_sock_getsockopt+0x38e/0x740 [ 1653.816028][T18930] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1653.816048][T18930] ? __fget_files+0x2a/0x410 [ 1653.816067][T18930] ? __fget_files+0x395/0x410 [ 1653.816081][T18930] ? __fget_files+0x2a/0x410 [ 1653.816104][T18930] __x64_sys_getsockopt+0x2a1/0x370 [ 1653.816133][T18930] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 1653.816156][T18930] ? do_syscall_64+0x100/0x230 [ 1653.816179][T18930] ? do_syscall_64+0xb6/0x230 [ 1653.816201][T18930] do_syscall_64+0xf3/0x230 [ 1653.816221][T18930] ? clear_bhb_loop+0x35/0x90 [ 1653.816244][T18930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1653.816264][T18930] RIP: 0033:0x7fdb0678d169 [ 1653.816278][T18930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1653.816291][T18930] RSP: 002b:00007fdb07664038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1653.816308][T18930] RAX: ffffffffffffffda RBX: 00007fdb069a5fa0 RCX: 00007fdb0678d169 [ 1653.816321][T18930] RDX: 0000000000000004 RSI: 000000000000011c RDI: 0000000000000003 [ 1653.816331][T18930] RBP: 00007fdb07664090 R08: 0000400000000000 R09: 0000000000000000 [ 1653.816342][T18930] R10: 0000400000000fc0 R11: 0000000000000246 R12: 0000000000000001 [ 1653.816353][T18930] R13: 0000000000000000 R14: 00007fdb069a5fa0 R15: 00007ffdae969c28 [ 1653.816388][T18930] [ 1654.305667][ C1] vkms_vblank_simulate: vblank timer overrun [ 1654.391712][ T29] audit: type=1326 audit(1740723794.884:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1654.466548][ T29] audit: type=1326 audit(1740723794.884:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1654.553114][ T29] audit: type=1326 audit(1740723794.884:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1654.626133][ T29] audit: type=1326 audit(1740723794.884:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1654.679184][T18952] FAULT_INJECTION: forcing a failure. [ 1654.679184][T18952] name failslab, interval 1, probability 0, space 0, times 0 [ 1654.680310][T18952] CPU: 0 UID: 0 PID: 18952 Comm: syz.1.3336 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1654.680333][T18952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1654.680343][T18952] Call Trace: [ 1654.680350][T18952] [ 1654.680358][T18952] dump_stack_lvl+0x241/0x360 [ 1654.680383][T18952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1654.680399][T18952] ? __pfx__printk+0x10/0x10 [ 1654.680422][T18952] should_fail_ex+0x40a/0x550 [ 1654.680439][T18952] should_failslab+0xac/0x100 [ 1654.680454][T18952] ? xfrm_state_alloc+0x26/0x320 [ 1654.680472][T18952] kmem_cache_alloc_noprof+0x70/0x380 [ 1654.680491][T18952] xfrm_state_alloc+0x26/0x320 [ 1654.680503][T18952] xfrm_state_find+0x3dd7/0x5fe0 [ 1654.680527][T18952] ? xfrm_state_find+0x2cd/0x5fe0 [ 1654.680539][T18952] ? __pfx_xfrm_state_find+0x10/0x10 [ 1654.680550][T18952] ? __pfx_lock_acquire+0x10/0x10 [ 1654.680566][T18952] ? __pfx_validate_chain+0x10/0x10 [ 1654.680587][T18952] xfrm_resolve_and_create_bundle+0x7a4/0x3240 [ 1654.680619][T18952] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 1654.680637][T18952] ? __pfx_lock_acquire+0x10/0x10 [ 1654.680649][T18952] ? xfrm_sk_policy_lookup+0x93/0x840 [ 1654.680673][T18952] ? xfrm_sk_policy_lookup+0x7ef/0x840 [ 1654.680687][T18952] ? xfrm_sk_policy_lookup+0x93/0x840 [ 1654.680703][T18952] ? __pfx_lock_release+0x10/0x10 [ 1654.680717][T18952] ? xfrm_expand_policies+0x3fb/0x690 [ 1654.680733][T18952] xfrm_lookup_with_ifid+0x368/0x1fa0 [ 1654.680751][T18952] ? ip_route_output_key_hash+0x226/0x2b0 [ 1654.680763][T18952] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 1654.680775][T18952] ? ip_route_output_key_hash+0xdf/0x2b0 [ 1654.680786][T18952] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 1654.680800][T18952] ? rcuref_put+0x1e3/0x240 [ 1654.680819][T18952] xfrm_lookup_route+0x3c/0x1c0 [ 1654.680833][T18952] tcp_v4_connect+0x737/0x1ba0 [ 1654.680857][T18952] ? __pfx_tcp_v4_connect+0x10/0x10 [ 1654.680870][T18952] ? __pfx_lock_release+0x10/0x10 [ 1654.680881][T18952] ? ip4_string+0xd5/0xb90 [ 1654.680892][T18952] ? tcp_v6_connect+0x6b1/0x1e50 [ 1654.680907][T18952] tcp_v6_connect+0xe93/0x1e50 [ 1654.680925][T18952] ? __pfx_tcp_v6_connect+0x10/0x10 [ 1654.680948][T18952] ? mark_lock+0x9a/0x360 [ 1654.680963][T18952] __inet_stream_connect+0x262/0xf30 [ 1654.680977][T18952] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1654.680993][T18952] ? __local_bh_enable_ip+0x168/0x200 [ 1654.681003][T18952] ? lockdep_hardirqs_on+0x99/0x150 [ 1654.681016][T18952] ? __pfx___inet_stream_connect+0x10/0x10 [ 1654.681026][T18952] ? __local_bh_enable_ip+0x168/0x200 [ 1654.681037][T18952] ? inet_stream_connect+0x50/0xa0 [ 1654.681048][T18952] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1654.681064][T18952] inet_stream_connect+0x65/0xa0 [ 1654.681078][T18952] __sys_connect+0x288/0x2d0 [ 1654.681091][T18952] ? __fget_files+0x2a/0x410 [ 1654.681101][T18952] ? __pfx___sys_connect+0x10/0x10 [ 1654.681120][T18952] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1654.681133][T18952] ? do_syscall_64+0x100/0x230 [ 1654.681152][T18952] __x64_sys_connect+0x7a/0x90 [ 1654.681173][T18952] do_syscall_64+0xf3/0x230 [ 1654.681192][T18952] ? clear_bhb_loop+0x35/0x90 [ 1654.681217][T18952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1654.681236][T18952] RIP: 0033:0x7f0b5458d169 [ 1654.681250][T18952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1654.681264][T18952] RSP: 002b:00007f0b552fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1654.681282][T18952] RAX: ffffffffffffffda RBX: 00007f0b547a5fa0 RCX: 00007f0b5458d169 [ 1654.681293][T18952] RDX: 000000000000001c RSI: 0000400000000000 RDI: 0000000000000004 [ 1654.681303][T18952] RBP: 00007f0b552fe090 R08: 0000000000000000 R09: 0000000000000000 [ 1654.681313][T18952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1654.681323][T18952] R13: 0000000000000000 R14: 00007f0b547a5fa0 R15: 00007fff545d5638 [ 1654.681350][T18952] [ 1654.704528][ T29] audit: type=1326 audit(1740723794.884:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1654.723310][T18951] »»»»»» speed is unknown, defaulting to 1000 [ 1654.822208][ T29] audit: type=1326 audit(1740723794.884:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1655.179271][T18957] netlink: zone id is out of range [ 1655.179424][T18957] netlink: zone id is out of range [ 1655.179454][T18957] netlink: zone id is out of range [ 1655.179614][T18957] netlink: zone id is out of range [ 1655.179715][T18957] netlink: zone id is out of range [ 1655.179744][T18957] netlink: zone id is out of range [ 1655.179754][T18957] netlink: zone id is out of range [ 1655.180915][T18957] netlink: set zone limit has 8 unknown bytes [ 1655.197553][T18951] »»»»»» speed is unknown, defaulting to 1000 [ 1655.256624][ T29] audit: type=1326 audit(1740723794.884:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1655.418705][ T29] audit: type=1326 audit(1740723794.884:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1655.457014][ T29] audit: type=1326 audit(1740723794.884:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1655.521181][T18973] »»»»»»: entered allmulticast mode [ 1655.620215][ T29] audit: type=1326 audit(1740723794.884:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18931 comm="syz.5.3329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f98a7d8d169 code=0x7ffc0000 [ 1655.641792][ C1] vkms_vblank_simulate: vblank timer overrun [ 1656.955402][T18973] »»»»»»: left allmulticast mode [ 1657.254651][ T3700] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 1657.566547][ T3700] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1657.583748][ T3700] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1657.594160][ T3700] usb 7-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00 [ 1657.610033][ T3700] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1657.640324][ T3700] usb 7-1: config 0 descriptor?? [ 1658.273334][ T3700] pantherlord 0003:0F30:0111.0018: hidraw0: USB HID v0.03 Device [HID 0f30:0111] on usb-dummy_hcd.6-1/input0 [ 1658.295969][ T3700] pantherlord 0003:0F30:0111.0018: no output reports found [ 1658.587594][T19011] netlink: zone id is out of range [ 1658.593035][T19011] netlink: zone id is out of range [ 1659.179189][T19015] netlink: 'syz.8.3355': attribute type 3 has an invalid length. [ 1659.197381][T19015] netlink: 'syz.8.3355': attribute type 3 has an invalid length. [ 1660.809613][ T8] usb 7-1: USB disconnect, device number 17 [ 1660.840436][T19031] FAULT_INJECTION: forcing a failure. [ 1660.840436][T19031] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1660.840467][T19031] CPU: 0 UID: 0 PID: 19031 Comm: syz.1.3361 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1660.840488][T19031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1660.840498][T19031] Call Trace: [ 1660.840505][T19031] [ 1660.840513][T19031] dump_stack_lvl+0x241/0x360 [ 1660.840538][T19031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1660.840554][T19031] ? __pfx__printk+0x10/0x10 [ 1660.840579][T19031] ? __pfx_lock_release+0x10/0x10 [ 1660.840609][T19031] should_fail_ex+0x40a/0x550 [ 1660.840636][T19031] _copy_from_user+0x2d/0xb0 [ 1660.840655][T19031] move_addr_to_kernel+0x82/0x150 [ 1660.840676][T19031] copy_msghdr_from_user+0x43e/0x680 [ 1660.840702][T19031] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1660.840719][T19031] ? __fget_files+0x2a/0x410 [ 1660.840739][T19031] ? __fget_files+0x2a/0x410 [ 1660.840764][T19031] __sys_sendmsg+0x209/0x350 [ 1660.840792][T19031] ? __pfx___sys_sendmsg+0x10/0x10 [ 1660.840827][T19031] ? do_sys_openat2+0x17a/0x1d0 [ 1660.840868][T19031] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1660.840891][T19031] ? do_syscall_64+0x100/0x230 [ 1660.840914][T19031] ? do_syscall_64+0xb6/0x230 [ 1660.840937][T19031] do_syscall_64+0xf3/0x230 [ 1660.840958][T19031] ? clear_bhb_loop+0x35/0x90 [ 1660.840982][T19031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1660.841003][T19031] RIP: 0033:0x7f0b5458d169 [ 1660.841018][T19031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1660.841033][T19031] RSP: 002b:00007f0b552fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1660.841051][T19031] RAX: ffffffffffffffda RBX: 00007f0b547a5fa0 RCX: 00007f0b5458d169 [ 1660.841064][T19031] RDX: 0000000000000060 RSI: 0000400000000080 RDI: 0000000000000003 [ 1660.841075][T19031] RBP: 00007f0b552fe090 R08: 0000000000000000 R09: 0000000000000000 [ 1660.841086][T19031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1660.841096][T19031] R13: 0000000000000000 R14: 00007f0b547a5fa0 R15: 00007fff545d5638 [ 1660.841122][T19031] [ 1661.479700][T19034] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3360'. [ 1661.488812][T19034] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3360'. [ 1663.339943][T19053] SET target dimension over the limit! [ 1663.507370][T19058] nftables ruleset with unbound chain [ 1663.954734][ T5832] Bluetooth: hci6: unexpected event for opcode 0x0c7c [ 1664.496308][T19072] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3372'. [ 1664.987033][ T5832] Bluetooth: hci0: command 0x1003 tx timeout [ 1665.040023][T17757] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 1665.173739][T19076] bridge1: entered promiscuous mode [ 1665.213168][T19076] bridge1: entered allmulticast mode [ 1665.763832][T19086] 9pnet_fd: Insufficient options for proto=fd [ 1666.651460][T19090] block device autoloading is deprecated and will be removed. [ 1668.503347][T19119] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3382'. [ 1668.672598][T19116] team0: Mode changed to "broadcast" [ 1668.785740][T19124] x_tables: duplicate underflow at hook 1 [ 1669.480606][T19132] 9pnet_fd: Insufficient options for proto=fd [ 1670.674632][T18135] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 1670.834830][T18135] usb 9-1: Using ep0 maxpacket: 8 [ 1670.842402][T18135] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1670.859117][T18135] usb 9-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 1670.870208][T18135] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1670.901629][T18135] usb 9-1: config 0 descriptor?? [ 1670.989862][ T8] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1671.225581][ T8] usb 10-1: too many endpoints for config 0 interface 0 altsetting 3: 255, using maximum allowed: 30 [ 1671.325819][ T8] usb 10-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 1671.646923][T18135] steelseries 0003:1038:1410.0019: item fetching failed at offset 3/7 [ 1671.664235][ T8] usb 10-1: config 0 interface 0 has no altsetting 0 [ 1671.671737][T18135] steelseries 0003:1038:1410.0019: parse failed [ 1671.680447][ T8] usb 10-1: New USB device found, idVendor=05a4, idProduct=2000, bcdDevice= 0.00 [ 1671.691901][T18135] steelseries 0003:1038:1410.0019: probe with driver steelseries failed with error -22 [ 1671.796022][ T8] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1671.809953][ T8] usb 10-1: config 0 descriptor?? [ 1672.132140][T19148] syz.6.3396: attempt to access beyond end of device [ 1672.132140][T19148] loop13: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1672.170306][T19148] FAT-fs (loop13): unable to read boot sector [ 1672.463668][ T8] usbhid 10-1:0.0: can't add hid device: -71 [ 1672.470668][ T8] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 1672.484234][ T8] usb 10-1: USB disconnect, device number 7 [ 1673.715209][T10393] usb 9-1: USB disconnect, device number 7 [ 1676.508125][T19201] 9pnet_fd: Insufficient options for proto=fd [ 1677.905594][T19205] FAULT_INJECTION: forcing a failure. [ 1677.905594][T19205] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1677.924060][T19205] CPU: 0 UID: 0 PID: 19205 Comm: syz.9.3410 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1677.924100][T19205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1677.924112][T19205] Call Trace: [ 1677.924120][T19205] [ 1677.924129][T19205] dump_stack_lvl+0x241/0x360 [ 1677.924154][T19205] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1677.924172][T19205] ? __pfx__printk+0x10/0x10 [ 1677.924200][T19205] ? snprintf+0xda/0x120 [ 1677.924220][T19205] should_fail_ex+0x40a/0x550 [ 1677.924247][T19205] _copy_to_user+0x31/0xb0 [ 1677.924269][T19205] simple_read_from_buffer+0xca/0x150 [ 1677.924296][T19205] proc_fail_nth_read+0x1e9/0x250 [ 1677.924322][T19205] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1677.924348][T19205] ? rw_verify_area+0x243/0x630 [ 1677.924366][T19205] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1677.924391][T19205] vfs_read+0x1f8/0xb40 [ 1677.924413][T19205] ? fdget_pos+0x254/0x320 [ 1677.924429][T19205] ? __pfx___mutex_lock+0x10/0x10 [ 1677.924449][T19205] ? __pfx_vfs_read+0x10/0x10 [ 1677.924465][T19205] ? do_sys_openat2+0x17a/0x1d0 [ 1677.924482][T19205] ? __fget_files+0x2a/0x410 [ 1677.924501][T19205] ? __fget_files+0x395/0x410 [ 1677.924515][T19205] ? __fget_files+0x2a/0x410 [ 1677.924539][T19205] ksys_read+0x18f/0x2b0 [ 1677.924560][T19205] ? __pfx_ksys_read+0x10/0x10 [ 1677.924580][T19205] ? do_syscall_64+0x100/0x230 [ 1677.924602][T19205] ? do_syscall_64+0xb6/0x230 [ 1677.924625][T19205] do_syscall_64+0xf3/0x230 [ 1677.924645][T19205] ? clear_bhb_loop+0x35/0x90 [ 1677.924669][T19205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1677.924689][T19205] RIP: 0033:0x7fae7d58bb7c [ 1677.924704][T19205] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1677.924719][T19205] RSP: 002b:00007fae7e40c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1677.924738][T19205] RAX: ffffffffffffffda RBX: 00007fae7d7a5fa0 RCX: 00007fae7d58bb7c [ 1677.924750][T19205] RDX: 000000000000000f RSI: 00007fae7e40c0a0 RDI: 0000000000000004 [ 1677.924761][T19205] RBP: 00007fae7e40c090 R08: 0000000000000000 R09: 0000000000000000 [ 1677.924772][T19205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1677.924782][T19205] R13: 0000000000000000 R14: 00007fae7d7a5fa0 R15: 00007ffe546b5268 [ 1677.924808][T19205] [ 1678.713015][T19212] 9pnet_fd: Insufficient options for proto=fd [ 1679.849659][T19226] netlink: 8280 bytes leftover after parsing attributes in process `syz.8.3418'. [ 1679.917659][T19226] netlink: 8280 bytes leftover after parsing attributes in process `syz.8.3418'. [ 1681.118731][T19233] netlink: 'syz.1.3417': attribute type 1 has an invalid length. [ 1681.131404][T19233] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3417'. [ 1681.140850][T12687] usb 9-1: new full-speed USB device number 8 using dummy_hcd [ 1681.635504][T12687] usb 9-1: not running at top speed; connect to a high speed hub [ 1681.669975][T12687] usb 9-1: config 13 has an invalid interface number: 68 but max is 0 [ 1681.698943][T12687] usb 9-1: config 13 has no interface number 0 [ 1681.707455][T12687] usb 9-1: config 13 interface 68 altsetting 107 has an invalid descriptor for endpoint zero, skipping [ 1681.724329][T12687] usb 9-1: config 13 interface 68 altsetting 107 has an invalid descriptor for endpoint zero, skipping [ 1681.736135][T18135] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 1681.747372][T12687] usb 9-1: config 13 interface 68 has no altsetting 0 [ 1681.759512][T12687] usb 9-1: New USB device found, idVendor=19d2, idProduct=1247, bcdDevice=f8.28 [ 1681.772707][T12687] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1681.788802][T12687] usb 9-1: Product: syz [ 1681.793221][T12687] usb 9-1: Manufacturer: syz [ 1681.801129][T12687] usb 9-1: SerialNumber: syz [ 1682.042457][T19246] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3421'. [ 1682.116226][T18135] usb 10-1: Using ep0 maxpacket: 8 [ 1682.123034][T18135] usb 10-1: config 0 has an invalid interface number: 112 but max is 1 [ 1682.131626][T18135] usb 10-1: config 0 has an invalid interface number: 17 but max is 1 [ 1682.140045][T18135] usb 10-1: config 0 has no interface number 0 [ 1682.146322][T18135] usb 10-1: config 0 has no interface number 1 [ 1682.154948][T18135] usb 10-1: New USB device found, idVendor=04c1, idProduct=009d, bcdDevice=1f.14 [ 1682.164688][T18135] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1682.172831][T18135] usb 10-1: Product: syz [ 1682.184471][T18135] usb 10-1: Manufacturer: syz [ 1682.194448][T18135] usb 10-1: SerialNumber: syz [ 1682.205998][T18135] usb 10-1: config 0 descriptor?? [ 1682.246062][T12687] option 9-1:13.68: GSM modem (1-port) converter detected [ 1682.272481][T12687] usb 9-1: USB disconnect, device number 8 [ 1682.279643][T12687] option 9-1:13.68: device disconnected [ 1682.624703][ T57] usb 10-1: USB disconnect, device number 8 [ 1682.966386][T19256] 9pnet_fd: Insufficient options for proto=fd [ 1683.519879][T19265] 9pnet_fd: Insufficient options for proto=fd [ 1687.127933][T19291] nfs: Unknown parameter 's' [ 1687.270865][T19295] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3436'. [ 1690.303202][T19324] net_ratelimit: 6 callbacks suppressed [ 1690.303221][T19324] dccp_invalid_packet: P.type (CLOSEREQ) not Data || [Data]Ack, while P.X == 0 [ 1698.135878][T19384] fuse: Unknown parameter 'allow_other-' [ 1698.632236][T19394] 9pnet_fd: Insufficient options for proto=fd [ 1701.429311][ T9416] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 1701.510121][T19422] tipc: Failed to obtain node identity [ 1701.528014][T19422] tipc: Enabling of bearer rejected, failed to enable media [ 1701.614601][ T9416] usb 10-1: Using ep0 maxpacket: 16 [ 1701.647343][ T9416] usb 10-1: config 0 has no interfaces? [ 1701.665055][ T9416] usb 10-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=76.fe [ 1701.675031][ T9416] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1701.683348][ T9416] usb 10-1: Product: syz [ 1701.689562][ T9416] usb 10-1: Manufacturer: syz [ 1701.694271][ T9416] usb 10-1: SerialNumber: syz [ 1701.783515][T19422] netlink: 1608 bytes leftover after parsing attributes in process `syz.1.3478'. [ 1701.784657][ T9416] usb 10-1: config 0 descriptor?? [ 1702.492173][T19437] 9pnet_fd: Insufficient options for proto=fd [ 1702.800003][T10393] usb 10-1: USB disconnect, device number 9 [ 1705.254123][T19473] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3498'. [ 1705.487755][T19481] 9pnet_fd: Insufficient options for proto=fd [ 1707.724769][T10393] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 1707.886429][T10393] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1707.904554][T10393] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1707.931636][T10393] usb 9-1: config 0 descriptor?? [ 1707.952994][T10393] cp210x 9-1:0.0: cp210x converter detected [ 1709.015876][T19507] 9pnet_fd: Insufficient options for proto=fd [ 1711.368199][T10393] cp210x 9-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1711.769673][T10393] cp210x 9-1:0.0: querying part number failed [ 1711.933475][T10393] usb 9-1: cp210x converter now attached to ttyUSB0 [ 1711.941663][T10393] usb 9-1: USB disconnect, device number 9 [ 1711.973183][T10393] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1711.994756][T10393] cp210x 9-1:0.0: device disconnected [ 1712.236277][T19532] 9pnet_fd: Insufficient options for proto=fd [ 1712.631068][T19536] sctp: [Deprecated]: syz.6.3513 (pid 19536) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1712.631068][T19536] Use struct sctp_sack_info instead [ 1713.859363][T19538] 9pnet_fd: Insufficient options for proto=fd [ 1717.631488][T19558] bond0: (slave wlan1): Releasing backup interface [ 1717.670625][T19558] debugfs: Directory 'netdev:phy15-monitor' with parent 'phy15' already present! [ 1718.881497][T19577] 9pnet_fd: Insufficient options for proto=fd [ 1719.343198][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1719.355095][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1719.374143][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1719.386972][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1719.399834][ T3700] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 1719.400043][ T5832] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1719.417160][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1719.534610][ T3700] usb 9-1: device descriptor read/64, error -71 [ 1719.683368][T17279] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1719.726807][T19583] »»»»»» speed is unknown, defaulting to 1000 [ 1719.784732][ T3700] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 1719.837710][T17279] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1719.985709][ T3700] usb 9-1: device descriptor read/64, error -71 [ 1720.033435][T17279] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1720.058640][T19583] »»»»»» speed is unknown, defaulting to 1000 [ 1720.094907][ T3700] usb usb9-port1: attempt power cycle [ 1721.195164][T17279] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1721.223375][ T3700] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 1721.253494][ T3700] usb 9-1: device descriptor read/8, error -71 [ 1721.505137][ T3700] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 1721.616830][ T5832] Bluetooth: hci0: command tx timeout [ 1721.673940][T19583] chnl_net:caif_netlink_parms(): no params data found [ 1721.706271][ T3700] usb 9-1: device descriptor read/8, error -71 [ 1721.904949][ T3700] usb usb9-port1: unable to enumerate USB device [ 1722.379979][T19583] bridge0: port 1(bridge_slave_0) entered blocking state [ 1722.400785][T19583] bridge0: port 1(bridge_slave_0) entered disabled state [ 1722.502835][T19583] bridge_slave_0: entered allmulticast mode [ 1722.696209][T19612] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1722.738988][T19583] bridge_slave_0: entered promiscuous mode [ 1722.991884][T19583] bridge0: port 2(bridge_slave_1) entered blocking state [ 1723.054191][T19583] bridge0: port 2(bridge_slave_1) entered disabled state [ 1723.079134][T19583] bridge_slave_1: entered allmulticast mode [ 1723.101270][T19583] bridge_slave_1: entered promiscuous mode [ 1723.274167][T19583] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1723.318535][T19583] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1724.177105][T17757] Bluetooth: hci0: command tx timeout [ 1726.251925][ T57] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 1726.254525][T17757] Bluetooth: hci0: command tx timeout [ 1727.045823][ T57] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1727.061710][ T57] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1727.083066][ T57] usb 9-1: config 0 descriptor?? [ 1727.103690][T17279] bond0 (unregistering): Released all slaves [ 1727.117004][ T57] cp210x 9-1:0.0: cp210x converter detected [ 1727.118242][T17279] bond1 (unregistering): Released all slaves [ 1727.162623][T19583] team0: Port device team_slave_0 added [ 1727.207864][T19583] team0: Port device team_slave_1 added [ 1727.533065][T19663] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1727.583629][T19583] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1727.591117][T19583] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1727.619034][T19583] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1727.667954][T19583] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1727.686393][T19583] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1727.701462][ T57] usb 9-1: cp210x converter now attached to ttyUSB0 [ 1727.732276][T19583] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1727.858011][T19668] 9pnet_fd: Insufficient options for proto=fd [ 1727.932504][ T57] usb 9-1: USB disconnect, device number 14 [ 1727.951630][ T57] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1728.125495][ T57] cp210x 9-1:0.0: device disconnected [ 1728.199398][T19583] hsr_slave_0: entered promiscuous mode [ 1728.245515][T19583] hsr_slave_1: entered promiscuous mode [ 1728.328439][T17279] hsr_slave_0: left promiscuous mode [ 1728.336529][ T5832] Bluetooth: hci0: command tx timeout [ 1728.343829][T17279] hsr_slave_1: left promiscuous mode [ 1728.386471][T17279] veth1_macvtap: left promiscuous mode [ 1728.393526][T17279] veth0_macvtap: left promiscuous mode [ 1728.399687][T17279] veth1_vlan: left promiscuous mode [ 1728.405444][T17279] veth0_vlan: left promiscuous mode [ 1729.548255][T17757] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1732.731056][T19703] netlink: 'syz.1.3563': attribute type 10 has an invalid length. [ 1733.141308][T19703] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1733.170075][T19704] tipc: Started in network mode [ 1733.211863][T19704] tipc: Node identity ff010000000000000000000000000001, cluster identity 4711 [ 1733.224544][T19704] tipc: Enabling of bearer rejected, failed to enable media [ 1733.565411][T19713] netlink: zone id is out of range [ 1733.570705][T19713] netlink: zone id is out of range [ 1733.575928][T19713] netlink: zone id is out of range [ 1733.582158][T19713] netlink: zone id is out of range [ 1733.587516][T19713] netlink: zone id is out of range [ 1733.592656][T19713] netlink: zone id is out of range [ 1733.597943][T19713] netlink: zone id is out of range [ 1733.604249][T19713] netlink: set zone limit has 8 unknown bytes [ 1734.806966][T19583] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1734.958181][T19583] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1734.985536][T19583] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1735.027546][T19583] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1736.103847][T19583] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1736.147713][T19583] 8021q: adding VLAN 0 to HW filter on device team0 [ 1736.285826][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 1736.293004][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1736.347622][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 1736.354826][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1736.446381][T19752] 9pnet_fd: Insufficient options for proto=fd [ 1739.586220][T19776] FAULT_INJECTION: forcing a failure. [ 1739.586220][T19776] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1739.622663][T19776] CPU: 1 UID: 0 PID: 19776 Comm: syz.8.3583 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1739.622691][T19776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1739.622702][T19776] Call Trace: [ 1739.622710][T19776] [ 1739.622718][T19776] dump_stack_lvl+0x241/0x360 [ 1739.622751][T19776] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1739.622769][T19776] ? __pfx__printk+0x10/0x10 [ 1739.622794][T19776] ? __pfx_lock_release+0x10/0x10 [ 1739.622825][T19776] should_fail_ex+0x40a/0x550 [ 1739.622853][T19776] _copy_from_user+0x2d/0xb0 [ 1739.622874][T19776] memdup_user+0x64/0xc0 [ 1739.622893][T19776] kvm_vcpu_ioctl+0x334/0x1020 [ 1739.622923][T19776] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1739.622950][T19776] ? __asan_memset+0x23/0x50 [ 1739.622971][T19776] ? smack_file_ioctl+0x35d/0x3b0 [ 1739.622995][T19776] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1739.623022][T19776] ? __fget_files+0x2a/0x410 [ 1739.623042][T19776] ? __fget_files+0x2a/0x410 [ 1739.623064][T19776] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1739.623089][T19776] __se_sys_ioctl+0xf5/0x170 [ 1739.623112][T19776] do_syscall_64+0xf3/0x230 [ 1739.623134][T19776] ? clear_bhb_loop+0x35/0x90 [ 1739.623159][T19776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1739.623179][T19776] RIP: 0033:0x7fdb0678d169 [ 1739.623195][T19776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1739.623210][T19776] RSP: 002b:00007fdb07664038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1739.623230][T19776] RAX: ffffffffffffffda RBX: 00007fdb069a5fa0 RCX: 00007fdb0678d169 [ 1739.623243][T19776] RDX: 0000000000000000 RSI: 000000004090ae82 RDI: 0000000000000005 [ 1739.623254][T19776] RBP: 00007fdb07664090 R08: 0000000000000000 R09: 0000000000000000 [ 1739.623265][T19776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1739.623276][T19776] R13: 0000000000000000 R14: 00007fdb069a5fa0 R15: 00007ffdae969c28 [ 1739.623303][T19776] [ 1739.788570][T19583] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1741.532067][T19583] veth0_vlan: entered promiscuous mode [ 1741.551587][T19583] veth1_vlan: entered promiscuous mode [ 1741.597916][T19583] veth0_macvtap: entered promiscuous mode [ 1741.687147][T19583] veth1_macvtap: entered promiscuous mode [ 1742.603398][T19583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1742.673233][T19583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1742.710897][T19583] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1742.762922][T19583] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1742.778349][T19583] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1742.793391][T19583] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1742.808048][T19583] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1742.840948][T19583] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1742.854502][T19583] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1742.863388][T19583] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1742.880680][T19809] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3592'. [ 1742.891959][T19809] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3592'. [ 1742.904286][T19809] netlink: 38 bytes leftover after parsing attributes in process `syz.5.3592'. [ 1743.028360][T13573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1743.036789][T19816] netlink: 156 bytes leftover after parsing attributes in process `syz.6.3595'. [ 1743.046511][T13573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1743.057933][T17279] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1743.077017][T17279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1743.134501][ T3700] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 1743.295250][ T3700] usb 9-1: Using ep0 maxpacket: 16 [ 1743.328161][ T3700] usb 9-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 1743.343901][ T3700] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1743.354066][ T3700] usb 9-1: Product: syz [ 1743.358705][ T3700] usb 9-1: Manufacturer: syz [ 1744.054008][ T3700] usb 9-1: SerialNumber: syz [ 1744.069706][ T3700] usb 9-1: config 0 descriptor?? [ 1744.077226][ T3700] usbhid 9-1:0.0: couldn't find an input interrupt endpoint [ 1744.192455][T19831] RDS: rds_bind could not find a transport for fc01::1, load rds_tcp or rds_rdma? [ 1744.679896][T19827] netlink: 'syz.4.3528': attribute type 7 has an invalid length. [ 1744.704272][T19836] loop6: detected capacity change from 0 to 524287999 [ 1744.715204][ C1] blk_print_req_error: 17 callbacks suppressed [ 1744.715224][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1744.722513][T19837] PKCS7: Unknown OID: [5] 0.0 [ 1744.730653][ C1] buffer_io_error: 17 callbacks suppressed [ 1744.730669][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1744.732513][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1744.758781][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1744.775549][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1744.784735][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1744.793625][T19833] dlm: no local IP address has been set [ 1744.794467][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1744.808372][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1744.813459][T19837] PKCS7: Only support pkcs7_signedData type [ 1744.835139][T19833] dlm: cannot start dlm midcomms -107 [ 1744.867396][ C0] IPv4: Oversized IP packet from 127.0.0.1 [ 1744.873810][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1744.882948][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1744.892271][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1744.901450][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1744.920545][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1744.929882][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1744.945139][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1744.954398][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1744.962280][T19836] ldm_validate_partition_table(): Disk read failed. [ 1744.990845][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1745.000217][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1745.008309][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1745.017536][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1745.042102][T19836] Dev loop6: unable to read RDB block 0 [ 1745.054270][T19836] loop6: unable to read partition table [ 1745.063735][T19836] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1745.087919][T19846] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3603'. [ 1745.112155][T19839] ldm_validate_partition_table(): Disk read failed. [ 1745.123091][T19839] Dev loop6: unable to read RDB block 0 [ 1745.129720][T19839] loop6: unable to read partition table [ 1745.135802][T19839] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1745.562425][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 1745.573948][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 1745.869664][ T3700] usb 9-1: USB disconnect, device number 15 [ 1747.614592][ T5832] Bluetooth: hci1: command 0x1003 tx timeout [ 1747.623410][T17757] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1749.739561][T19908] »»»»»» speed is unknown, defaulting to 1000 [ 1749.883697][T19908] »»»»»» speed is unknown, defaulting to 1000 [ 1749.982735][T19916] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3618'. [ 1751.360220][T19935] input: syz0 as /devices/virtual/input/input25 [ 1754.184826][ T9416] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 1754.357069][ T9416] usb 5-1: too many endpoints for config 0 interface 0 altsetting 169: 242, using maximum allowed: 30 [ 1754.402901][ T9416] usb 5-1: config 0 interface 0 altsetting 169 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1754.451328][ T9416] usb 5-1: config 0 interface 0 altsetting 169 has 1 endpoint descriptor, different from the interface descriptor's value: 242 [ 1754.491444][ T9416] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1754.604470][ T9416] usb 5-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 1754.613567][ T9416] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1754.628658][ T9416] usb 5-1: config 0 descriptor?? [ 1755.582156][ T9416] logitech 0003:046D:C29C.001A: item fetching failed at offset 0/3 [ 1755.608365][ T9416] logitech 0003:046D:C29C.001A: parse failed [ 1755.627913][ T9416] logitech 0003:046D:C29C.001A: probe with driver logitech failed with error -22 [ 1755.659647][ T9416] usb 5-1: USB disconnect, device number 18 [ 1756.439050][T19990] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3648'. [ 1756.670367][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 1756.670383][ T29] audit: type=1326 audit(1740723897.164:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.701223][ T29] audit: type=1326 audit(1740723897.204:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.723435][ T29] audit: type=1326 audit(1740723897.204:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.746567][ T29] audit: type=1326 audit(1740723897.204:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.774091][ T29] audit: type=1326 audit(1740723897.204:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.797132][ T29] audit: type=1326 audit(1740723897.204:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.819542][ T29] audit: type=1326 audit(1740723897.204:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.841896][ T29] audit: type=1326 audit(1740723897.204:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.864308][ T29] audit: type=1326 audit(1740723897.204:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1756.888977][ T29] audit: type=1326 audit(1740723897.204:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20004 comm="syz.6.3653" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f390c78d169 code=0x7ffc0000 [ 1757.014575][T12687] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 1757.205027][T20011] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1757.913930][T12687] usb 7-1: Using ep0 maxpacket: 32 [ 1757.979937][T12687] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1757.992045][T12687] usb 7-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1758.007586][T12687] usb 7-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1758.018347][T12687] usb 7-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 1758.027190][T12687] usb 7-1: Product: syz [ 1758.031458][T12687] usb 7-1: Manufacturer: syz [ 1758.045682][T12687] hub 7-1:4.0: USB hub found [ 1758.258846][T12687] hub 7-1:4.0: 2 ports detected [ 1759.445192][T20032] syzkaller1: entered promiscuous mode [ 1759.450767][T20032] syzkaller1: entered allmulticast mode [ 1760.014929][T18135] usb 9-1: new high-speed USB device number 16 using dummy_hcd [ 1760.177943][T18135] usb 9-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=3d.6c [ 1760.196415][T18135] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1760.215845][T18135] usb 9-1: config 0 descriptor?? [ 1760.226107][T18135] bfusb 9-1:0.0: probe with driver bfusb failed with error -5 [ 1760.410502][T12687] hub 7-1:4.0: set hub depth failed [ 1760.420610][T20049] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3665'. [ 1760.437307][T12687] usb 7-1: USB disconnect, device number 18 [ 1760.742199][T20052] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3666'. [ 1760.756121][T20043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1761.064607][T20043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1761.109076][T10397] usb 9-1: USB disconnect, device number 16 [ 1762.920122][T20088] bridge_slave_0: left allmulticast mode [ 1762.928150][T20088] bridge_slave_0: left promiscuous mode [ 1762.974700][T20088] bridge0: port 1(bridge_slave_0) entered disabled state [ 1763.033190][T20088] bridge_slave_1: left allmulticast mode [ 1763.056700][T20088] bridge_slave_1: left promiscuous mode [ 1763.077893][T20088] bridge0: port 2(bridge_slave_1) entered disabled state [ 1763.125401][T20088] bond0: (slave bond_slave_0): Releasing backup interface [ 1763.159389][T20088] bond0: (slave bond_slave_1): Releasing backup interface [ 1763.916052][T20088] team0: Port device team_slave_0 removed [ 1764.170042][T20088] team0: Port device team_slave_1 removed [ 1764.182108][T20088] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1764.189885][T20088] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1764.209208][T20088] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1764.315300][T20088] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1765.254046][T20113] autofs: Unknown parameter 'ÿÿÿÿÿÿ€Â' [ 1765.269007][T20113] bridge_slave_0: left allmulticast mode [ 1765.274956][T20113] bridge_slave_0: left promiscuous mode [ 1765.280827][T20113] bridge0: port 1(bridge_slave_0) entered disabled state [ 1766.266107][T20113] bridge_slave_1: left allmulticast mode [ 1766.276064][T20113] bridge_slave_1: left promiscuous mode [ 1766.281835][T20113] bridge0: port 2(bridge_slave_1) entered disabled state [ 1766.799944][T20113] bond0: (slave bond_slave_0): Releasing backup interface [ 1766.993308][T20113] bond0: (slave bond_slave_1): Releasing backup interface [ 1767.104545][T20113] team0: Port device team_slave_0 removed [ 1767.135542][T20113] team0: Port device team_slave_1 removed [ 1767.162954][T20113] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1767.174965][T20113] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1767.199893][T20113] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1767.218469][T20113] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1767.305287][T20113] bond0: (slave wlan1): Releasing backup interface [ 1768.440199][T20142] FAULT_INJECTION: forcing a failure. [ 1768.440199][T20142] name failslab, interval 1, probability 0, space 0, times 0 [ 1768.440230][T20142] CPU: 0 UID: 0 PID: 20142 Comm: syz.4.3694 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1768.440249][T20142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1768.440260][T20142] Call Trace: [ 1768.440267][T20142] [ 1768.440274][T20142] dump_stack_lvl+0x241/0x360 [ 1768.440297][T20142] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1768.440315][T20142] ? __pfx__printk+0x10/0x10 [ 1768.440340][T20142] ? __kmalloc_cache_noprof+0x48/0x390 [ 1768.440359][T20142] ? __pfx___might_resched+0x10/0x10 [ 1768.440382][T20142] should_fail_ex+0x40a/0x550 [ 1768.440409][T20142] should_failslab+0xac/0x100 [ 1768.440434][T20142] __kmalloc_cache_noprof+0x70/0x390 [ 1768.440449][T20142] ? con_clear_unimap+0xdc/0x1d0 [ 1768.440474][T20142] con_clear_unimap+0xdc/0x1d0 [ 1768.440496][T20142] vt_ioctl+0x12f9/0x2020 [ 1768.440518][T20142] ? vt_ioctl+0x131/0x2020 [ 1768.440541][T20142] ? __pfx_vt_ioctl+0x10/0x10 [ 1768.440560][T20142] ? __asan_memset+0x23/0x50 [ 1768.440579][T20142] ? smack_file_ioctl+0x2a5/0x3b0 [ 1768.440603][T20142] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1768.440634][T20142] ? tty_jobctrl_ioctl+0x36e/0xba0 [ 1768.440656][T20142] ? __fget_files+0x2a/0x410 [ 1768.440676][T20142] tty_ioctl+0x90f/0xdc0 [ 1768.440692][T20142] ? __pfx_tty_ioctl+0x10/0x10 [ 1768.440709][T20142] __se_sys_ioctl+0xf5/0x170 [ 1768.440731][T20142] do_syscall_64+0xf3/0x230 [ 1768.440756][T20142] ? clear_bhb_loop+0x35/0x90 [ 1768.440780][T20142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1768.440800][T20142] RIP: 0033:0x7fcfc138d169 [ 1768.440816][T20142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1768.440831][T20142] RSP: 002b:00007fcfc2117038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1768.440855][T20142] RAX: ffffffffffffffda RBX: 00007fcfc15a5fa0 RCX: 00007fcfc138d169 [ 1768.440867][T20142] RDX: 0000000000000000 RSI: 0000000000004b68 RDI: 0000000000000003 [ 1768.440878][T20142] RBP: 00007fcfc2117090 R08: 0000000000000000 R09: 0000000000000000 [ 1768.440889][T20142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1768.440900][T20142] R13: 0000000000000000 R14: 00007fcfc15a5fa0 R15: 00007fff404646a8 [ 1768.440927][T20142] [ 1768.956309][T20154] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1770.284540][T18135] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1770.474618][T20162] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3700'. [ 1770.513813][T18135] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1770.536368][T18135] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1770.602889][T18135] usb 7-1: config 0 descriptor?? [ 1770.653781][T18135] cp210x 7-1:0.0: cp210x converter detected [ 1772.454420][ C0] hrtimer: interrupt took 60990 ns [ 1773.170235][T18135] cp210x 7-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1773.188173][T18135] cp210x 7-1:0.0: querying part number failed [ 1773.205843][T18135] usb 7-1: cp210x converter now attached to ttyUSB0 [ 1773.220006][T18135] usb 7-1: USB disconnect, device number 19 [ 1773.257345][T18135] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1773.290206][T18135] cp210x 7-1:0.0: device disconnected [ 1774.636540][T12687] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 1774.808603][T12687] usb 7-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 1774.831203][T12687] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1774.858829][T12687] usb 7-1: config 0 descriptor?? [ 1774.877617][T12687] gspca_main: spca508-2.14.0 probing 8086:0110 [ 1775.029045][T20201] 9pnet_fd: Insufficient options for proto=fd [ 1775.092201][T12687] gspca_spca508: reg_read err -32 [ 1775.113942][T12687] gspca_spca508: reg_read err -32 [ 1775.131981][T12687] gspca_spca508: reg_read err -32 [ 1775.644699][T12687] gspca_spca508: reg_read err -110 [ 1775.658858][T12687] gspca_spca508: reg write: error -32 [ 1775.672470][T12687] spca508 7-1:0.0: probe with driver spca508 failed with error -32 [ 1775.895346][T17764] usb 7-1: USB disconnect, device number 20 [ 1777.894570][T10393] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 1778.077243][T10393] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1778.098287][T10393] usb 5-1: config 66 has an invalid descriptor of length 0, skipping remainder of the config [ 1778.125740][T10393] usb 5-1: config 66 has 1 interface, different from the descriptor's value: 2 [ 1778.146486][T10393] usb 5-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a5.95 [ 1778.164511][T10393] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1778.172532][T10393] usb 5-1: Product: syz [ 1778.184450][T10393] usb 5-1: Manufacturer: syz [ 1778.503046][T20226] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1778.831778][T10393] usb 5-1: SerialNumber: syz [ 1778.900863][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1778.979449][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1778.994922][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1779.016243][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1779.027097][ T5832] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1779.036605][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1779.082110][T20227] »»»»»» speed is unknown, defaulting to 1000 [ 1779.279378][T10393] ati_remote2 5-1:66.0: ati_remote2_probe(): interface 0 must have an endpoint [ 1779.307462][T10393] usb 5-1: USB disconnect, device number 19 [ 1780.096675][T20227] »»»»»» speed is unknown, defaulting to 1000 [ 1780.407648][T20239] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1781.104968][ T5832] Bluetooth: hci1: command tx timeout [ 1783.144552][ T5832] Bluetooth: hci1: command tx timeout [ 1783.437778][T20227] chnl_net:caif_netlink_parms(): no params data found [ 1783.775389][ T29] audit: type=1326 audit(1740723924.264:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20251 comm="syz.5.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f98a7d8d169 code=0x7fc00000 [ 1783.952586][T20227] bridge0: port 1(bridge_slave_0) entered blocking state [ 1783.968648][T20227] bridge0: port 1(bridge_slave_0) entered disabled state [ 1783.984280][T20227] bridge_slave_0: entered allmulticast mode [ 1783.998334][ T29] audit: type=1326 audit(1740723924.494:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20251 comm="syz.5.3725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f98a7d8d169 code=0x7fc00000 [ 1784.023751][T20227] bridge_slave_0: entered promiscuous mode [ 1784.135337][T20227] bridge0: port 2(bridge_slave_1) entered blocking state [ 1784.150236][T20227] bridge0: port 2(bridge_slave_1) entered disabled state [ 1784.177184][T20227] bridge_slave_1: entered allmulticast mode [ 1784.204053][T20227] bridge_slave_1: entered promiscuous mode [ 1784.779012][T20227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1784.836474][T20227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1784.909243][T20227] team0: Port device team_slave_0 added [ 1784.920491][T20227] team0: Port device team_slave_1 added [ 1784.957154][T20227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1784.972554][T20227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1785.003974][T20227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1785.023682][T20227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1785.036366][T20227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1785.063214][T20227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1785.300564][ T5832] Bluetooth: hci1: command tx timeout [ 1785.464272][T20284] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1786.200186][T20227] hsr_slave_0: entered promiscuous mode [ 1786.206692][T20227] hsr_slave_1: entered promiscuous mode [ 1786.214061][T20227] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1786.221824][T20227] Cannot create hsr debugfs directory [ 1787.257292][T20293] syz.6.3733: attempt to access beyond end of device [ 1787.257292][T20293] nbd6: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1787.272509][T20293] SQUASHFS error: Failed to read block 0x0: -5 [ 1787.279023][T20293] unable to read squashfs_super_block [ 1787.374897][ T5832] Bluetooth: hci1: command tx timeout [ 1788.373411][T20304] 9pnet_fd: Insufficient options for proto=fd [ 1789.867519][T20305] 9pnet_fd: Insufficient options for proto=fd [ 1791.002151][T20227] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1791.046630][T20227] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1791.073698][T20227] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1791.107781][T20318] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3740'. [ 1791.204905][T20227] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1792.156151][T20227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1792.203357][T20227] 8021q: adding VLAN 0 to HW filter on device team0 [ 1792.267455][T17920] bridge0: port 1(bridge_slave_0) entered blocking state [ 1792.274623][T17920] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1792.340360][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1792.347564][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1792.545697][T20227] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1794.045273][T20351] 9pnet_fd: Insufficient options for proto=fd [ 1794.942436][T20345] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1794.964848][T20345] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1795.988583][T20345] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1796.010748][T20345] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 1797.122856][T20345] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1797.186584][T20345] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1797.201206][T20227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1797.311269][T20366] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3753'. [ 1797.424760][T20345] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1797.430720][T20345] Bluetooth: hci6: Error when powering off device on rfkill (-4) [ 1797.484483][T20345] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1797.490663][T20345] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1797.515591][T20227] veth0_vlan: entered promiscuous mode [ 1797.619541][T20345] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1797.630025][T20227] veth1_vlan: entered promiscuous mode [ 1797.635011][T20345] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1797.724253][T10393] IPVS: starting estimator thread 0... [ 1797.810268][T20227] veth0_macvtap: entered promiscuous mode [ 1797.834558][T20372] IPVS: using max 22 ests per chain, 52800 per kthread [ 1797.857184][T20227] veth1_macvtap: entered promiscuous mode [ 1797.939007][T20227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1797.980336][T20227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1798.059803][T20227] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1798.082649][T20227] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1798.101915][T20227] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1798.139682][T20227] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1800.248996][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1800.525268][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1800.817772][ T5885] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1800.887518][ T5885] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1801.514481][T12687] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 1801.697523][T12687] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1801.744643][T20409] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3763'. [ 1801.745712][T12687] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1801.821277][T12687] usb 3-1: config 0 descriptor?? [ 1801.848510][T12687] cp210x 3-1:0.0: cp210x converter detected [ 1801.958341][T20412] fuse: Bad value for 'fd' [ 1802.522489][T12687] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1802.564709][T12687] cp210x 3-1:0.0: querying part number failed [ 1802.598165][T12687] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1802.617055][T12687] usb 3-1: USB disconnect, device number 24 [ 1802.644766][T12687] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1802.663122][T12687] cp210x 3-1:0.0: device disconnected [ 1802.904721][T20420] netlink: 1608 bytes leftover after parsing attributes in process `syz.5.3767'. [ 1803.983368][T20431] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3770'. [ 1804.341121][T20439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3774'. [ 1809.516182][T20476] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3784'. [ 1809.534448][ T29] audit: type=1326 audit(1740723950.014:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20474 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7fc00000 [ 1809.584850][T20476] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3784'. [ 1809.618562][T20478] dlm: no local IP address has been set [ 1809.642060][T20478] dlm: cannot start dlm midcomms -107 [ 1809.848481][T20486] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3788'. [ 1809.884533][ T3700] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 1810.079381][T20491] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1810.506488][ T29] audit: type=1326 audit(1740723951.004:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20474 comm="syz.1.3784" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f0b5458d169 code=0x7fc00000 [ 1810.530887][ T3700] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1810.556541][ T3700] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1810.595315][ T3700] usb 3-1: config 0 descriptor?? [ 1810.633925][ T3700] cp210x 3-1:0.0: cp210x converter detected [ 1810.714837][T20493] QAT: Device 5 not found [ 1811.412845][ T3700] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1811.784752][ T3700] cp210x 3-1:0.0: querying part number failed [ 1811.810586][ T3700] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1811.880051][ T3700] usb 3-1: USB disconnect, device number 25 [ 1811.895041][ T3700] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1811.914998][ T3700] cp210x 3-1:0.0: device disconnected [ 1813.765191][T17764] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 1814.004409][T17764] usb 5-1: config index 0 descriptor too short (expected 1298, got 18) [ 1814.098792][T17764] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 1814.241010][T17764] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1814.361740][T20526] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3800'. [ 1814.368532][T17764] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1814.410806][T17764] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1814.420604][T17764] usb 5-1: Product: syz [ 1814.425810][T17764] usb 5-1: Manufacturer: syz [ 1814.436337][T17764] usb 5-1: SerialNumber: syz [ 1814.446028][T17764] usb 5-1: config 0 descriptor?? [ 1815.030096][T20534] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3802'. [ 1815.430742][T17764] usb 5-1: Firmware version (0.0) predates our first public release. [ 1815.494221][T17764] usb 5-1: Please update to version 0.2 or newer [ 1815.894723][ T29] audit: type=1326 audit(1740723956.384:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1815.926350][T17764] usb 5-1: USB disconnect, device number 20 [ 1815.980374][ T29] audit: type=1326 audit(1740723956.384:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1816.204446][ T29] audit: type=1326 audit(1740723956.384:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1816.226133][ T29] audit: type=1326 audit(1740723956.384:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1816.248369][ T29] audit: type=1326 audit(1740723956.384:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1816.292509][ T29] audit: type=1326 audit(1740723956.414:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1816.603568][ T29] audit: type=1326 audit(1740723956.414:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1816.926681][ T29] audit: type=1326 audit(1740723956.414:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1817.011569][ T29] audit: type=1326 audit(1740723956.414:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1817.111250][ T29] audit: type=1326 audit(1740723956.414:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20544 comm="syz.1.3806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1817.468623][T20564] syz_tun: entered allmulticast mode [ 1818.229005][T20563] syz_tun: left allmulticast mode [ 1818.811410][T20581] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1821.038608][T20591] »»»»»» speed is unknown, defaulting to 1000 [ 1821.580607][T20591] »»»»»» speed is unknown, defaulting to 1000 [ 1823.231261][T20620] syz_tun: entered allmulticast mode [ 1823.422443][T20618] syz_tun: left allmulticast mode [ 1823.526555][T20628] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1825.601434][T20643] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1828.696369][T20661] cifs: Unknown parameter 'no'‘a£Nð[G¶zob,erèèµ;%j¸¼ [ 1828.696369][T20661] ‡üzæ,€@q¬Ú÷ôÐåéJ#³"ŽÚh/.W1ȱ¨nNCº"†CÙ×ðÚ<“™+`# ÷Ž¢k²–' [ 1828.855709][T20661] IPVS: set_ctl: invalid protocol: 41 172.20.20.28:20001 [ 1828.881403][T20661] Non-string source [ 1829.114455][T18135] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 1829.416441][T18135] usb 7-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 1829.427570][T18135] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1829.467347][T18135] usb 7-1: config 0 descriptor?? [ 1830.134763][T18135] asix 7-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1830.237329][T18135] asix 7-1:0.0: probe with driver asix failed with error -71 [ 1830.386694][T18135] usb 7-1: USB disconnect, device number 21 [ 1832.258004][T20680] SET target dimension over the limit! [ 1832.286314][T20680] netlink: 64 bytes leftover after parsing attributes in process `syz.6.3845'. [ 1835.065175][T17764] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 1835.693242][T20697] 9pnet_fd: Insufficient options for proto=fd [ 1835.874495][T17764] usb 7-1: Using ep0 maxpacket: 8 [ 1835.917773][T17764] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 1835.939822][T17764] usb 7-1: config 0 has no interface number 0 [ 1835.996651][T20700] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3852'. [ 1836.005733][T20700] openvswitch: netlink: Flow key attr not present in new flow. [ 1836.015344][T17764] usb 7-1: config 0 interface 1 has no altsetting 0 [ 1837.166827][T17764] usb 7-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f [ 1837.199306][T17764] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1837.406202][T17764] usb 7-1: Product: syz [ 1837.417959][T17764] usb 7-1: config 0 descriptor?? [ 1837.445474][T17764] usb 7-1: can't set config #0, error -71 [ 1838.338583][T17764] usb 7-1: USB disconnect, device number 22 [ 1838.664481][ T8] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1838.847513][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 1838.871628][ T8] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1838.875238][T20730] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3861'. [ 1838.909296][ T8] usb 5-1: config 0 has no interface number 0 [ 1838.941129][ T8] usb 5-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=ff.7e [ 1838.969710][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1839.004633][ T8] usb 5-1: Product: syz [ 1839.008842][ T8] usb 5-1: Manufacturer: syz [ 1839.013455][ T8] usb 5-1: SerialNumber: syz [ 1839.145664][ T8] usb 5-1: config 0 descriptor?? [ 1839.165504][ T8] usb 5-1: selecting invalid altsetting 2 [ 1839.189606][ T57] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1839.267163][T20739] 9pnet_fd: Insufficient options for proto=fd [ 1839.924412][ T8] i2c-cp2615 5-1:0.1: probe with driver i2c-cp2615 failed with error -22 [ 1840.034877][T12687] usb 5-1: USB disconnect, device number 21 [ 1840.128088][ T57] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1840.175217][ T57] usb 3-1: config 148 has an invalid interface number: 130 but max is 0 [ 1840.224387][ T57] usb 3-1: config 148 has no interface number 0 [ 1840.268257][ T57] usb 3-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice=16.f8 [ 1840.303298][ T57] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1841.284715][ T57] usb 3-1: Product: syz [ 1841.288928][ T57] usb 3-1: Manufacturer: syz [ 1842.267373][ T57] usb 3-1: SerialNumber: syz [ 1842.694872][ T57] usb 3-1: can't set config #148, error -71 [ 1842.709566][ T57] usb 3-1: USB disconnect, device number 26 [ 1844.326985][T12687] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 1844.544488][T12687] usb 7-1: Using ep0 maxpacket: 16 [ 1844.573705][T12687] usb 7-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 1844.599831][T12687] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1844.624581][T12687] usb 7-1: Product: syz [ 1844.647286][T12687] usb 7-1: Manufacturer: syz [ 1844.664107][T12687] usb 7-1: SerialNumber: syz [ 1845.673202][T12687] usb 7-1: config 0 descriptor?? [ 1845.704442][T12687] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 1845.726875][T10395] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1845.974542][T10395] usb 5-1: Using ep0 maxpacket: 16 [ 1846.168516][T10395] usb 5-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 1846.264537][T10395] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1846.310240][ T5924] usb 7-1: USB disconnect, device number 23 [ 1846.379551][T20798] bridge_slave_0: left allmulticast mode [ 1846.424771][T20798] bridge_slave_0: left promiscuous mode [ 1846.446017][T20798] bridge0: port 1(bridge_slave_0) entered disabled state [ 1846.460565][T10395] usb 5-1: Product: syz [ 1846.465807][T10395] usb 5-1: Manufacturer: syz [ 1846.470434][T10395] usb 5-1: SerialNumber: syz [ 1846.487677][T10395] usb 5-1: config 0 descriptor?? [ 1846.497215][T10395] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1846.511484][T20798] bridge_slave_1: left allmulticast mode [ 1846.533545][T20798] bridge_slave_1: left promiscuous mode [ 1846.543801][T20798] bridge0: port 2(bridge_slave_1) entered disabled state [ 1846.647007][T20798] bond0: (slave bond_slave_0): Releasing backup interface [ 1847.102464][T18135] usb 5-1: USB disconnect, device number 22 [ 1847.536126][T20798] bond0: (slave bond_slave_1): Releasing backup interface [ 1847.580186][T20798] team0: Port device team_slave_0 removed [ 1847.900705][T20798] team0: Port device team_slave_1 removed [ 1848.102291][T20798] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1848.137197][T20798] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1848.177170][T20798] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1848.225265][T20798] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1849.798292][T12687] usb 5-1: new low-speed USB device number 23 using dummy_hcd [ 1850.272022][T12687] usb 5-1: No LPM exit latency info found, disabling LPM. [ 1850.371700][T12687] usb 5-1: config 1 interface 0 altsetting 72 endpoint 0x1 is Bulk; changing to Interrupt [ 1850.479178][T12687] usb 5-1: config 1 interface 0 altsetting 72 endpoint 0x82 is Bulk; changing to Interrupt [ 1850.541189][T12687] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1850.560624][T12687] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1850.588313][T12687] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1850.634578][T12687] usb 5-1: Product: 웘ï±î’“봢㴾혽îŽà´£ï˜Ÿâ© [ 1850.846794][T12687] usb 5-1: Manufacturer: ã Š [ 1850.851523][T12687] usb 5-1: SerialNumber: ဗ [ 1850.858769][T20811] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1850.871384][T20811] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1851.915434][T12687] usb 5-1: USB disconnect, device number 23 [ 1852.038541][T20839] PKCS7: Unknown OID: [5] 0.0 [ 1852.043275][T20839] PKCS7: Only support pkcs7_signedData type [ 1852.052768][T20841] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3892'. [ 1852.208013][T20845] Bluetooth: MGMT ver 1.23 [ 1854.977819][T20875] 9pnet_fd: Insufficient options for proto=fd [ 1855.536563][ T57] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 1855.763838][ T57] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1855.799388][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1855.827966][ T57] usb 5-1: Product: syz [ 1855.832177][ T57] usb 5-1: Manufacturer: syz [ 1855.873756][ T57] usb 5-1: SerialNumber: syz [ 1856.056538][ T57] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1856.239956][T20888] bridge0: port 1(erspan0) entered blocking state [ 1856.247183][T20888] bridge0: port 1(erspan0) entered disabled state [ 1856.259420][T20888] erspan0: entered allmulticast mode [ 1856.295967][T20888] erspan0: entered promiscuous mode [ 1856.320497][T20888] bridge0: port 1(erspan0) entered blocking state [ 1856.327275][T20888] bridge0: port 1(erspan0) entered forwarding state [ 1856.669065][T10395] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1857.280318][ T9416] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 1857.305334][T20906] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3901'. [ 1857.442158][ T57] usb 5-1: USB disconnect, device number 24 [ 1858.406026][ T9416] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1858.406068][ T9416] usb 7-1: New USB device found, idVendor=044f, idProduct=b300, bcdDevice= 0.00 [ 1858.406092][ T9416] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1858.407995][ T9416] usb 7-1: config 0 descriptor?? [ 1858.420948][T10395] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1858.421417][T10395] ath9k_htc: Failed to initialize the device [ 1858.437478][ T57] usb 5-1: ath9k_htc: USB layer deinitialized [ 1858.504852][T20913] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1859.183647][ T9416] usbhid 7-1:0.0: can't add hid device: -71 [ 1859.192550][ T9416] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1859.196614][ T9416] usb 7-1: USB disconnect, device number 24 [ 1859.387545][T20917] fuse: Unknown parameter 'éú^' [ 1859.580313][T20919] 9pnet_fd: Insufficient options for proto=fd [ 1861.120814][T20933] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3918'. [ 1861.141919][T20932] netlink: 'syz.1.3918': attribute type 12 has an invalid length. [ 1862.168658][T20951] team0: Mode changed to "broadcast" [ 1862.533009][T20958] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3927'. [ 1862.573365][T20958] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3927'. [ 1864.717415][T20974] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3930'. [ 1865.586784][ T5924] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 1865.784665][ T5924] usb 7-1: Using ep0 maxpacket: 16 [ 1865.813537][ T5924] usb 7-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 1865.855147][ T5924] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1865.889527][ T5924] usb 7-1: Product: syz [ 1865.893739][ T5924] usb 7-1: Manufacturer: syz [ 1865.954536][ T5924] usb 7-1: SerialNumber: syz [ 1865.985347][ T5924] usb 7-1: config 0 descriptor?? [ 1866.040640][T20982] bond_slave_1: entered promiscuous mode [ 1866.056795][ T5924] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 1866.075845][T20981] bond_slave_1: left promiscuous mode [ 1867.301451][T20992] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1867.537495][T10397] usb 7-1: USB disconnect, device number 25 [ 1867.870974][T20997] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776 [ 1867.879796][T20997] PKCS7: Only support pkcs7_signedData type [ 1868.024492][ T5924] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1868.136569][T21002] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1868.651927][T21006] netlink: 'syz.4.3942': attribute type 16 has an invalid length. [ 1868.670541][T21006] netlink: 'syz.4.3942': attribute type 17 has an invalid length. [ 1868.716945][ T5924] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1868.735420][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1868.743974][T21006] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1869.215996][ T5924] usb 3-1: config 0 descriptor?? [ 1869.231874][T21011] input: syz0 as /devices/virtual/input/input26 [ 1869.239442][ T5924] cp210x 3-1:0.0: cp210x converter detected [ 1869.258575][T21011] input: failed to attach handler leds to device input26, error: -6 [ 1869.358915][T21006] veth0_to_team: entered promiscuous mode [ 1869.387790][T21006] veth0_to_team: entered allmulticast mode [ 1870.141584][T20994] 9pnet_fd: Insufficient options for proto=fd [ 1870.304787][ T5924] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1870.312339][ T5924] cp210x 3-1:0.0: querying part number failed [ 1870.346333][ T5924] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1870.381974][ T5924] usb 3-1: USB disconnect, device number 27 [ 1870.404787][ T5924] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1870.412934][ T5924] cp210x 3-1:0.0: device disconnected [ 1874.490951][T21058] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1874.872368][T21054] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3954'. [ 1874.973215][T21054] bridge0: port 1(erspan0) entered disabled state [ 1875.504554][T17764] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 1875.694512][T17764] usb 5-1: Using ep0 maxpacket: 32 [ 1875.759031][T17764] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 1875.898187][T17764] usb 5-1: config 0 has no interface number 0 [ 1875.983492][T17764] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 1876.085435][T17764] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1876.182969][T17764] usb 5-1: Product: syz [ 1876.239373][T17764] usb 5-1: Manufacturer: syz [ 1876.284548][T17764] usb 5-1: SerialNumber: syz [ 1876.317292][T17764] usb 5-1: config 0 descriptor?? [ 1876.496783][T17764] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 1877.240158][T17764] usb 5-1: selecting invalid altsetting 1 [ 1877.249628][T17764] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 1877.478417][T17764] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1877.586590][T21081] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1877.688484][T17764] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 1878.434454][T17764] usb 5-1: media controller created [ 1878.483864][T17764] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1878.606256][T17764] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 1878.613598][T17764] zl10353_read_register: readreg error (reg=127, ret==-71) [ 1878.632340][T17764] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 1878.692035][T17764] usb 5-1: USB disconnect, device number 25 [ 1878.713768][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 1878.713786][ T29] audit: type=1326 audit(1740724019.204:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21084 comm="syz.1.3964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1878.741482][ C0] vkms_vblank_simulate: vblank timer overrun [ 1879.014919][ T29] audit: type=1326 audit(1740724019.204:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21084 comm="syz.1.3964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0b5458d169 code=0x7ffc0000 [ 1879.036854][ T29] audit: type=1326 audit(1740724019.304:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21084 comm="syz.1.3964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0b5458bad0 code=0x7ffc0000 [ 1879.058392][ C0] vkms_vblank_simulate: vblank timer overrun [ 1879.927564][T21089] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3965'. [ 1879.937029][T21089] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3965'. [ 1879.965004][ T29] audit: type=1326 audit(1740724019.304:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21084 comm="syz.1.3964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b5458cd6b code=0x7ffc0000 [ 1880.204796][ T29] audit: type=1326 audit(1740724019.304:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21084 comm="syz.1.3964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b5458cd6b code=0x7ffc0000 [ 1880.434594][ T29] audit: type=1326 audit(1740724019.304:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21084 comm="syz.1.3964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b5458cd6b code=0x7ffc0000 [ 1880.495475][ T29] audit: type=1326 audit(1740724019.304:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21084 comm="syz.1.3964" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0b5458cd6b code=0x7ffc0000 [ 1881.291694][T21102] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1881.391508][T21102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3966'. [ 1882.791618][T21120] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3972'. [ 1883.725827][T21129] netlink: 'syz.5.3974': attribute type 2 has an invalid length. [ 1883.845814][T21129] netlink: 5356 bytes leftover after parsing attributes in process `syz.5.3974'. [ 1885.483466][T21138] 9pnet_fd: Insufficient options for proto=fd [ 1887.131230][T21152] 9pnet_fd: Insufficient options for proto=fd [ 1887.148213][T21151] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 1887.215373][ T5924] usb 7-1: new full-speed USB device number 26 using dummy_hcd [ 1887.435545][ T5924] usb 7-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc [ 1887.456369][ T5924] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1887.493302][ T5924] usb 7-1: Product: syz [ 1887.504716][ T5924] usb 7-1: Manufacturer: syz [ 1887.519547][ T5924] usb 7-1: SerialNumber: syz [ 1887.567426][ T5924] usb 7-1: config 0 descriptor?? [ 1887.594180][ T5924] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 1887.622665][T21162] netlink: 1608 bytes leftover after parsing attributes in process `syz.4.3984'. [ 1888.362872][T17764] usb 7-1: USB disconnect, device number 26 [ 1888.649003][T21168] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3985'. [ 1889.824457][ T5924] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 1890.016177][ T5924] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1890.045928][ T5924] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1890.067792][ T5924] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 1890.088896][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1890.111207][ T5924] usb 5-1: Product: syz [ 1890.123563][ T5924] usb 5-1: Manufacturer: syz [ 1890.336543][ T5924] usb 5-1: SerialNumber: syz [ 1890.349524][ T5924] usb 5-1: config 0 descriptor?? [ 1890.364882][ T5924] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 1890.386028][ T5924] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1890.419284][ T5924] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 1890.638207][ T5924] usb 5-1: media controller created [ 1891.319627][ T5924] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1891.339913][T21186] netlink: 16215 bytes leftover after parsing attributes in process `syz.1.3990'. [ 1891.753543][T21191] 9pnet_fd: Insufficient options for proto=fd [ 1892.183574][ T5924] DVB: Unable to find symbol tda10046_attach() [ 1892.203889][ T5924] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 1892.238501][ T5924] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 1892.361907][T21200] program syz.4.3988 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1893.635260][ T5924] dvb_usb_m920x 5-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 1893.744107][ T5924] usb 5-1: USB disconnect, device number 26 [ 1894.385930][T21212] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3998'. [ 1896.394593][ T57] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1896.600146][ T57] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1896.621694][ T57] usb 3-1: config 1 has no interface number 0 [ 1896.641950][ T57] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1896.678622][ T57] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 1896.698526][ T57] usb 3-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1896.724971][ T57] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1896.753657][ T57] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1896.817020][ T57] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1896.837163][ T57] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1896.864439][ T57] usb 3-1: Product: syz [ 1896.874583][ T57] usb 3-1: Manufacturer: syz [ 1896.889474][ T57] usb 3-1: SerialNumber: syz [ 1897.125539][T21241] syz_tun: entered allmulticast mode [ 1897.173122][T21226] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1897.324297][T21240] syz_tun: left allmulticast mode [ 1897.628964][T21234] netlink: zone id is out of range [ 1897.634276][T21234] netlink: zone id is out of range [ 1897.651306][T21246] netlink: 'syz.4.4009': attribute type 10 has an invalid length. [ 1897.652100][T21226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1897.695586][T21246] bond0: (slave wlan1): Opening slave failed [ 1897.705329][T21234] netlink: zone id is out of range [ 1897.710948][T21234] netlink: zone id is out of range [ 1897.718221][T21234] netlink: zone id is out of range [ 1897.723418][T21234] netlink: zone id is out of range [ 1897.734639][T21226] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1897.765844][T21234] netlink: zone id is out of range [ 1897.772587][T21234] netlink: set zone limit has 8 unknown bytes [ 1897.800432][ T57] cdc_ncm 3-1:1.1: failed GET_NTB_PARAMETERS [ 1897.828083][ T57] cdc_ncm 3-1:1.1: bind() failure [ 1897.849615][ T57] usb 3-1: USB disconnect, device number 28 [ 1898.055947][T21253] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4012'. [ 1899.624691][T12687] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1899.815362][T12687] usb 3-1: Using ep0 maxpacket: 16 [ 1899.857544][T12687] usb 3-1: no configurations [ 1899.877331][T12687] usb 3-1: can't read configurations, error -22 [ 1900.034564][T12687] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1900.224430][T12687] usb 3-1: Using ep0 maxpacket: 16 [ 1900.232594][T12687] usb 3-1: no configurations [ 1900.243035][T12687] usb 3-1: can't read configurations, error -22 [ 1900.249396][ T5924] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 1900.270497][T12687] usb usb3-port1: attempt power cycle [ 1900.491405][ T5924] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1900.511953][ T5924] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1901.264122][ T5924] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1901.314604][T12687] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1901.354541][ T5924] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1901.373763][ T5924] usb 7-1: SerialNumber: syz [ 1901.384951][T12687] usb 3-1: Using ep0 maxpacket: 16 [ 1901.401551][T12687] usb 3-1: no configurations [ 1901.421028][T12687] usb 3-1: can't read configurations, error -22 [ 1901.577623][T12687] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1901.622135][T21275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1901.630669][T12687] usb 3-1: Using ep0 maxpacket: 16 [ 1901.643566][T12687] usb 3-1: no configurations [ 1901.650165][T21275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1901.667697][T12687] usb 3-1: can't read configurations, error -22 [ 1901.689796][T12687] usb usb3-port1: unable to enumerate USB device [ 1901.705279][ T5924] usb 7-1: 0:2 : does not exist [ 1901.732642][ T5924] usb 7-1: 0:0: failed to get current value for ch 0 (-22) [ 1901.785320][ T5924] usb 7-1: USB disconnect, device number 27 [ 1904.560421][T21301] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1906.664187][T21312] syz_tun: entered allmulticast mode [ 1906.724571][ T57] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 1906.845973][T21308] syz_tun: left allmulticast mode [ 1906.909742][ T57] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1906.971113][ T57] usb 5-1: config 0 has no interfaces? [ 1907.007393][ T57] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1907.081830][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1907.135558][ T57] usb 5-1: config 0 descriptor?? [ 1907.326657][T21333] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4033'. [ 1907.499273][T21305] program syz.4.4028 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1907.982511][T12687] usb 5-1: USB disconnect, device number 27 [ 1908.404563][T18135] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1908.604673][T18135] usb 3-1: Using ep0 maxpacket: 32 [ 1908.650936][T18135] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1908.673770][T18135] usb 3-1: config 0 has no interface number 0 [ 1908.693207][T18135] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1908.745644][T18135] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1908.780504][T18135] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1908.821372][T18135] usb 3-1: Product: syz [ 1908.836104][T18135] usb 3-1: Manufacturer: syz [ 1908.840701][T18135] usb 3-1: SerialNumber: syz [ 1908.885930][T18135] usb 3-1: config 0 descriptor?? [ 1908.922988][T18135] smsc75xx v1.0.0 [ 1909.588301][T18135] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1909.623443][T18135] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1910.261974][T21360] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1910.408387][T18135] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71 [ 1911.267964][T18135] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71 [ 1911.302084][T18135] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1911.374536][T18135] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 1911.404733][T18135] usb 3-1: USB disconnect, device number 33 [ 1911.420283][T20071] syz.8.3673: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1911.453875][T21363] CIFS: VFS: Malformed UNC in devname [ 1911.497512][T20071] CPU: 1 UID: 0 PID: 20071 Comm: syz.8.3673 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1911.497538][T20071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1911.497550][T20071] Call Trace: [ 1911.497558][T20071] [ 1911.497566][T20071] dump_stack_lvl+0x241/0x360 [ 1911.497594][T20071] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1911.497613][T20071] ? __pfx__printk+0x10/0x10 [ 1911.497643][T20071] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 1911.497664][T20071] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 1911.497688][T20071] warn_alloc+0x278/0x410 [ 1911.497715][T20071] ? __pfx_warn_alloc+0x10/0x10 [ 1911.497743][T20071] ? relay_open_buf+0x231/0xd60 [ 1911.497762][T20071] ? __get_vm_area_node+0x1c8/0x2d0 [ 1911.497780][T20071] ? __get_vm_area_node+0x25c/0x2d0 [ 1911.497805][T20071] __vmalloc_node_range_noprof+0x62f/0x1380 [ 1911.497827][T20071] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1911.497876][T20071] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1911.497898][T20071] ? rcu_is_watching+0x15/0xb0 [ 1911.497917][T20071] ? trace_kmalloc+0x1f/0xd0 [ 1911.497931][T20071] ? __kmalloc_node_noprof+0x2ad/0x4d0 [ 1911.497947][T20071] ? rcu_is_watching+0x15/0xb0 [ 1911.497962][T20071] ? __kvmalloc_node_noprof+0x72/0x190 [ 1911.497986][T20071] __kvmalloc_node_noprof+0x142/0x190 [ 1911.498006][T20071] ? relay_open_buf+0x231/0xd60 [ 1911.498026][T20071] relay_open_buf+0x231/0xd60 [ 1911.498058][T20071] relay_open+0x43d/0x950 [ 1911.498084][T20071] do_blk_trace_setup+0x579/0x9c0 [ 1911.498117][T20071] blk_trace_setup+0x116/0x1f0 [ 1911.498144][T20071] ? __pfx_blk_trace_setup+0x10/0x10 [ 1911.498177][T20071] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1911.498208][T20071] blk_trace_ioctl+0x182/0x830 [ 1911.498237][T20071] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 1911.498257][T20071] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1911.498282][T20071] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1911.498311][T20071] ? irqentry_exit+0x63/0x90 [ 1911.498332][T20071] ? lockdep_hardirqs_on+0x99/0x150 [ 1911.498361][T20071] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1911.498389][T20071] ? do_vfs_ioctl+0x149/0x2770 [ 1911.498410][T20071] ? __se_sys_ioctl+0x8e/0x170 [ 1911.498433][T20071] ? file_to_blk_mode+0xcc/0x140 [ 1911.498454][T20071] blkdev_ioctl+0x45f/0x6f0 [ 1911.498478][T20071] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1911.498506][T20071] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1911.498530][T20071] __se_sys_ioctl+0xf5/0x170 [ 1911.498554][T20071] do_syscall_64+0xf3/0x230 [ 1911.498576][T20071] ? clear_bhb_loop+0x35/0x90 [ 1911.498602][T20071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1911.498625][T20071] RIP: 0033:0x7fdb0678d169 [ 1911.498641][T20071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1911.498657][T20071] RSP: 002b:00007fdb07664038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1911.498676][T20071] RAX: ffffffffffffffda RBX: 00007fdb069a5fa0 RCX: 00007fdb0678d169 [ 1911.498690][T20071] RDX: 0000400000000040 RSI: 00000000c0481273 RDI: 0000000000000003 [ 1911.498702][T20071] RBP: 00007fdb0680e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.498714][T20071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1911.498725][T20071] R13: 0000000000000000 R14: 00007fdb069a5fa0 R15: 00007ffdae969c28 [ 1911.498754][T20071] [ 1911.498761][T20071] Mem-Info: [ 1911.637632][T21369] syz_tun: entered allmulticast mode [ 1911.698201][T20071] active_anon:181 inactive_anon:2472 isolated_anon:19 [ 1911.698201][T20071] active_file:1669 inactive_file:5059 isolated_file:0 [ 1911.698201][T20071] unevictable:768 dirty:40 writeback:0 [ 1911.698201][T20071] slab_reclaimable:6949 slab_unreclaimable:107922 [ 1911.698201][T20071] mapped:33806 shmem:2812 pagetables:912 [ 1911.698201][T20071] sec_pagetables:0 bounce:0 [ 1911.698201][T20071] kernel_misc_reclaimable:0 [ 1911.698201][T20071] free:372685 free_pcp:770 free_cma:0 [ 1911.882793][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.133212][T20071] Node 0 active_anon:1608kB inactive_anon:7188kB active_file:1024kB inactive_file:400kB unevictable:1536kB isolated(anon):76kB isolated(file):0kB mapped:136440kB dirty:36kB writeback:0kB shmem:9596kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10632kB pagetables:3192kB sec_pagetables:0kB all_unreclaimable? no [ 1912.435596][T21368] syz_tun: left allmulticast mode [ 1912.454492][T20071] Node 1 active_anon:4172kB inactive_anon:19540kB active_file:5528kB inactive_file:19936kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:21060kB dirty:156kB writeback:0kB shmem:23604kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:276kB pagetables:696kB sec_pagetables:0kB all_unreclaimable? no [ 1912.624638][T20071] Node 0 DMA free:1036kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:3416kB inactive_anon:4588kB active_file:664kB inactive_file:376kB unevictable:0kB writepending:20kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:88kB local_pcp:12kB free_cma:0kB [ 1912.652806][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.696858][T20071] lowmem_reserve[]: 0 2490 2490 0 0 [ 1912.709025][T20071] Node 0 DMA32 free:42600kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:828kB inactive_anon:272kB active_file:236kB inactive_file:72kB unevictable:1536kB writepending:20kB present:3129332kB managed:2550364kB mlocked:0kB bounce:0kB free_pcp:1564kB local_pcp:600kB free_cma:0kB [ 1912.738571][ C1] vkms_vblank_simulate: vblank timer overrun [ 1912.853969][T20071] lowmem_reserve[]: 0 0 0 0 0 [ 1912.871251][T20071] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048580kB managed:368kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 1912.931667][T21386] 9pnet_fd: Insufficient options for proto=fd [ 1912.967997][T21389] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4047'. [ 1912.994085][T20071] lowmem_reserve[]: 0 0 0 0 0 [ 1913.064574][T20071] Node 1 Normal free:1418324kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:8972kB inactive_anon:11140kB active_file:5528kB inactive_file:19936kB unevictable:1536kB writepending:156kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:11360kB local_pcp:1040kB free_cma:0kB [ 1913.095199][ C1] vkms_vblank_simulate: vblank timer overrun [ 1913.250735][T20071] lowmem_reserve[]: 0 0 0 0 0 [ 1913.267314][T20071] Node 0 DMA: 90*4kB (M) 110*8kB (M) 103*16kB (M) 72*32kB (M) 36*64kB (M) 5*128kB (M) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8392kB [ 1913.327392][T20071] Node 0 DMA32: 78*4kB (UME) 105*8kB (UME) 252*16kB (UME) 164*32kB (UME) 76*64kB (UME) 37*128kB (UME) 17*256kB (UME) 13*512kB (UM) 3*1024kB (M) 4*2048kB (M) 0*4096kB = 42304kB [ 1913.570567][T21400] netlink: 'syz.2.4048': attribute type 1 has an invalid length. [ 1913.612551][T21394] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4049'. [ 1913.702454][T20071] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1913.950950][T21394] netlink: 'syz.4.4049': attribute type 12 has an invalid length. [ 1913.958873][T20071] Node 1 Normal: 90*4kB (UM) 350*8kB (UME) 301*16kB (UME) 125*32kB (UM) 97*64kB (UME) 28*128kB (UME) 5*256kB (UME) 13*512kB (UME) 5*1024kB (UME) 5*2048kB (UME) 340*4096kB (ME) = 1437704kB [ 1913.959083][T20071] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1913.959101][T20071] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1913.959118][T20071] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1913.959134][T20071] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1914.074590][T20071] 10720 total pagecache pages [ 1914.115490][T20071] 383 pages in swap cache [ 1914.124959][T20071] Free swap = 106944kB [ 1914.139297][T20071] Total swap = 124996kB [ 1914.145313][T20071] 2097051 pages RAM [ 1914.153638][T20071] 0 pages HighMem/MovableOnly [ 1914.212525][T20071] 427736 pages reserved [ 1914.227181][T21404] netlink: 'syz.5.4051': attribute type 1 has an invalid length. [ 1914.283807][T20071] 0 pages cma reserved [ 1914.374806][T18135] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 1914.934442][T18135] usb 5-1: Using ep0 maxpacket: 32 [ 1914.948762][T18135] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1914.970016][T18135] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1915.029126][T18135] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1915.098928][T18135] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1915.143607][T18135] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1915.176682][T18135] usb 5-1: config 0 descriptor?? [ 1916.109160][T18135] hid (null): invalid report_size 822751293 [ 1916.141901][T18135] hid (null): usage index exceeded [ 1916.153802][T18135] hid (null): invalid report_size 27745 [ 1916.172017][T18135] hid (null): invalid report_size 29285 [ 1916.185341][T21419] syz_tun: entered allmulticast mode [ 1916.209777][T18135] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.001B/input/input27 [ 1916.252234][T18135] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.001B/input/input28 [ 1916.318161][T21417] syz_tun: left allmulticast mode [ 1916.354989][T18135] kye 0003:0458:5011.001B: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0 [ 1916.434754][T18135] usb 5-1: USB disconnect, device number 28 [ 1917.647318][T21436] overlayfs: failed to clone upperpath [ 1921.000457][T21469] 9pnet_fd: Insufficient options for proto=fd [ 1921.997370][T21477] 9pnet_fd: Insufficient options for proto=fd [ 1924.478557][ T9416] usb 7-1: new full-speed USB device number 28 using dummy_hcd [ 1925.051630][ T9416] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1925.090952][ T9416] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1925.136294][ T9416] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 1925.175679][ T9416] usb 7-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 19 [ 1925.225556][ T9416] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1925.245990][ T9416] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1925.284438][ T9416] usb 7-1: SerialNumber: syz [ 1925.306025][T21497] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1926.288897][ T30] INFO: task syz.8.3673:20074 blocked for more than 145 seconds. [ 1926.300058][ T9416] cdc_acm 7-1:1.0: Control and data interfaces are not separated! [ 1926.324554][ T30] Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1926.332221][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1926.952049][T21512] 9pnet_fd: Insufficient options for proto=fd [ 1927.086208][ T9416] cdc_acm 7-1:1.0: probe with driver cdc_acm failed with error -12 [ 1927.097764][ T30] task:syz.8.3673 state:D stack:25776 pid:20074 tgid:20070 ppid:13391 task_flags:0x400040 flags:0x00004004 [ 1927.109832][ T30] Call Trace: [ 1927.113129][ T30] [ 1927.116318][ T30] __schedule+0x18bc/0x4c40 [ 1927.120846][ T30] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 1927.126985][ T30] ? __pfx___schedule+0x10/0x10 [ 1927.131857][ T30] ? __pfx_lock_release+0x10/0x10 [ 1927.136962][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1927.142873][ T30] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1927.149269][ T30] ? schedule+0x90/0x320 [ 1927.153535][ T30] schedule+0x14b/0x320 [ 1927.157760][ T30] schedule_preempt_disabled+0x13/0x30 [ 1927.163242][ T30] __mutex_lock+0x817/0x1010 [ 1927.235806][ T30] ? __mutex_lock+0x602/0x1010 [ 1927.240650][ T30] ? blk_trace_ioctl+0x1b8/0x830 [ 1927.243068][T21509] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4084'. [ 1927.254399][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1927.265141][ T30] ? blk_trace_ioctl+0xdc/0x830 [ 1927.280269][ T30] blk_trace_ioctl+0x1b8/0x830 [ 1927.285168][ T30] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1927.290224][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1927.314641][ T57] usb 7-1: USB disconnect, device number 28 [ 1927.328912][ T30] ? __pfx_blk_trace_ioctl+0x10/0x10 [ 1927.334263][ T30] ? tomoyo_path_number_perm+0x209/0x770 [ 1927.364399][ T30] ? tomoyo_path_number_perm+0x5dd/0x770 [ 1927.370097][ T30] blkdev_common_ioctl+0xe6c/0x2460 [ 1927.394432][ T30] ? __lock_acquire+0x1397/0x2100 [ 1927.399524][ T30] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 1927.434342][ T30] ? tomoyo_path_number_perm+0x209/0x770 [ 1927.450236][ T30] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1927.464417][ T30] ? __asan_memset+0x23/0x50 [ 1927.469049][ T30] ? smack_file_ioctl+0x2a5/0x3b0 [ 1927.494380][ T30] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1927.510034][ T30] ? file_to_blk_mode+0xcc/0x140 [ 1927.524392][ T30] blkdev_ioctl+0x51d/0x6f0 [ 1927.528951][ T30] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1927.561678][ T30] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1927.584396][ T30] __se_sys_ioctl+0xf5/0x170 [ 1927.589062][ T30] do_syscall_64+0xf3/0x230 [ 1927.593599][ T30] ? clear_bhb_loop+0x35/0x90 [ 1927.624438][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1927.636705][ T30] RIP: 0033:0x7fdb0678d169 [ 1927.664563][ T30] RSP: 002b:00007fdb07643038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1927.673124][ T30] RAX: ffffffffffffffda RBX: 00007fdb069a6080 RCX: 00007fdb0678d169 [ 1927.700177][ T30] RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000003 [ 1927.727367][ T30] RBP: 00007fdb0680e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1927.744437][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1927.764775][ T30] R13: 0000000000000001 R14: 00007fdb069a6080 R15: 00007ffdae969c28 [ 1927.784206][ T30] [ 1927.790800][ T30] [ 1927.790800][ T30] Showing all locks held in the system: [ 1927.814447][ T30] 1 lock held by khungtaskd/30: [ 1927.825045][ T30] #0: ffffffff8eb38fa0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 1927.846621][ T30] 1 lock held by kswapd0/86: [ 1927.858077][ T30] 2 locks held by getty/5580: [ 1927.869556][ T30] #0: ffff88814daba0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1927.891198][ T30] #1: ffffc9000330b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770 [ 1927.919466][ T30] 2 locks held by syz.8.3673/20071: [ 1927.941249][ T30] 1 lock held by syz.8.3673/20074: [ 1927.956629][ T30] #0: ffff888142bfbfa8 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_ioctl+0x1b8/0x830 [ 1927.979240][ T30] 1 lock held by syz.2.4084/21506: [ 1927.998976][ T30] #0: ffff88807c6d2d38 (mapping.invalidate_lock){++++}-{4:4}, at: filemap_fault+0xb5f/0x16c0 [ 1928.026535][ T30] [ 1928.029146][ T30] ============================================= [ 1928.029146][ T30] [ 1928.054486][ T30] NMI backtrace for cpu 1 [ 1928.054505][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1928.054526][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1928.054537][ T30] Call Trace: [ 1928.054544][ T30] [ 1928.054552][ T30] dump_stack_lvl+0x241/0x360 [ 1928.054576][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1928.054594][ T30] ? __pfx__printk+0x10/0x10 [ 1928.054628][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 1928.054653][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1928.054670][ T30] ? _printk+0xd5/0x120 [ 1928.054691][ T30] ? __pfx__printk+0x10/0x10 [ 1928.054713][ T30] ? __wake_up_klogd+0xcc/0x110 [ 1928.054732][ T30] ? __pfx__printk+0x10/0x10 [ 1928.054755][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 1928.054777][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1928.054797][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 1928.054818][ T30] watchdog+0x1058/0x10a0 [ 1928.054840][ T30] ? watchdog+0x1ea/0x10a0 [ 1928.054865][ T30] ? __pfx_watchdog+0x10/0x10 [ 1928.054885][ T30] kthread+0x7a9/0x920 [ 1928.054905][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.054928][ T30] ? __pfx_watchdog+0x10/0x10 [ 1928.054949][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.054968][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.054991][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.055011][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1928.055029][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1928.055048][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.055071][ T30] ret_from_fork+0x4b/0x80 [ 1928.055090][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.055111][ T30] ret_from_fork_asm+0x1a/0x30 [ 1928.055142][ T30] [ 1928.055149][ T30] Sending NMI from CPU 1 to CPUs 0: [ 1928.228739][ C0] NMI backtrace for cpu 0 [ 1928.228753][ C0] CPU: 0 UID: 0 PID: 13573 Comm: kworker/u8:6 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1928.228771][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1928.228782][ C0] Workqueue: bat_events batadv_nc_worker [ 1928.228810][ C0] RIP: 0010:__rcu_read_lock+0x5e/0xb0 [ 1928.228832][ C0] Code: 41 8b 2f ff c5 42 0f b6 04 33 84 c0 75 3e 41 89 2f 42 0f b6 04 33 84 c0 75 49 41 8b 07 3d 00 00 00 40 7d 0b 5b 41 5e 41 5f 5d cc cc cc cc 90 0f 0b 90 eb ef 44 89 f9 80 e1 07 80 c1 03 38 c1 [ 1928.228846][ C0] RSP: 0018:ffffc90003e7fab0 EFLAGS: 00000283 [ 1928.228858][ C0] RAX: 0000000000000001 RBX: ffff888033504a00 RCX: ffff88802412da00 [ 1928.228870][ C0] RDX: 0000000000000000 RSI: ffffffff8c2ab700 RDI: ffffffff8c801b40 [ 1928.228881][ C0] RBP: ffff88805a568688 R08: ffffffff903bc377 R09: 1ffffffff207786e [ 1928.228893][ C0] R10: dffffc0000000000 R11: fffffbfff207786f R12: ffff88805e008d80 [ 1928.228905][ C0] R13: 00000000000000d1 R14: ffff888033504a00 R15: dffffc0000000000 [ 1928.228916][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1928.228929][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1928.228940][ C0] CR2: 000000110c3aa116 CR3: 000000007ccf4000 CR4: 00000000003526f0 [ 1928.228954][ C0] DR0: 0000000000000000 DR1: 00000000ffff000b DR2: 0000000000000000 [ 1928.228973][ C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1928.228983][ C0] Call Trace: [ 1928.228990][ C0] [ 1928.228997][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1928.229014][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1928.229036][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1928.229052][ C0] ? nmi_handle+0x2a/0x5a0 [ 1928.229079][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1928.229097][ C0] ? nmi_handle+0x14f/0x5a0 [ 1928.229117][ C0] ? nmi_handle+0x2a/0x5a0 [ 1928.229139][ C0] ? __rcu_read_lock+0x5e/0xb0 [ 1928.229158][ C0] ? default_do_nmi+0x63/0x160 [ 1928.229179][ C0] ? exc_nmi+0x123/0x1f0 [ 1928.229193][ C0] ? end_repeat_nmi+0xf/0x53 [ 1928.229223][ C0] ? __rcu_read_lock+0x5e/0xb0 [ 1928.229243][ C0] ? __rcu_read_lock+0x5e/0xb0 [ 1928.229262][ C0] ? __rcu_read_lock+0x5e/0xb0 [ 1928.229281][ C0] [ 1928.229287][ C0] [ 1928.229293][ C0] batadv_nc_worker+0xc4/0x610 [ 1928.229315][ C0] ? batadv_nc_worker+0xcb/0x610 [ 1928.229337][ C0] ? process_scheduled_works+0x9c6/0x18e0 [ 1928.229356][ C0] process_scheduled_works+0xabe/0x18e0 [ 1928.229386][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 1928.229408][ C0] ? assign_work+0x364/0x3d0 [ 1928.229427][ C0] worker_thread+0x870/0xd30 [ 1928.229448][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1928.229468][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1928.229489][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1928.229507][ C0] kthread+0x7a9/0x920 [ 1928.229527][ C0] ? __pfx_kthread+0x10/0x10 [ 1928.229548][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1928.229567][ C0] ? __pfx_kthread+0x10/0x10 [ 1928.229586][ C0] ? __pfx_kthread+0x10/0x10 [ 1928.229607][ C0] ? __pfx_kthread+0x10/0x10 [ 1928.229627][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1928.229643][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1928.229662][ C0] ? __pfx_kthread+0x10/0x10 [ 1928.229682][ C0] ret_from_fork+0x4b/0x80 [ 1928.229701][ C0] ? __pfx_kthread+0x10/0x10 [ 1928.229721][ C0] ret_from_fork_asm+0x1a/0x30 [ 1928.229745][ C0] [ 1928.231590][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1928.568935][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0 [ 1928.579424][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 1928.589469][ T30] Call Trace: [ 1928.592737][ T30] [ 1928.595657][ T30] dump_stack_lvl+0x241/0x360 [ 1928.600328][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1928.605513][ T30] ? __pfx__printk+0x10/0x10 [ 1928.610093][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1928.616071][ T30] ? vscnprintf+0x5d/0x90 [ 1928.620390][ T30] panic+0x349/0x880 [ 1928.624278][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1928.630425][ T30] ? __pfx_panic+0x10/0x10 [ 1928.634831][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 1928.640194][ T30] ? __irq_work_queue_local+0x137/0x410 [ 1928.645734][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1928.651097][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1928.657239][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 1928.663381][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 1928.669527][ T30] watchdog+0x1097/0x10a0 [ 1928.673850][ T30] ? watchdog+0x1ea/0x10a0 [ 1928.678261][ T30] ? __pfx_watchdog+0x10/0x10 [ 1928.682937][ T30] kthread+0x7a9/0x920 [ 1928.686999][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.691582][ T30] ? __pfx_watchdog+0x10/0x10 [ 1928.696251][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.700846][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.705454][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.710039][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1928.715232][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1928.720429][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.725021][ T30] ret_from_fork+0x4b/0x80 [ 1928.729441][ T30] ? __pfx_kthread+0x10/0x10 [ 1928.734029][ T30] ret_from_fork_asm+0x1a/0x30 [ 1928.738797][ T30] [ 1928.742195][ T30] Kernel Offset: disabled [ 1928.746528][ T30] Rebooting in 86400 seconds..