last executing test programs: 6m29.86862363s ago: executing program 3 (id=1758): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) r7 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3) ftruncate(r7, 0xffff) fcntl$addseals(r7, 0x409, 0x7) r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x8000}) r9 = fcntl$dupfd(r8, 0x406, r0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r9}) close_range(r1, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r10, 0x29, 0x3, 0x0, 0x0) bind$inet6(r10, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r10, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) 6m28.037435896s ago: executing program 3 (id=1760): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x238781, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc73}) prlimit64(0x0, 0x9, &(0x7f0000000040), 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) 6m27.453583396s ago: executing program 3 (id=1762): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.net/syz0\x00', 0x1ff) r0 = syz_usb_connect(0x6, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f", @ANYRESOCT=0x0], 0x0) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080), 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x3c) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4002, &(0x7f0000000000)=0x1, 0x7, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f0000006680)={0x0, 0x0, &(0x7f0000006640)={&(0x7f00000065c0)={0x50, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000080)=0x3, 0x8, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r6 = syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) r7 = syz_open_dev$amidi(&(0x7f0000000080), 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS32(r7, 0xc0245720, &(0x7f0000000100)={0x1}) syz_usb_disconnect(r0) writev(r6, &(0x7f0000000600)=[{&(0x7f0000000040)="01f1", 0x2}], 0x1) 6m23.971446115s ago: executing program 3 (id=1770): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000040)=@mangle={'mangle\x00', 0x64, 0x6, 0x648, 0x11000000, 0x3d0, 0xd0, 0xd0, 0xd0, 0x578, 0x578, 0x578, 0x578, 0x578, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x3d0}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00', {}, {}, 0x11, 0x0, 0x3, 0x44}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private1, @mcast2}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0, @local}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6a8) 6m23.749268807s ago: executing program 3 (id=1772): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = dup(r0) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000580)={0x4, 0x8003}, 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000006c0)="27050200340f14000600002fb96dbcf7060600", 0x13}], 0x1}, 0x9cdc2384016b48f8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, 0x0, 0x20000000) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x5, 0x0, 0x0, {0x0, 0x0, 0x20, 0xffffffffffffffdd, 0x0, 0x0, 0x1, 0x5f, 0x0, 0xc000, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000480), 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x1e, 0x4, 0x0) connect$tipc(r5, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r5, &(0x7f0000004400), 0x400000000000203, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001a40)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01002abd7000001b00000a00000037291fecd9973bfef65e721f24dadf6aaf835e0af96d7eecfe1b10f34c412ce029c49fc699e02c71bd743343f74fac75a075e4fd6aa75e56a2566b7f0c17e913ae0dac5696a79593497293599e7a6e3701721acb0cc7f04a94b927ceb69ad4d54c906e7f1f2df8e4baf965c36b3f17ecb7b1f3579efc8b63239745593c9c1a911e22af99ca3ce736f7a120fb62add51f6d548b39b5cb1d1af5040051d4e9"], 0x14}, 0x1, 0x0, 0x0, 0x4c051}, 0xc0) 6m21.936767654s ago: executing program 3 (id=1776): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0, {[0x9]}}, 0x0, 0x8, &(0x7f0000000440)) syz_usb_connect(0x0, 0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80000001}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = memfd_create(0x0, 0x0) fallocate(r1, 0x0, 0x400000000000000, 0x2) 6m5.54099402s ago: executing program 32 (id=1776): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f0000000040)}) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0, {[0x9]}}, 0x0, 0x8, &(0x7f0000000440)) syz_usb_connect(0x0, 0x24, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80000001}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = memfd_create(0x0, 0x0) fallocate(r1, 0x0, 0x400000000000000, 0x2) 4m16.899799492s ago: executing program 4 (id=2004): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040), 0xe09) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x8001) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = creat(0x0, 0xd4) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f0000000240)={{@host, 0xfffffff8}, 0x1, 0x2, 0x7}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x11000) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000001780), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='t_0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100008200040000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)=@bridge_getneigh={0x20, 0x1e, 0xb7b6511a36acb75d}, 0x20}}, 0x400000000000000) 4m13.476074909s ago: executing program 4 (id=2013): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000000000000001, 0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x2010, r2, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001300)=[{&(0x7f0000000080)=""/124, 0x7c}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0xa0}, 0x1, 0x7}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, &(0x7f0000000300)=""/4096, 0x0, 0x40}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000180), 0x8) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0xb, &(0x7f00000000c0)=ANY=[@ANYRES16=r4, @ANYRES32=r4], &(0x7f0000000140)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', r6, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='jbd2_handle_stats\x00', r7}, 0x18) r8 = socket$inet_smc(0x2b, 0x1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002340)={&(0x7f0000002380)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c000000030000000f00000000110008010000000100000000000000e054db2836efe91a74f1d30cd81e5fe2b445dd3002b8056994997b1933df8f5a8b2ef9eb30cfb37b470c96a7bdda832832931cd40dacd1c8e803286d062773e06ac5a86fed6aa43fa351e6b6422e65f4b43ac7b0541b16901d8ddad54d324b4f19b2d4a3b65055775d11a4dce86bc41814f08d97620663e1917e3a087476f6845fa5dac1f1450609d33b560177ab7a7deb398244553113424ba84cc6e9264a7da7bb97b22d545d516f37c7c899611604000000000000001b6b3fbecf1696871ee2769b83a55c51cf2aecbccbbcce9e091b9b715832ab760be978c8db00f7571ada69ef8de62c45d162b9f64d5b490c96209c8651b293aee58eaa7225f944c91cdd4c627ddae32f940498511bcd3f3a92e07b6d861fbe39782d63d02e009e8dc44981b9a326165fe3c978254d7cbe52e97603859e12a6848472c1d8f189a079a2018570cee48ef85abec5398842454c9e8ef5d5bc5fa300"/412], &(0x7f0000002540)=""/4096, 0x37, 0x1000, 0x1, 0x6}, 0x28) move_pages(0x0, 0x2, &(0x7f0000000040)=[&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff4000/0xc000)=nil], &(0x7f0000000080), &(0x7f00000000c0), 0x0) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_ringparam={0x33, 0x0, 0x802e2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}}) 4m3.802838352s ago: executing program 4 (id=2032): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) lsm_set_self_attr(0x68, &(0x7f0000000800)=ANY=[@ANYBLOB="68000000000000004b0000000000877e89bfd97aa0729f000020000000000000"], 0x20, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x104) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x7f) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @rand_addr=0x64010100}}, 0x0, 0x4, 0x0, 0x6, 0x5a1, 0x8}, 0x9c) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000440)=[0x7, 0x5, 0x2c, 0x5], &(0x7f0000000240)=[0x2], 0x0, 0x4, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 3m58.944248363s ago: executing program 4 (id=2047): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0x8, 0x0) r2 = fanotify_init(0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r2, 0x71, 0x1038, r3, 0x0) fanotify_mark(r1, 0x1, 0x8000021, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYRES64=0x0, @ANYRESOCT], 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x10) r4 = socket$kcm(0x10, 0x2, 0x10) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r5 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, &(0x7f0000000340)=@assoc_value, &(0x7f0000000400)=0x8) sendmsg$nl_route_sched(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtaction={0x16c, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34}, {0x124, 0x1, [@m_sample={0xac, 0x7, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x8000}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x5, 0x2, 0x7, 0x1, 0x80000000}}]}, {0x5d, 0x6, "1a227c3f9ebf57f17b17ce467a106b09566647225db3d09b53e8993d55ba1a7978ff237c97400fc0a3091f65eef869010ac80f4f62b5ff66b4080335fc24cfb77831c2cb064a7e69b38b9db365a67f650db67766238b20d7a9"}, {0xc, 0x7, {0x0, 0x1}}, {0x4, 0x8, {0x2, 0x3}}}}, @m_simple={0x74, 0x1d, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x0, 0x3, '/+\x00'}, @TCA_DEF_PARMS={0x0, 0x2, {0x10, 0x3, 0x8, 0x9, 0xff}}, @TCA_DEF_PARMS={0x0, 0x2, {0x5, 0x9, 0x20000000, 0xaf, 0x9}}]}, {0x46, 0x6, "06ec7379cb2e6d138820f1c37ba4133038056ae9d8082fe19cc1509408a10cab462cdb68009ebbff725fadb263f8134a65cc1b868de0130030f2af8b0f6416b566cc"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x16c}}, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r8, &(0x7f0000000080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) chdir(&(0x7f0000000080)='./file1\x00') r9 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) ioctl$AUTOFS_IOC_PROTOSUBVER(r9, 0x40049366, 0x0) 3m56.717029135s ago: executing program 4 (id=2049): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0x8, "afacd2119ca94c6b377526aeb5ab2a81fc0e3d99f20900"}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) getrusage(0x0, &(0x7f0000000380)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, 0x0, 0x20000000) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0xf7ffffffffffffff, &(0x7f0000000100), 0xc06620, 0x4) 3m40.450394335s ago: executing program 33 (id=2049): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0x8, "afacd2119ca94c6b377526aeb5ab2a81fc0e3d99f20900"}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) getrusage(0x0, &(0x7f0000000380)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, 0x0, 0x20000000) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0xf7ffffffffffffff, &(0x7f0000000100), 0xc06620, 0x4) 3m10.787053237s ago: executing program 2 (id=2140): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0xc000}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="010029bd7000fcdbdf252100000008000300", @ANYRES32=r1, @ANYBLOB='\x00\x00'], 0x28}, 0x1, 0x0, 0x0, 0x20000494}, 0x40000) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000000)={0x4, [0x0, 0x0, 0x0, 0x0]}) r6 = socket(0x10, 0x803, 0x0) recvmmsg(r6, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 3m9.619959167s ago: executing program 2 (id=2142): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x28080) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000001c0)={&(0x7f0000000000)=[0x0], 0x1, 0xfffffff4}) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) (async) ioctl$KVM_GET_XCRS(r1, 0x8188aea6, 0x0) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, 0x0, 0x0) (async) setsockopt$inet_int(r2, 0x0, 0x13, &(0x7f0000000000)=0x361, 0x4) 3m8.44048778s ago: executing program 2 (id=2146): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc008561c, 0x0) socket$inet6(0xa, 0x1, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010103}]}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r4, 0x1}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000480)={r4, @in={{0x2, 0x4e22, @multicast2}}}, &(0x7f0000000140)=0x84) bpf$MAP_CREATE(0x0, 0x0, 0x48) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x240008c1) memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) 3m6.761861052s ago: executing program 2 (id=2147): getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x0, 0x1, 0x0, 0x4}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100)) gettid() (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) 3m5.701228706s ago: executing program 2 (id=2150): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x28a002, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f00000001c0)='./file1\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sendmsg(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket(0x10, 0x3, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x4}}, 0x2, 0x0, 0x0, 0xfffffffc}}, 0x2e) close(r4) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000540)={{{@in, @in6=@initdev={0xfe, 0x88, '\x00', 0xfd, 0x0}, 0x3, 0x0, 0x0, 0x0, 0xa, 0xa0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x800}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast2, 0x0, 0x33}, 0x0, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}, 0xe8) socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x3, 0xfffffffd, 0x3, {0xa, 0x4e24, 0x3, @loopback, 0x3}}}, 0x3a) ioctl$PPPIOCGL2TPSTATS(r1, 0x80487436, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000001ec0), 0xffffffffffffffff) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000180)='mqueue\x00', 0x0, 0x0) 3m4.181244026s ago: executing program 2 (id=2153): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) read(r0, &(0x7f0000000300)=""/239, 0xef) close(r0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0xffffffff, 0xfffffffe, 0x1c0, 0xfffffffe, 0x328, 0xffffffff, 0xffffffff, 0x328, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0xa1, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x100000, 0x4, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@loopback, @remote, [], [], 'veth1_to_batadv\x00', 'wg2\x00'}, 0x0, 0x100, 0x168, 0x0, {}, [@common=@unspec=@connmark={{0x30}, {0xffff7fff, 0x7, 0x1}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1, 0x9, 0x0, 0x800000, 'snmp_trap\x00', 'syz1\x00', {0x3}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000280)=0x3, 0x200000, 0x4) 2m47.95694744s ago: executing program 34 (id=2153): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) read(r0, &(0x7f0000000300)=""/239, 0xef) close(r0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3f8, 0x1c0, 0xffffffff, 0xfffffffe, 0x1c0, 0xfffffffe, 0x328, 0xffffffff, 0xffffffff, 0x328, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0xa1, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x100000, 0x4, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@loopback, @remote, [], [], 'veth1_to_batadv\x00', 'wg2\x00'}, 0x0, 0x100, 0x168, 0x0, {}, [@common=@unspec=@connmark={{0x30}, {0xffff7fff, 0x7, 0x1}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1, 0x9, 0x0, 0x800000, 'snmp_trap\x00', 'syz1\x00', {0x3}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, &(0x7f0000000280)=0x3, 0x200000, 0x4) 21.434853315s ago: executing program 6 (id=2553): openat$nullb(0xffffffffffffff9c, 0x0, 0xa4242, 0x0) socket$kcm(0x29, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000100), 0x10) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0xfe, 0x0, 0xff, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}, {0x4003, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) prlimit64(0xffffffffffffffff, 0xa5ee24c79baf42bc, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019480)=""/102400, 0x19000) ptrace$ARCH_SHSTK_UNLOCK(0x1e, 0xffffffffffffffff, 0x2, 0x5004) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 00000000000000003\x00'], 0x2a, 0x0) add_key(&(0x7f00000000c0)='ceph\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000100), 0x4) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) mmap$KVM_VCPU(&(0x7f0000ffc000/0x1000)=nil, 0x0, 0x100000a, 0x30, 0xffffffffffffffff, 0x0) prctl$PR_GET_TSC(0x19, &(0x7f00000001c0)) sched_setscheduler(0x0, 0x0, &(0x7f0000000180)=0x1) add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) 15.158889009s ago: executing program 6 (id=2574): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x81, "008430168ff09987c99700"}) r1 = syz_open_pts(r0, 0xa001) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x15) write$UHID_INPUT(r2, &(0x7f00000001c0)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c) 14.920422975s ago: executing program 5 (id=2576): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0xb) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x1e1000, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) read$FUSE(0xffffffffffffffff, &(0x7f0000002340)={0x2020}, 0x2020) writev(r3, &(0x7f0000000080)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}, {&(0x7f0000000880)="302bdab830435e20876ef5c22f3c4fd5942cf3974f4c8fc0398eb0b08d44cf78a2c432d2e9a38c8ac514e9632f9340c3961524af58319e3efbbc61e39e257a692b3b5ab2c66d7d000c4b5b9e26da8f4db182d76bbb521b46843bda5b7e818b54a39a05f6ce0537b0d3a0338ee82d45e1f0c383a38be80cb5b7bfda6ecb1da62e9e316a6a7714b858dd3f7d6648fd2e5d1b16975a4ecac97af93985190adb839bc56d5478"}, {&(0x7f0000000940)="d270e3432058ea68ae09ec4574835c0ef30ac35b10416c3dd6e3d53c8670c702b092d88b41807a7e84ec34005a775bba570c4138468302639f3e089bd74fc3842b2706f7f87204ce69bf9f6b08d83d810d033d9c8418a88f24a6dcda3b15d954a7ae9d995ceda32ce88c78931b1107baadc450bb5b4df39efca48c658319268ef349c10c7d79f4b57f"}], 0x2f) pselect6(0x40, &(0x7f0000000240)={0x5, 0xfffffffffffefffe, 0x3, 0x8, 0x33e1, 0xa, 0xfffffffffffffffc, 0x3}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x3, 0x7, 0x4, 0x2, 0x466, 0x3}, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x2200892, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180)) write$dsp(r1, &(0x7f00000001c0)="5cba", 0x2) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0) read$nci(r4, &(0x7f0000000100)=""/107, 0x6b) write$nci(r4, &(0x7f0000000100)=ANY=[], 0x4) write$proc_mixer(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="50434d20274361707475726520566f6c756d65272030303030303030303030303030303004303030300a4449e848674058d7764fa4474954414c310a406235c9dd7a836422326f610953e4be1c93cef51a2bd9a6d5fd905a64792b2e5ce0102cb1f93423130dcd0d1e01119b546b1a293f0e71f681070ea68cb7b649b796a3f1ec2a7db9086cd44eeee3b6c31d8943749d995b"], 0x33) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x8) bind$inet6(r0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010000000000000000008900000008000300", @ANYRES32=r6, @ANYBLOB="31c9b390b1aeeee162f834c6ddc317118917cba6a0b2ed205bcfc09f0f122509a0e4b4a228d0d848991edae2b6c7ebbd6b04d5c1252ee1c8c8390d058f9019793e9d89f4eae58be559e87228005ff761f4f5f5f70a036fa29eeea2377f3606f455a386ac6e45f8a8d7fb09b1470c5640ea68ddcbca388e95a4fd15ed6c938feb74f2ec5d770a47801536fb7e49fd5001b2d862620770b7377b39c2c52daf11e135cebc75859b4e40aeba6d2af4b1583dfee662da79bbfa1400452dee9c8aab8390188733e42b71c21060299f910070775125d86fe1c8a963e09ac971552e5e6013249a6d"], 0x1c}}, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xe) ioctl$FIONREAD(r7, 0x80047437, &(0x7f0000002300)) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f00000003c0)=ANY=[@ANYRES32=r5, @ANYRESDEC=r2, @ANYRESHEX=r2, @ANYBLOB="36b84186a0cac5c4709ce705e32c17", @ANYRES32=r7, @ANYRESDEC, @ANYRES16=r6], 0x8) setsockopt$inet6_int(r0, 0x29, 0x3a, 0x0, 0x0) 14.753938359s ago: executing program 6 (id=2577): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x80b02, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000080)={0x359, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c"}) r4 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x800, 0x1, 0x3}, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x133d, 0x0, 0x8, 0x0, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0x3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x180, 0x0) fcntl$lock(r7, 0x5, &(0x7f00000031c0)={0x1, 0x1, 0x0, 0x4}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000c00)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a2988206d2d17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e2838ffff5722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14.401491959s ago: executing program 5 (id=2580): socket$xdp(0x2c, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) socket$unix(0x1, 0x1, 0x0) r1 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000140)=ANY=[], 0x18) sendto$l2tp6(r1, 0x0, 0x0, 0x20000890, &(0x7f00000002c0)={0xa, 0x0, 0x7, @private2, 0x6, 0x1}, 0x20) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) munmap(&(0x7f0000002000/0x800000)=nil, 0x800000) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0x4) ioctl$VHOST_SET_VRING_BASE(r2, 0x4008af12, &(0x7f0000000300)={0x0, 0x7f}) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000380)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000600)=""/52, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000900)={0x8, 0x0, [{0x0, 0x6f, &(0x7f00000001c0)=""/111}, {0x2000, 0x90, &(0x7f0000000a40)=""/144}, {0x0, 0xe, &(0x7f0000000080)=""/14}, {0x10000, 0xdd, &(0x7f00000006c0)=""/221}, {0xffff2001, 0xa4, &(0x7f00000007c0)=""/164}, {0xdddd0000, 0x54, &(0x7f0000000880)=""/84}, {0x10000, 0x12, &(0x7f0000000340)=""/18}, {0xdddd1000, 0xffc, &(0x7f0000001600)=""/4092}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) 11.192474381s ago: executing program 6 (id=2583): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$tipc(0x1e, 0x2, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0x4051000000000000}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 11.091716857s ago: executing program 5 (id=2584): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x200000d4) socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f0000000080)={0x6, 'macvtap0\x00', {0x4}, 0xe}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x2}, 0x94) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x8000) bind$alg(r2, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d4", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmmsg$alg(r3, 0x0, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r4) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010004000000fcdbdf252100000008000300", @ANYRES32=r7, @ANYBLOB="08007d802400020006"], 0x2c}, 0x1, 0x0, 0x0, 0x889c}, 0x4004000) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) sendmsg$IPVS_CMD_ZERO(r8, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$batadv(0x0, r3) syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) 8.970245533s ago: executing program 0 (id=2586): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='cachefiles_ondemand_read\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffff9}, 0x18) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e0f30fa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000020601020000000000000000000000000900020073790500050001000000050004000000000011000300686173683a69"], 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x8800) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4008840) ioctl$KVM_RUN(r3, 0xae80, 0x0) 8.913173114s ago: executing program 7 (id=2587): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x191) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x1, 0x0) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x18) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) unlinkat(0xffffffffffffffff, 0x0, 0x200) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) getdents(r6, 0x0, 0x58) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="d800"], 0x0, 0x0, 0x0}) getdents64(r1, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) 8.597004633s ago: executing program 6 (id=2588): madvise(&(0x7f0000d82000/0x2000)=nil, 0x2000, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x11, 0x8, &(0x7f0000001c40)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x2200c840) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e0000000400000008000000"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='contention_end\x00', r5, 0xe4}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xe, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1804"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r6) r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r7, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r6, 0x4010744d, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xd, 0x8, &(0x7f0000000180)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x90}}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001200), 0x414200, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) open_tree(r8, &(0x7f0000001240)='./file0\x00', 0x80800) 7.611288696s ago: executing program 7 (id=2589): io_uring_setup(0x2081, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = dup(r1) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) r3 = dup(r2) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000002080)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x26, 0x0, 0x1b}, 0x9c) write$FUSE_NOTIFY_RESEND(r3, &(0x7f0000000000)={0x14}, 0x14) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0xc, 0x4, 0x0, 0x0, 0x40, 0x67, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@cipso={0x86, 0x19, 0x3, [{0x1, 0xd, "ecbb63cf7869d31acee81b"}, {0x1, 0x6, "4740c22c"}]}]}}, {0x1, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x0, @val=0x80}}}}}}}, 0x0) 7.34293111s ago: executing program 7 (id=2591): r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000005c0)={0x0, 0xc00000, 0x3, {0x9, @vbi={0x2, 0x2, 0x34565348, 0x494e4f4b, [0x9cb3, 0x2], [0x1, 0xad2], 0x13a}}, 0x9}) 7.232654089s ago: executing program 5 (id=2592): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x60041) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x200, 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x8, 0x0, 0x0, 0x4, 0x1, 0xbd, 0x7f, 0xa9, 0x8, 0x0, 0x0, 0x40000000}, {0x448, 0x6, 0xfc, 0x10, 0x41, 0x2, 0x0, 0xd, 0x7, 0x2, 0x0, 0x2, 0x7ff}, {0x1003fe, 0x9, 0x0, 0xfd, 0x20, 0x3, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0xb82e}], 0x9}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3000000) 6.285383508s ago: executing program 1 (id=2593): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) (async) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@redirect_dir_on}, {@redirect_dir_off}]}) 6.277678731s ago: executing program 0 (id=2594): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc, 0x1003, &(0x7f0000006680)) setresuid(0x0, 0x0, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200), 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9c000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f80ff00"/88, 0x58}], 0x1) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) r3 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0xa8, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r4, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x78, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x0, 0x3], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x7ff}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x80000000}]}]}]}}]}, 0xa8}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x44, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0}, 0x50) 5.935404013s ago: executing program 7 (id=2595): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000) mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000340)='./cgroup\x00', &(0x7f0000000300)='squashfs\x00', 0x1a0c000, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', &(0x7f00000002c0)={{0x0, 0x3fffffff}}, 0x0) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x0, 0x7}}, 0x30) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r6 = dup3(r4, r5, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x30, 0x2, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x1d}, @CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x40}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x1}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x10) read(r6, 0x0, 0x30) newfstatat(0xffffffffffffff9c, &(0x7f0000000680)='./file0\x00', 0x0, 0x0) 5.40555403s ago: executing program 1 (id=2596): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000007c0)={'bond_slave_1\x00', 0x0}) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000140)=0x8, 0x4) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0xd}, 0x1c) sendto$packet(r3, &(0x7f0000000340)="05030006e8fe091c6202a0ffffffff006003000000007f141434e3177f43055762cb80948864113b022543424aa608", 0xfef2, 0x0, &(0x7f0000000a80)={0x11, 0x88a8, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000011000100000000000000000007000000", @ANYRES32=r1, @ANYBLOB="60a40200080000001c001a8018000580140005800800020000000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x0) 5.04184187s ago: executing program 1 (id=2597): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x18) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {r5, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty=0x700}, @in={0x2, 0x0, @empty}}}, 0x118) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000480), r5, 0x2}}, 0x18) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc8f}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x20004000) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'bond_slave_1\x00'}) socket$inet6_tcp(0xa, 0x1, 0x0) 4.811761453s ago: executing program 5 (id=2598): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, &(0x7f0000000080)=0x80000000) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x0, &(0x7f0000000000)=0x100000001, 0x3) (async) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async) r2 = socket(0x10, 0x800, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0x0, 0x0, 0x7}, 0x10) (async) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c"], 0x20}}, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) (async) r4 = socket$packet(0x11, 0x3, 0x300) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) (async) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8) (async) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x1a1040, 0x0) ioctl$AUTOFS_IOC_FAIL(r6, 0x4c80, 0x7000000) (async) pwritev2(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) copy_file_range(0xffffffffffffffff, &(0x7f0000000000)=0x3ff, 0xffffffffffffffff, 0x0, 0x6, 0x0) r7 = syz_open_dev$usbfs(&(0x7f0000000180), 0x203, 0x2581) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000140)={0x80, 0x0, 0x0, 0x0, 0x4}, 0x8, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000002, 0x40010, r6, 0xddc66000) (async) ioctl$USBDEVFS_REAPURBNDELAY(r7, 0x4008550d, 0x0) (async) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x7c}}, 0x0) (async) poll(&(0x7f00000002c0)=[{r4}, {0xffffffffffffffff, 0x2118}, {0xffffffffffffffff, 0x2420}, {r4, 0x200}, {}, {r3, 0xe605}], 0x6, 0x0) (async) socket$tipc(0x1e, 0x5, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 4.633270322s ago: executing program 0 (id=2599): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x191) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x1, 0x0) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x18) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) chdir(&(0x7f0000000340)='./file0\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) unlinkat(0xffffffffffffffff, 0x0, 0x200) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0) getdents(r6, 0x0, 0x58) syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="d800"], 0x0, 0x0, 0x0}) getdents64(r1, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) 3.721321969s ago: executing program 1 (id=2600): openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@mcast2, 0x4e22, 0x800, 0x4e24, 0x3, 0x0, 0x10, 0xa0, 0x88, 0x0, 0xffffffffffffffff}, {0xe2c, 0x0, 0x6, 0x1a3, 0x3e, 0x5, 0x8, 0xf0}, {0x200, 0x3, 0x400, 0x6}, 0x2, 0x6e6bb4, 0x2, 0x0, 0x0, 0x2}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4d3, 0x6c}, 0xa, @in=@local, 0x3504, 0x2, 0x1, 0x10, 0xfffffff9, 0x2a, 0x1ea}}, 0xe8) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x5631, &(0x7f0000000240)={0x0, 0x4, 0x40, 0x0, 0xd9}, &(0x7f00000000c0), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@alu={0x0, 0x0, 0x2}]}, &(0x7f00000000c0)='GPL\x00', 0x7, 0x87, &(0x7f0000000240)=""/135, 0x0, 0x0, '\x00', 0x0, 0x1f00}, 0x94) syz_open_dev$usbmon(0x0, 0x9, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000480)={&(0x7f0000000880)=ANY=[@ANYBLOB="347caae4a124d06e7c5d9e37f5f390626dce74f818000000882e5808cea6ecfe573c59d2a12242f75d02cbb42b10b440ad3551e1db52c8d6706e67268b9c1646b1709f9545a3fd185afa946e417b0019d29ffde0af1f701182b8589405cbc4ab5b7b6730fb4471cb3dddff5ac378273723fceeace089e374500143f8eea9077678cc5f8d0f5d44c4d40114095dd1b8b32942288d28f38be8db7d9042cb1621e0f9b00a5c3356ba7ddb3cda9c9d1932e9db47649abce7a4e7513841188c090801d798d0137b799e72edf107bef45993a24bb3c5e519363a24d4093e11ef09042d77ab2321e73ac5665aabde0303", @ANYRES16=r4, @ANYBLOB="000829bd7000fedbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000010}, 0x4) ioctl$RTC_WIE_OFF(r2, 0x7010) r5 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) setuid(0xee01) ioctl$RNDADDENTROPY(r5, 0x40045201, 0x0) r6 = openat$smackfs_ipv6host(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$smackfs_ipv6host(r6, &(0x7f0000000080)=ANY=[@ANYBLOB='0x0000000000000a00:0x0000000000000007:0x0000000000000008:0x8000000000000e48:0x0000000000000001:0x0000000000001400:0x00000000000000c2:0x000000000000000f/00000000000000000064 %'], 0xb4) 3.047327915s ago: executing program 7 (id=2601): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc008561c, 0x0) socket$inet6(0xa, 0x1, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010103}]}, &(0x7f0000000380)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r4, 0x1}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000480)={r4, @in={{0x2, 0x4e22, @multicast2}}}, &(0x7f0000000140)=0x84) bpf$MAP_CREATE(0x0, 0x0, 0x48) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x240008c1) memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) prlimit64(0x0, 0xe, 0x0, 0x0) 2.638289317s ago: executing program 0 (id=2602): socket$kcm(0x10, 0x2, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000002400)=ANY=[]) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x53564d41, 0x0, 0x0, 0x81010000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000008, 0x12, r0, 0xbce80000) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x85c, 0x1f5100) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x3) ioctl$TIOCVHANGUP(r3, 0x5437, 0x2) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000080), &(0x7f00000000c0), 0x2, 0x1) accept4(r4, 0x0, &(0x7f0000000180), 0x0) ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0x40103d0b, &(0x7f0000000140)={0x0, 0x2}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x14, r6, 0x309, 0x0, 0x25dfdbfe, {0x2a}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) connect$llc(r4, &(0x7f0000000340)={0x1a, 0x322, 0x0, 0x0, 0x4, 0x90, @random="48bd00"}, 0x10) 2.53278252s ago: executing program 1 (id=2603): ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x6b0, 0xd0, 0x438, 0xd0, 0x0, 0x300, 0x5e0, 0x5e0, 0x5e0, 0x5e0, 0x5e0, 0x6, 0x0, {[{{@ipv6={@private0, @private1, [], [], 'veth1\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x3a010000}}, @HL={0x28}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0xfe}, @loopback, [], [], 'tunl0\x00', 'bridge_slave_1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x438}}, {{@ipv6={@private0, @remote, [], [], 'veth0_to_team\x00', 'tunl0\x00'}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private1, @mcast2}}]}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x110, 0x138, 0x0, {}, [@common=@unspec=@physdev={{0x68}, {'tunl0\x00', {}, 'bond_slave_0\x00', {}, 0xe}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@loopback, @private2, [], [], 'syzkaller1\x00', 'veth0_to_batadv\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @dev, @private0, @local}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'vlan0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x710) bind$tipc(r0, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000000)) fcntl$lock(r3, 0x25, &(0x7f00000000c0)={0x2, 0x1, 0x7fff, 0x2e}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r2, &(0x7f0000000240)=[{&(0x7f00000003c0)="2e9b5b0007e03dd65193dfb6c575963f86dd606712e900320400000000000000eaebfd2607ee", 0x26}, {&(0x7f0000000100)="b700"/12, 0xc}, {&(0x7f0000000400)="17a8a6c41e58e8b6cdb8040db329c064116e4c4cbb04627dfddbd514be6688ff107d556abe7941dc136139284b332a23b7c35dcb", 0x34}, {&(0x7f0000000280)="3de496b26cb156", 0x7}], 0x4) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000001c0)="6a8fedfb04f9c6028ad5822f912e4c92b3d48ccd8f4eb4fbd84d6d5bbbaf07be3efd9aabc14dccc06f5918ff5b745b2f5777dfcfab9ee4c8c99f3126488089506cc46ec593e2589c1d5d70e10133435a42c7b522a40e85f81291b4878d254b997732296ce4e4271c37514c7091", 0x6d) dup2(r3, r1) 1.531128302s ago: executing program 0 (id=2604): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='cachefiles_ondemand_read\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffff9}, 0x18) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e0f30fa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c000000020601020000000000000000000000000900020073790500050001000000050004000000000011000300686173683a69"], 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x8800) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4008840) ioctl$KVM_RUN(r3, 0xae80, 0x0) 486.82793ms ago: executing program 7 (id=2605): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000093c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x76016, 0x3, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x400}}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x5393, 0x0) r5 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="e00000001000010025bd7000ffdbdf25647262675f6e6f70725f6374725f61657331393200"/54], 0xe0}, 0x1, 0x0, 0x0, 0x60000801}, 0x10) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) ioctl$VIDIOC_STREAMOFF(r6, 0x40806685, 0x0) 284.613958ms ago: executing program 1 (id=2606): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x3}, &(0x7f00000003c0)='X', 0x1, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000040), &(0x7f00000005c0)={'syz', 0x3}, &(0x7f0000000100)="fa616c40ff4ddd33bd3789833627ff3072090000008448dbcaa700f5a454bf1c65799b06658cfc5da9d41b657ea6ea4bc7a0adee38ace60687786f00080001932aca126a5c3187afe80000435c91ec497cd94baad26f5b79222ea45be949be810397dcd3184bdff1e3ef3b845171bb59b616d013e130f244077186b7d49e30dd5ff6debdbe19c83ffe1cb89ab7d6ef2557ed45fe57ed80840261070686100062e0529584ebf946ecfe6cd544dc67bdfbb0ecf892403ef070b69be62c53a3be1a1a8b2e7511406785b6a3ffa00da43cf949d8678407f04163364ff84cc436f4f9a5", 0xe1, 0xfffffffffffffffd) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) pipe2(&(0x7f00000000c0)={0x0, 0x0}, 0x80080) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) setresuid(0x0, 0x0, 0xffffffffffffffff) ioctl$PIO_UNIMAP(r6, 0x4b52, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80000, 0x0, 0xffffffffffffffff}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="64000000020605000a0000000000000000000000100003006269746d61703a706f72740005000400000000000900020073797a3000000000050005000000000005000100060000001c00078006000400000000000600054000000000080008"], 0x64}}, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r8, 0xc06864a2, &(0x7f0000000300)={0x0, 0x0, r7, 0x0, 0xdc, 0x7, 0x3, 0xfffffffe, {0x8, 0xfff, 0x9, 0x2, 0x7, 0x40, 0x4, 0x9, 0x5, 0x8c, 0x8, 0x5, 0x4ff8e4e9, 0xa2, "79f817c7fc24d0351eaccfbd5df195369c3c9a6fc046151d46edbd8e6eb06b25"}}) pipe(&(0x7f0000000080)={0xffffffffffffffff}) splice(r9, 0x0, r4, 0x0, 0x6, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f0000000080)={0x1, 0xf}) getrandom(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'veth0_vlan\x00'}) setsockopt$inet6_tcp_int(r3, 0x6, 0x17, &(0x7f0000000440)=0x8, 0x4) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) keyctl$dh_compute(0x17, &(0x7f0000000240)={r0, r1, r1}, &(0x7f0000000300)=""/114, 0x72, &(0x7f0000000400)={&(0x7f0000000280)={'sha3-256\x00'}}) 127.2195ms ago: executing program 5 (id=2607): r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201410dafb4f2102505a0a4f12b010203010902240001fe00c0000904eb02027f9c1f00090506022000020002090582020002080107"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) r1 = fsopen(0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r3, 0x401c5504, &(0x7f0000000340)={0x400000100002f, {0x0, 0x0, 0x6300}}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000100)=ANY=[@ANYBLOB="df012949e86f2daa21923abea726164679ef58ae46a472a3a239b4847095140d3cfcbb32986f81b9a3f899a7e8472301ae8fa03ebcb3f7358c17ddd742dbffcddc407ead440ba42315e56e42e19e711671c7e317a18796607c1a4b70cd42e6e63377a461b1fcec0373e578f112b5a11c95395dc63d8265fdb3d92aac5c961076ae95e50c0e074e5007a3096d5e7c6f24a5af097ef99337592faf1d2cd3f3f74bbf49e226b09679985de4bc8d545d7e540fdb347574782a7ac121f63c61e26e303965ecfe93574ebe0cfb7b3fed6a84700be83abac08c7fff786aeaebf395f67168f000eda5dd2fda87d9dc7fae7629768f1975fd75c5bc3a2698f10cde5ac85cda7397412d54992bfc637cb359073ae77320b6699286d8bce3fe8ffdb32da87c8e7faf971353eafc69df0ec74f7b9353f98985bbfb5273d673c6631d619f4b590b0e93d4cb1ed0a44c8bf479f6b05501dc4fae1afe077ad7", @ANYRES32=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002000a00000004000100080004"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) 125.206417ms ago: executing program 0 (id=2608): sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x60041) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffe, 0x200, 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0xa, 0x4, &(0x7f00000000c0)=@framed={{0x66, 0xa, 0x0, 0x0, 0x9, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0xc9}]}, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r3, 0x80044dff, &(0x7f0000000080)) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f00000000c0)={[{0x10, 0x8, 0x0, 0x0, 0x65, 0x1, 0xbd, 0x7c, 0xa9, 0x8, 0x0, 0x0, 0x40000000}, {0x448, 0x6, 0xfc, 0x10, 0x41, 0x2, 0x0, 0xd, 0x7, 0x2, 0x0, 0x2, 0x7ff}, {0x1003fe, 0x9, 0x0, 0xfb, 0x20, 0x3, 0xb3, 0x0, 0x3, 0xfe, 0x80, 0xf6, 0xb82e}], 0x9}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r6, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x10001, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70cc, 0x4, 0x6], 0x8080000, 0xe340}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f0000000200)) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x0, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f0000000280)={0x0, 0x0}) ptrace$ARCH_MAP_VDSO_64(0x1e, r7, 0x7fffffff, 0x2003) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 6 (id=2609): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x2a, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x60000000, 0x8, 0x0, 0x0, 0x0, 0x4}, 0x50) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000) syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000480)=@broute={'broute\x00', 0x5e04, 0x0, 0x90, [0x0, 0x0, 0x200000000140], 0x2, 0x0, &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000241000050000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001400000003008000240000000030800014000000012080003"], 0x122}}, 0x0) kernel console output (not intermixed with test programs): d_slave_1): Enslaving as an active interface with an up link [ 1079.299158][T13815] team0: Port device team_slave_0 added [ 1079.454095][T13815] team0: Port device team_slave_1 added [ 1079.721576][T13815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1079.748419][T13815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1079.783576][T13815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1079.811128][T13815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1079.830534][T13815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1079.899411][T13815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1080.010783][T13965] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2100'. [ 1080.020974][T13965] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2100'. [ 1080.357746][ T51] Bluetooth: hci3: command tx timeout [ 1080.361912][T13906] chnl_net:caif_netlink_parms(): no params data found [ 1081.147955][ T9803] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1081.227192][T13815] hsr_slave_0: entered promiscuous mode [ 1081.244363][T13815] hsr_slave_1: entered promiscuous mode [ 1081.436649][T13815] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1081.450819][T13815] Cannot create hsr debugfs directory [ 1082.431502][ T9803] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1082.624708][ T51] Bluetooth: hci3: command tx timeout [ 1083.876376][ T9803] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.003794][T13998] FAULT_INJECTION: forcing a failure. [ 1084.003794][T13998] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1084.017589][T13998] CPU: 0 UID: 0 PID: 13998 Comm: syz.5.2109 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1084.017617][T13998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1084.017629][T13998] Call Trace: [ 1084.017638][T13998] [ 1084.017646][T13998] dump_stack_lvl+0x189/0x250 [ 1084.017675][T13998] ? __pfx____ratelimit+0x10/0x10 [ 1084.017699][T13998] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1084.017722][T13998] ? __pfx__printk+0x10/0x10 [ 1084.017753][T13998] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1084.017784][T13998] should_fail_ex+0x414/0x560 [ 1084.017813][T13998] strncpy_from_user+0x36/0x290 [ 1084.017847][T13998] __se_sys_add_key+0xcc/0x400 [ 1084.017881][T13998] ? __pfx___se_sys_add_key+0x10/0x10 [ 1084.017912][T13998] ? do_syscall_64+0xbe/0x3b0 [ 1084.017933][T13998] ? __x64_sys_add_key+0x20/0xc0 [ 1084.017957][T13998] do_syscall_64+0xfa/0x3b0 [ 1084.017981][T13998] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1084.018001][T13998] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1084.018021][T13998] ? clear_bhb_loop+0x60/0xb0 [ 1084.018046][T13998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1084.018065][T13998] RIP: 0033:0x7f9f68d8ebe9 [ 1084.018085][T13998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1084.018104][T13998] RSP: 002b:00007f9f69c8d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 1084.018126][T13998] RAX: ffffffffffffffda RBX: 00007f9f68fb6090 RCX: 00007f9f68d8ebe9 [ 1084.018142][T13998] RDX: 0000200000000100 RSI: 0000200000000180 RDI: 0000200000000140 [ 1084.018156][T13998] RBP: 00007f9f69c8d090 R08: fffffffffffffffe R09: 0000000000000000 [ 1084.018170][T13998] R10: 00000000000000ca R11: 0000000000000246 R12: 0000000000000001 [ 1084.018183][T13998] R13: 00007f9f68fb6128 R14: 00007f9f68fb6090 R15: 00007fff91a50778 [ 1084.018214][T13998] [ 1084.634433][T13906] bridge0: port 1(bridge_slave_0) entered blocking state [ 1084.668920][T13906] bridge0: port 1(bridge_slave_0) entered disabled state [ 1084.704133][T13906] bridge_slave_0: entered allmulticast mode [ 1084.727940][T13906] bridge_slave_0: entered promiscuous mode [ 1084.798609][ T9803] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1084.845497][T13906] bridge0: port 2(bridge_slave_1) entered blocking state [ 1084.854507][T13906] bridge0: port 2(bridge_slave_1) entered disabled state [ 1084.864287][T13906] bridge_slave_1: entered allmulticast mode [ 1084.872700][T13906] bridge_slave_1: entered promiscuous mode [ 1084.878644][T14005] netlink: 'syz.0.2112': attribute type 1 has an invalid length. [ 1084.905139][T14005] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2112'. [ 1084.919297][T14005] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2112'. [ 1084.991540][T13906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1085.013366][T13906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1085.096350][ T5963] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1085.823019][ T5963] usb 6-1: Using ep0 maxpacket: 8 [ 1086.099985][ T5963] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1086.109449][ T5963] usb 6-1: config 4 interface 0 has no altsetting 0 [ 1086.123775][ T5963] usb 6-1: string descriptor 0 read error: -22 [ 1086.130188][ T5963] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 1086.194189][ T5963] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 1086.409616][ T5963] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 1086.545610][ T5963] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1086.551246][T13906] team0: Port device team_slave_0 added [ 1086.742021][ T5963] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 1086.753536][ T5963] usb 6-1: media controller created [ 1086.796938][T13906] team0: Port device team_slave_1 added [ 1086.797269][ T30] audit: type=1400 audit(1755095067.104:905): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=14014 comm="syz.0.2115" src=1 dest=20000 netif=wpan0 [ 1086.906289][ T5963] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1087.083301][T13906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1087.090328][T13906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1087.666526][T13906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1087.763961][T13906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1087.792704][T13906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1087.877429][ T5963] zl10353_read_register: readreg error (reg=127, ret==0) [ 1087.941883][T13906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1088.297410][ T9803] bridge_slave_1: left allmulticast mode [ 1088.413260][ T9803] bridge_slave_1: left promiscuous mode [ 1088.498172][ T9803] bridge0: port 2(bridge_slave_1) entered disabled state [ 1088.803448][ T5963] usb 6-1: USB disconnect, device number 3 [ 1088.901704][ T9803] bridge_slave_0: left allmulticast mode [ 1088.907441][ T9803] bridge_slave_0: left promiscuous mode [ 1089.070981][ T9803] bridge0: port 1(bridge_slave_0) entered disabled state [ 1090.077884][T14038] sctp: [Deprecated]: syz.2.2122 (pid 14038) Use of int in max_burst socket option deprecated. [ 1090.077884][T14038] Use struct sctp_assoc_value instead [ 1091.170518][T14049] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2125'. [ 1091.432580][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1091.443104][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1092.494722][T14066] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2128'. [ 1093.393675][ T9803] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1093.409262][ T9803] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1093.425126][ T9803] bond0 (unregistering): Released all slaves [ 1093.596915][ T9803] bond1 (unregistering): Released all slaves [ 1093.617846][ T9803] bond2 (unregistering): Released all slaves [ 1093.791406][T13906] hsr_slave_0: entered promiscuous mode [ 1093.799670][T13906] hsr_slave_1: entered promiscuous mode [ 1093.807963][T13906] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1093.815683][T13906] Cannot create hsr debugfs directory [ 1094.592045][T14062] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1094.606174][T14062] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1094.638631][T14062] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1094.647859][T14062] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1096.508913][T14088] kvm: pic: single mode not supported [ 1096.509055][T14088] kvm: pic: level sensitive irq not supported [ 1096.550183][T14088] kvm: pic: level sensitive irq not supported [ 1096.630618][T14090] netlink: 'syz.2.2135': attribute type 14 has an invalid length. [ 1096.715352][ T9803] hsr_slave_0: left promiscuous mode [ 1096.725734][ T9803] hsr_slave_1: left promiscuous mode [ 1096.806848][ T9803] veth1_macvtap: left promiscuous mode [ 1096.813003][ T9803] veth0_macvtap: left promiscuous mode [ 1096.818992][ T9803] veth1_vlan: left promiscuous mode [ 1096.824932][ T9803] veth0_vlan: left promiscuous mode [ 1100.499010][ T9803] team0 (unregistering): Port device team_slave_1 removed [ 1100.758948][ T9803] team0 (unregistering): Port device team_slave_0 removed [ 1104.737527][T13815] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1104.910071][T13815] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1106.404505][T13815] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1106.446745][ T9803] IPVS: stop unused estimator thread 0... [ 1106.462897][T13815] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1107.363657][T13906] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1107.389798][T13906] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1107.444181][T13906] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1107.882555][T13906] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1109.301299][T13815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1109.463206][T13815] 8021q: adding VLAN 0 to HW filter on device team0 [ 1109.505567][T13906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1109.575551][ T9803] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.582813][ T9803] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1109.624786][ T9803] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.632003][ T9803] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1109.763538][T13906] 8021q: adding VLAN 0 to HW filter on device team0 [ 1109.878149][T13815] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1109.939529][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.946787][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1110.052420][ T3501] bridge0: port 2(bridge_slave_1) entered blocking state [ 1110.059860][ T3501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1111.096527][T14179] netlink: 'syz.5.2155': attribute type 21 has an invalid length. [ 1111.157932][T14179] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2155'. [ 1111.364888][T13815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1112.376977][T13815] veth0_vlan: entered promiscuous mode [ 1112.398174][T13815] veth1_vlan: entered promiscuous mode [ 1112.736015][T13815] veth0_macvtap: entered promiscuous mode [ 1112.754072][T13815] veth1_macvtap: entered promiscuous mode [ 1112.792462][T13815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1112.809235][T13906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1112.821619][T13815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1112.863349][T13815] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.891771][T13815] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.911160][T13815] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.930690][T13815] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1112.991069][T14201] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2159'. [ 1113.099813][T14204] netlink: 120 bytes leftover after parsing attributes in process `syz.5.2159'. [ 1113.114964][ T9816] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1113.130251][ T9816] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1113.232803][ T3501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1113.253500][ T3501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1113.306278][T14208] netlink: 'syz.0.2160': attribute type 11 has an invalid length. [ 1113.649235][T13906] veth0_vlan: entered promiscuous mode [ 1113.674931][T13906] veth1_vlan: entered promiscuous mode [ 1115.723382][T13906] veth0_macvtap: entered promiscuous mode [ 1115.994577][T13906] veth1_macvtap: entered promiscuous mode [ 1117.959036][T13906] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1118.097538][T13906] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1118.110284][T13906] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.121536][T13906] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.131103][T13906] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.143712][T13906] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.460311][ T9807] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1118.474992][ T9807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1118.544015][ T3082] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1118.554419][ T3082] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1118.942460][T14239] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1120.143486][T14247] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2168'. [ 1120.152709][T14247] netlink: 204 bytes leftover after parsing attributes in process `syz.5.2168'. [ 1120.162522][T14247] netlink: 204 bytes leftover after parsing attributes in process `syz.5.2168'. [ 1120.794020][T14255] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1124.424835][T14281] overlayfs: missing 'workdir' [ 1124.560038][ T30] audit: type=1326 audit(1755095102.373:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.6.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2d7d8ebe9 code=0x7ffc0000 [ 1124.779934][ T30] audit: type=1326 audit(1755095102.476:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.6.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2d7d8ebe9 code=0x7ffc0000 [ 1124.861201][ T30] audit: type=1326 audit(1755095102.476:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.6.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa2d7d8ebe9 code=0x7ffc0000 [ 1124.975013][ T30] audit: type=1326 audit(1755095102.476:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.6.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2d7d8ebe9 code=0x7ffc0000 [ 1125.079800][ T30] audit: type=1326 audit(1755095102.476:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.6.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2d7d8ebe9 code=0x7ffc0000 [ 1125.185049][ T30] audit: type=1326 audit(1755095102.476:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.6.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fa2d7d8ebe9 code=0x7ffc0000 [ 1125.286080][ T30] audit: type=1326 audit(1755095102.476:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.6.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2d7d8ebe9 code=0x7ffc0000 [ 1125.356853][T14286] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1125.410662][T14286] syz.1.2179 (14286): drop_caches: 2 [ 1125.420551][ T30] audit: type=1326 audit(1755095102.485:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14277 comm="syz.6.2178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2d7d8ebe9 code=0x7ffc0000 [ 1126.184774][T12341] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1126.207575][T12341] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1126.228443][T12341] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1126.272402][T12341] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1126.283966][T12341] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1127.340151][T14300] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1127.366581][T14300] CIFS mount error: No usable UNC path provided in device string! [ 1127.366581][T14300] [ 1127.377070][T14300] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1128.557137][ T51] Bluetooth: hci2: command tx timeout [ 1129.259283][T14313] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2187'. [ 1129.601121][T14321] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1129.608408][T14321] IPv6: NLM_F_CREATE should be set when creating new route [ 1129.667356][T14287] chnl_net:caif_netlink_parms(): no params data found [ 1130.330933][ T30] audit: type=1326 audit(1755095107.387:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.397476][ T30] audit: type=1326 audit(1755095107.397:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.421495][ T30] audit: type=1326 audit(1755095107.397:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.448335][ T30] audit: type=1326 audit(1755095107.397:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.492155][ T30] audit: type=1326 audit(1755095107.397:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.609754][ T30] audit: type=1326 audit(1755095107.397:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.632013][ T30] audit: type=1326 audit(1755095107.406:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.655305][ T30] audit: type=1326 audit(1755095107.415:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.684051][T14287] bridge0: port 1(bridge_slave_0) entered blocking state [ 1130.685945][ T30] audit: type=1326 audit(1755095107.425:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.732242][ T51] Bluetooth: hci2: command tx timeout [ 1130.775842][T14287] bridge0: port 1(bridge_slave_0) entered disabled state [ 1130.782986][ T30] audit: type=1326 audit(1755095107.425:923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14323 comm="syz.0.2190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1130.917885][T14287] bridge_slave_0: entered allmulticast mode [ 1130.942953][T14287] bridge_slave_0: entered promiscuous mode [ 1131.027935][T14287] bridge0: port 2(bridge_slave_1) entered blocking state [ 1131.035166][T14287] bridge0: port 2(bridge_slave_1) entered disabled state [ 1131.064389][T14287] bridge_slave_1: entered allmulticast mode [ 1131.087983][T14287] bridge_slave_1: entered promiscuous mode [ 1131.211124][T14330] syzkaller1: entered allmulticast mode [ 1131.300066][T14287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1131.320513][T14287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1131.499938][T14287] team0: Port device team_slave_0 added [ 1131.536879][T14287] team0: Port device team_slave_1 added [ 1131.787319][T14353] ubi31: attaching mtd0 [ 1131.839426][T14353] ubi31: scanning is finished [ 1131.844384][T14353] ubi31: empty MTD device detected [ 1132.125969][T14287] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1132.300466][T14287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1132.465042][T14287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1132.814080][T14353] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1132.849442][T14287] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1132.865051][T14353] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1132.874935][T14287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1132.894376][T14353] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1132.923347][T14353] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 1132.947577][ T51] Bluetooth: hci3: command tx timeout [ 1132.949895][T12341] Bluetooth: hci2: command tx timeout [ 1132.964185][T14287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1132.977180][T14363] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2198'. [ 1133.004768][T14353] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1133.035505][T14353] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1133.045082][T14353] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 637082195 [ 1133.056048][T14353] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1133.068117][T14357] ubi31: background thread "ubi_bgt31d" started, PID 14357 [ 1133.356949][T14287] hsr_slave_0: entered promiscuous mode [ 1133.402426][T14287] hsr_slave_1: entered promiscuous mode [ 1133.415910][T14287] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1133.424766][T14287] Cannot create hsr debugfs directory [ 1134.647304][T14383] unknown channel width for channel at 909000KHz? [ 1134.753475][T14385] netlink: 1004 bytes leftover after parsing attributes in process `syz.0.2206'. [ 1134.793392][T14386] netlink: 1004 bytes leftover after parsing attributes in process `syz.0.2206'. [ 1135.020650][T14287] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1135.040642][T14287] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1135.054618][T14391] sctp: [Deprecated]: syz.5.2207 (pid 14391) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1135.054618][T14391] Use struct sctp_sack_info instead [ 1135.163709][T12341] Bluetooth: hci2: command tx timeout [ 1135.180647][T14287] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1135.998010][T14287] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1136.573189][T14287] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1136.982307][T14287] 8021q: adding VLAN 0 to HW filter on device team0 [ 1137.043727][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1137.051012][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1137.187400][ T9809] bridge0: port 2(bridge_slave_1) entered blocking state [ 1137.194655][ T9809] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1137.375385][T14409] 9pnet_fd: Insufficient options for proto=fd [ 1138.480251][T14421] fuse: Unknown parameter 'ÿÿÿÿ' [ 1138.983188][T14287] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1139.249076][T14431] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2215'. [ 1141.531119][T14459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1141.558517][T14287] veth0_vlan: entered promiscuous mode [ 1141.582642][T14287] veth1_vlan: entered promiscuous mode [ 1141.708785][T14287] veth0_macvtap: entered promiscuous mode [ 1141.744403][T14287] veth1_macvtap: entered promiscuous mode [ 1141.809251][T14287] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1141.852972][T14287] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1141.897717][ T9] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1141.915275][T14287] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1141.944754][T14287] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1141.964945][T14287] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.013697][T14287] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.069490][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 1142.076932][ T9] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1142.085982][ T9] usb 6-1: config 12 has an invalid interface number: 184 but max is 0 [ 1142.116315][ T9] usb 6-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config [ 1142.187266][ T9] usb 6-1: config 12 has no interface number 0 [ 1142.201042][ T9] usb 6-1: config 12 interface 184 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1142.219800][ T9] usb 6-1: New USB device found, idVendor=0499, idProduct=100d, bcdDevice=84.a2 [ 1142.229393][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1142.239398][ T9] usb 6-1: Product: syz [ 1142.245253][ T9] usb 6-1: Manufacturer: syz [ 1142.249943][ T9] usb 6-1: SerialNumber: syz [ 1142.259280][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1142.302014][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1142.524431][ T3501] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1142.538542][T14458] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1142.540338][ T3501] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1142.574523][ T9] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1142.638010][ T9] snd-usb-audio 6-1:12.184: probe with driver snd-usb-audio failed with error -2 [ 1143.160004][ T9] usb 6-1: USB disconnect, device number 4 [ 1144.736789][T14491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2230'. [ 1146.172433][T14503] netlink: 'syz.1.2233': attribute type 11 has an invalid length. [ 1146.180541][T14503] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2233'. [ 1146.965498][T14500] overlayfs: missing 'workdir' [ 1146.972728][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 1146.972745][ T30] audit: type=1326 audit(1755095123.394:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14497 comm="syz.7.2232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811f98ebe9 code=0x7ffc0000 [ 1147.046908][ T30] audit: type=1326 audit(1755095123.394:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14497 comm="syz.7.2232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811f98ebe9 code=0x7ffc0000 [ 1147.090902][ T30] audit: type=1326 audit(1755095123.431:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14497 comm="syz.7.2232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f811f98ebe9 code=0x7ffc0000 [ 1147.368878][ T30] audit: type=1326 audit(1755095123.431:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14497 comm="syz.7.2232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811f98ebe9 code=0x7ffc0000 [ 1147.445340][ T30] audit: type=1326 audit(1755095123.431:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14497 comm="syz.7.2232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811f98ebe9 code=0x7ffc0000 [ 1147.485942][ T30] audit: type=1326 audit(1755095123.431:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14497 comm="syz.7.2232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f811f98ebe9 code=0x7ffc0000 [ 1147.523235][ T30] audit: type=1326 audit(1755095123.431:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14497 comm="syz.7.2232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811f98ebe9 code=0x7ffc0000 [ 1147.611878][T14513] netlink: 'syz.7.2236': attribute type 1 has an invalid length. [ 1147.613600][ T30] audit: type=1326 audit(1755095123.431:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14497 comm="syz.7.2232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f811f98ebe9 code=0x7ffc0000 [ 1147.645771][T14513] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2236'. [ 1153.477646][T14559] netlink: 'syz.7.2249': attribute type 1 has an invalid length. [ 1153.493986][T14557] netlink: 96 bytes leftover after parsing attributes in process `syz.6.2251'. [ 1153.514463][T14559] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2249'. [ 1156.165651][T14580] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2255'. [ 1157.078449][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1157.084799][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1157.273390][T14600] overlayfs: missing 'workdir' [ 1157.292844][ T30] audit: type=1326 audit(1755095133.058:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14595 comm="syz.0.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1157.403089][ T30] audit: type=1326 audit(1755095133.058:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14595 comm="syz.0.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1158.087282][ T30] audit: type=1326 audit(1755095133.076:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14595 comm="syz.0.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1158.445021][ T30] audit: type=1326 audit(1755095133.076:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14595 comm="syz.0.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1158.496892][ T30] audit: type=1326 audit(1755095133.076:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14595 comm="syz.0.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1158.534412][ T30] audit: type=1326 audit(1755095133.076:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14595 comm="syz.0.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1158.589928][ T30] audit: type=1326 audit(1755095133.076:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14595 comm="syz.0.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1158.619613][ T30] audit: type=1326 audit(1755095133.076:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14595 comm="syz.0.2259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1159.332130][ T5842] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 1159.415747][T14618] netlink: 'syz.5.2264': attribute type 1 has an invalid length. [ 1159.429143][T14618] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2264'. [ 1159.552864][ T5842] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1159.587633][ T5842] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1159.615278][ T5842] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1159.634787][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1159.773493][ T5842] usb 2-1: Product: syz [ 1159.777781][ T5842] usb 2-1: Manufacturer: syz [ 1159.782736][ T5842] usb 2-1: SerialNumber: syz [ 1159.875888][T14622] netlink: 'syz.5.2266': attribute type 10 has an invalid length. [ 1159.938167][T14622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1160.193747][T14614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1161.022464][T14622] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1161.139092][T14614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1161.230041][T14614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1161.247957][T14614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1161.454628][ T5842] usb 2-1: 0:2 : does not exist [ 1161.495807][ T5842] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 1161.610053][ T5842] usb 2-1: USB disconnect, device number 21 [ 1162.119206][T14630] vivid-000: disconnect [ 1162.130437][T14629] vivid-000: reconnect [ 1162.313280][T14633] hsr0: entered promiscuous mode [ 1163.499988][T14638] bridge0: entered allmulticast mode [ 1163.624275][T14638] pim6reg: entered allmulticast mode [ 1163.655160][T14642] netlink: 'syz.1.2268': attribute type 12 has an invalid length. [ 1163.688838][T14642] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2268'. [ 1163.716106][T14643] pim6reg: left allmulticast mode [ 1163.737300][T14643] bridge0: left allmulticast mode [ 1164.342167][T14651] hugetlbfs: syz.0.2273 (14651): Using mlock ulimits for SHM_HUGETLB is obsolete [ 1166.113880][ T30] audit: type=1326 audit(1755095141.243:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1166.430673][ T30] audit: type=1326 audit(1755095141.243:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1166.452793][ C0] vkms_vblank_simulate: vblank timer overrun [ 1166.657872][ T30] audit: type=1326 audit(1755095141.243:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1166.679723][ T30] audit: type=1326 audit(1755095141.243:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1166.701772][ C0] vkms_vblank_simulate: vblank timer overrun [ 1166.707993][ T30] audit: type=1326 audit(1755095141.243:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1166.796040][T14668] (syz.0.2276,14668,1):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 1166.805193][T14668] (syz.0.2276,14668,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 1167.404578][ T30] audit: type=1326 audit(1755095141.253:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1167.426417][ T30] audit: type=1326 audit(1755095141.253:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1167.448401][ C0] vkms_vblank_simulate: vblank timer overrun [ 1167.464841][ T30] audit: type=1326 audit(1755095141.253:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1167.486484][ C0] vkms_vblank_simulate: vblank timer overrun [ 1167.695791][ T30] audit: type=1326 audit(1755095141.262:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1167.717550][ C0] vkms_vblank_simulate: vblank timer overrun [ 1167.735262][T14675] overlay: ./file0 is not a directory [ 1168.022361][ T30] audit: type=1326 audit(1755095141.271:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14650 comm="syz.5.2274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f9f68d8ebe9 code=0x7ffc0000 [ 1168.700585][T14687] overlayfs: missing 'workdir' [ 1168.717755][T14686] FAULT_INJECTION: forcing a failure. [ 1168.717755][T14686] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1168.730986][T14686] CPU: 0 UID: 0 PID: 14686 Comm: syz.1.2282 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1168.731004][T14686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1168.731012][T14686] Call Trace: [ 1168.731018][T14686] [ 1168.731023][T14686] dump_stack_lvl+0x189/0x250 [ 1168.731043][T14686] ? __pfx____ratelimit+0x10/0x10 [ 1168.731057][T14686] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1168.731070][T14686] ? __pfx__printk+0x10/0x10 [ 1168.731086][T14686] ? __might_fault+0xb0/0x130 [ 1168.731106][T14686] should_fail_ex+0x414/0x560 [ 1168.731122][T14686] _copy_from_user+0x2d/0xb0 [ 1168.731139][T14686] ___sys_sendmsg+0x158/0x2a0 [ 1168.731159][T14686] ? __pfx____sys_sendmsg+0x10/0x10 [ 1168.731200][T14686] ? __fget_files+0x2a/0x420 [ 1168.731213][T14686] ? __fget_files+0x3a0/0x420 [ 1168.731232][T14686] __x64_sys_sendmsg+0x19b/0x260 [ 1168.731252][T14686] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1168.731276][T14686] ? __pfx_ksys_write+0x10/0x10 [ 1168.731291][T14686] ? do_syscall_64+0xbe/0x3b0 [ 1168.731307][T14686] do_syscall_64+0xfa/0x3b0 [ 1168.731319][T14686] ? lockdep_hardirqs_on+0x9c/0x150 [ 1168.731332][T14686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.731344][T14686] ? clear_bhb_loop+0x60/0xb0 [ 1168.731358][T14686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1168.731370][T14686] RIP: 0033:0x7fd8b498ebe9 [ 1168.731382][T14686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1168.731392][T14686] RSP: 002b:00007fd8b5743038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1168.731406][T14686] RAX: ffffffffffffffda RBX: 00007fd8b4bb5fa0 RCX: 00007fd8b498ebe9 [ 1168.731415][T14686] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000006 [ 1168.731423][T14686] RBP: 00007fd8b5743090 R08: 0000000000000000 R09: 0000000000000000 [ 1168.731431][T14686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1168.731438][T14686] R13: 00007fd8b4bb6038 R14: 00007fd8b4bb5fa0 R15: 00007fffabb97d38 [ 1168.731457][T14686] [ 1173.079225][T14723] FAULT_INJECTION: forcing a failure. [ 1173.079225][T14723] name failslab, interval 1, probability 0, space 0, times 0 [ 1173.092230][T14723] CPU: 0 UID: 0 PID: 14723 Comm: syz.1.2293 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1173.092258][T14723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1173.092266][T14723] Call Trace: [ 1173.092272][T14723] [ 1173.092278][T14723] dump_stack_lvl+0x189/0x250 [ 1173.092296][T14723] ? __pfx____ratelimit+0x10/0x10 [ 1173.092310][T14723] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1173.092324][T14723] ? __pfx__printk+0x10/0x10 [ 1173.092337][T14723] ? irqentry_exit+0x74/0x90 [ 1173.092355][T14723] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 1173.092371][T14723] should_fail_ex+0x414/0x560 [ 1173.092388][T14723] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 1173.092399][T14723] should_failslab+0xa8/0x100 [ 1173.092415][T14723] __kvmalloc_node_noprof+0x161/0x5f0 [ 1173.092428][T14723] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 1173.092445][T14723] alloc_netdev_mqs+0xa8b/0x11e0 [ 1173.092462][T14723] rtnl_create_link+0x31f/0xd10 [ 1173.092480][T14723] rtnl_newlink_create+0x25c/0xb00 [ 1173.092500][T14723] ? __lock_acquire+0xab9/0xd20 [ 1173.092515][T14723] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1173.092531][T14723] ? rtnl_newlink+0x8db/0x1c70 [ 1173.092548][T14723] ? __pfx___mutex_lock+0x10/0x10 [ 1173.092569][T14723] ? rtnl_newlink+0x8c4/0x1c70 [ 1173.092586][T14723] rtnl_newlink+0x16d6/0x1c70 [ 1173.092603][T14723] ? netlink_sendmsg+0x805/0xb30 [ 1173.092628][T14723] ? __pfx_rtnl_newlink+0x10/0x10 [ 1173.092659][T14723] ? kasan_quarantine_put+0xdd/0x220 [ 1173.092676][T14723] ? lockdep_hardirqs_on+0x9c/0x150 [ 1173.092693][T14723] ? nlmon_xmit+0xb0/0x100 [ 1173.092707][T14723] ? kmem_cache_free+0x18f/0x400 [ 1173.092724][T14723] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1173.092737][T14723] ? lockdep_hardirqs_on+0x9c/0x150 [ 1173.092750][T14723] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1173.092762][T14723] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1173.092778][T14723] ? __dev_queue_xmit+0x27e/0x3a70 [ 1173.092797][T14723] ? __dev_queue_xmit+0x27e/0x3a70 [ 1173.092808][T14723] ? __dev_queue_xmit+0x27e/0x3a70 [ 1173.092820][T14723] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 1173.092836][T14723] ? __lock_acquire+0xab9/0xd20 [ 1173.092863][T14723] ? __pfx_rtnl_newlink+0x10/0x10 [ 1173.092878][T14723] rtnetlink_rcv_msg+0x7cc/0xb70 [ 1173.092896][T14723] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1173.092910][T14723] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1173.092924][T14723] ? ref_tracker_free+0x63a/0x7d0 [ 1173.092936][T14723] ? __copy_skb_header+0xa7/0x550 [ 1173.092949][T14723] ? __pfx_ref_tracker_free+0x10/0x10 [ 1173.092961][T14723] ? __skb_clone+0x63/0x7a0 [ 1173.092977][T14723] netlink_rcv_skb+0x205/0x470 [ 1173.092995][T14723] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1173.093011][T14723] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1173.093036][T14723] ? netlink_deliver_tap+0x2e/0x1b0 [ 1173.093054][T14723] ? netlink_deliver_tap+0x2e/0x1b0 [ 1173.093074][T14723] netlink_unicast+0x75c/0x8e0 [ 1173.093096][T14723] netlink_sendmsg+0x805/0xb30 [ 1173.093119][T14723] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1173.093141][T14723] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1173.093153][T14723] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1173.093170][T14723] __sock_sendmsg+0x21c/0x270 [ 1173.093186][T14723] ____sys_sendmsg+0x505/0x830 [ 1173.093208][T14723] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1173.093232][T14723] ? import_iovec+0x74/0xa0 [ 1173.093251][T14723] ___sys_sendmsg+0x21f/0x2a0 [ 1173.093271][T14723] ? __pfx____sys_sendmsg+0x10/0x10 [ 1173.093317][T14723] ? __fget_files+0x2a/0x420 [ 1173.093332][T14723] ? __fget_files+0x3a0/0x420 [ 1173.093356][T14723] __x64_sys_sendmsg+0x19b/0x260 [ 1173.093383][T14723] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1173.093407][T14723] ? __pfx_ksys_write+0x10/0x10 [ 1173.093423][T14723] ? do_syscall_64+0xbe/0x3b0 [ 1173.093439][T14723] do_syscall_64+0xfa/0x3b0 [ 1173.093453][T14723] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1173.093467][T14723] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1173.093479][T14723] ? clear_bhb_loop+0x60/0xb0 [ 1173.093497][T14723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1173.093511][T14723] RIP: 0033:0x7fd8b498ebe9 [ 1173.093527][T14723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1173.093538][T14723] RSP: 002b:00007fd8b5722038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1173.093552][T14723] RAX: ffffffffffffffda RBX: 00007fd8b4bb6090 RCX: 00007fd8b498ebe9 [ 1173.093561][T14723] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 1173.093569][T14723] RBP: 00007fd8b5722090 R08: 0000000000000000 R09: 0000000000000000 [ 1173.093576][T14723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1173.093584][T14723] R13: 00007fd8b4bb6128 R14: 00007fd8b4bb6090 R15: 00007fffabb97d38 [ 1173.093606][T14723] [ 1174.125778][T14733] FAULT_INJECTION: forcing a failure. [ 1174.125778][T14733] name failslab, interval 1, probability 0, space 0, times 0 [ 1174.138906][T14733] CPU: 0 UID: 0 PID: 14733 Comm: syz.6.2297 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1174.138935][T14733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1174.138947][T14733] Call Trace: [ 1174.138956][T14733] [ 1174.138965][T14733] dump_stack_lvl+0x189/0x250 [ 1174.138993][T14733] ? __pfx____ratelimit+0x10/0x10 [ 1174.139016][T14733] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1174.139039][T14733] ? __pfx__printk+0x10/0x10 [ 1174.139081][T14733] ? __pfx___might_resched+0x10/0x10 [ 1174.139110][T14733] should_fail_ex+0x414/0x560 [ 1174.139137][T14733] should_failslab+0xa8/0x100 [ 1174.139162][T14733] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1174.139184][T14733] ? __alloc_skb+0x112/0x2d0 [ 1174.139217][T14733] __alloc_skb+0x112/0x2d0 [ 1174.139249][T14733] netlink_sendmsg+0x5c6/0xb30 [ 1174.139289][T14733] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1174.139328][T14733] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1174.139348][T14733] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1174.139377][T14733] __sock_sendmsg+0x21c/0x270 [ 1174.139406][T14733] ____sys_sendmsg+0x52d/0x830 [ 1174.139443][T14733] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1174.139484][T14733] ? import_iovec+0x74/0xa0 [ 1174.139516][T14733] ___sys_sendmsg+0x21f/0x2a0 [ 1174.139549][T14733] ? __pfx____sys_sendmsg+0x10/0x10 [ 1174.139623][T14733] ? __fget_files+0x2a/0x420 [ 1174.139645][T14733] ? __fget_files+0x3a0/0x420 [ 1174.139679][T14733] __sys_sendmmsg+0x227/0x430 [ 1174.139717][T14733] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1174.139744][T14733] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1174.139798][T14733] ? ksys_write+0x22a/0x250 [ 1174.139819][T14733] ? __pfx_ksys_write+0x10/0x10 [ 1174.139836][T14733] ? rcu_is_watching+0x15/0xb0 [ 1174.139866][T14733] __x64_sys_sendmmsg+0xa0/0xc0 [ 1174.139900][T14733] do_syscall_64+0xfa/0x3b0 [ 1174.139924][T14733] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.139943][T14733] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1174.139963][T14733] ? clear_bhb_loop+0x60/0xb0 [ 1174.139988][T14733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1174.140008][T14733] RIP: 0033:0x7fa2d7d8ebe9 [ 1174.140027][T14733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1174.140044][T14733] RSP: 002b:00007fa2d8c3a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1174.140073][T14733] RAX: ffffffffffffffda RBX: 00007fa2d7fb6090 RCX: 00007fa2d7d8ebe9 [ 1174.140088][T14733] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 000000000000000d [ 1174.140102][T14733] RBP: 00007fa2d8c3a090 R08: 0000000000000000 R09: 0000000000000000 [ 1174.140114][T14733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1174.140127][T14733] R13: 00007fa2d7fb6128 R14: 00007fa2d7fb6090 R15: 00007ffc0b295808 [ 1174.140161][T14733] [ 1175.241790][T14742] overlayfs: missing 'workdir' [ 1175.290261][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 1175.290281][ T30] audit: type=1326 audit(1755095149.878:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1175.327568][ T30] audit: type=1326 audit(1755095149.925:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1175.349930][ T30] audit: type=1326 audit(1755095149.925:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1175.371863][ T30] audit: type=1326 audit(1755095149.925:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1175.501855][ T30] audit: type=1326 audit(1755095149.925:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1175.534233][ T30] audit: type=1326 audit(1755095149.925:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1175.658999][ T30] audit: type=1326 audit(1755095149.925:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1175.704433][ T30] audit: type=1326 audit(1755095149.925:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14737 comm="syz.1.2300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1176.209923][T14755] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2296'. [ 1176.971613][T14766] netlink: 144 bytes leftover after parsing attributes in process `syz.7.2305'. [ 1177.727485][T14768] binder: 14767:14768 ioctl c0306201 0 returned -14 [ 1178.050558][T14764] netlink: 248 bytes leftover after parsing attributes in process `syz.6.2307'. [ 1178.861799][ T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1179.044233][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1179.074416][ T9] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 1179.102310][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1179.128617][ T9] usb 2-1: Product: syz [ 1179.143778][ T9] usb 2-1: Manufacturer: syz [ 1179.170328][ T9] usb 2-1: SerialNumber: syz [ 1179.194189][ T9] usb 2-1: config 0 descriptor?? [ 1179.675695][ T9] airspy 2-1:0.0: Board ID: 00 [ 1179.680752][ T9] airspy 2-1:0.0: Firmware version: [ 1180.026335][ T9] airspy 2-1:0.0: usb_control_msg() failed -71 request 11 [ 1180.044924][ T9] airspy 2-1:0.0: Registered as swradio24 [ 1180.052218][ T9] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 1180.065331][ T9] usb 2-1: USB disconnect, device number 22 [ 1189.688427][T14846] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1194.765540][ T30] audit: type=1326 audit(1755095168.092:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1194.888327][T14862] FAULT_INJECTION: forcing a failure. [ 1194.888327][T14862] name failslab, interval 1, probability 0, space 0, times 0 [ 1194.901383][T14862] CPU: 0 UID: 0 PID: 14862 Comm: syz.0.2339 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1194.901412][T14862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1194.901424][T14862] Call Trace: [ 1194.901432][T14862] [ 1194.901441][T14862] dump_stack_lvl+0x189/0x250 [ 1194.901471][T14862] ? __pfx____ratelimit+0x10/0x10 [ 1194.901493][T14862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1194.901517][T14862] ? __pfx__printk+0x10/0x10 [ 1194.901551][T14862] ? __pfx___might_resched+0x10/0x10 [ 1194.901572][T14862] ? fs_reclaim_acquire+0x7d/0x100 [ 1194.901613][T14862] should_fail_ex+0x414/0x560 [ 1194.901641][T14862] should_failslab+0xa8/0x100 [ 1194.901666][T14862] __kmalloc_noprof+0xcb/0x4f0 [ 1194.901685][T14862] ? kfree+0x4d/0x440 [ 1194.901711][T14862] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1194.901745][T14862] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1194.901774][T14862] ? tomoyo_domain+0xda/0x130 [ 1194.901809][T14862] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1194.901831][T14862] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1194.901855][T14862] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1194.901899][T14862] ? __lock_acquire+0xab9/0xd20 [ 1194.901945][T14862] ? __fget_files+0x2a/0x420 [ 1194.901971][T14862] ? __fget_files+0x2a/0x420 [ 1194.901992][T14862] ? __fget_files+0x3a0/0x420 [ 1194.902013][T14862] ? __fget_files+0x2a/0x420 [ 1194.902041][T14862] security_file_ioctl+0xcb/0x2d0 [ 1194.902067][T14862] __se_sys_ioctl+0x47/0x170 [ 1194.902101][T14862] do_syscall_64+0xfa/0x3b0 [ 1194.902124][T14862] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.902144][T14862] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1194.902164][T14862] ? clear_bhb_loop+0x60/0xb0 [ 1194.902190][T14862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.902209][T14862] RIP: 0033:0x7f6b48b8ebe9 [ 1194.902228][T14862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1194.902246][T14862] RSP: 002b:00007f6b49a27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1194.902269][T14862] RAX: ffffffffffffffda RBX: 00007f6b48db6090 RCX: 00007f6b48b8ebe9 [ 1194.902284][T14862] RDX: 0000200000000240 RSI: 0000000000004601 RDI: 0000000000000005 [ 1194.902297][T14862] RBP: 00007f6b49a27090 R08: 0000000000000000 R09: 0000000000000000 [ 1194.902309][T14862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1194.902321][T14862] R13: 00007f6b48db6128 R14: 00007f6b48db6090 R15: 00007ffe485dc4a8 [ 1194.902363][T14862] [ 1195.366221][T14862] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1195.505407][ T30] audit: type=1326 audit(1755095168.092:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.506171][ T30] audit: type=1326 audit(1755095168.102:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.506219][ T30] audit: type=1326 audit(1755095168.102:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.506265][ T30] audit: type=1326 audit(1755095168.102:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.506312][ T30] audit: type=1326 audit(1755095168.102:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.506359][ T30] audit: type=1326 audit(1755095168.102:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.506405][ T30] audit: type=1326 audit(1755095168.102:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.506511][ T30] audit: type=1326 audit(1755095168.102:995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.506560][ T30] audit: type=1326 audit(1755095168.102:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14858 comm="syz.0.2339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1195.575915][ C0] vkms_vblank_simulate: vblank timer overrun [ 1195.666891][ C0] vkms_vblank_simulate: vblank timer overrun [ 1195.811069][T14868] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 1195.811130][T14868] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 1195.811221][T14868] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 1195.811354][T14868] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 1195.811423][T14868] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 1195.811473][T14868] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 1195.811524][T14868] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 1195.811611][T14868] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 1195.811658][T14868] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 1195.811741][T14868] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 1195.879035][T14863] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2338'. [ 1195.952536][ C0] vkms_vblank_simulate: vblank timer overrun [ 1197.591246][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 1199.812683][T12341] Bluetooth: hci0: command 0x0406 tx timeout [ 1202.897086][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 1202.908973][ T30] audit: type=1326 audit(1755095175.623:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.266765][ T30] audit: type=1326 audit(1755095175.623:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.291165][ T30] audit: type=1326 audit(1755095175.623:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.313238][ T30] audit: type=1326 audit(1755095175.623:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.343992][ T30] audit: type=1326 audit(1755095175.632:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.374575][ T30] audit: type=1326 audit(1755095175.632:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.396283][ C0] vkms_vblank_simulate: vblank timer overrun [ 1203.415154][ T5842] usb 6-1: new full-speed USB device number 5 using dummy_hcd [ 1203.451668][ T30] audit: type=1326 audit(1755095175.632:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.481746][ T30] audit: type=1326 audit(1755095175.642:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.503421][ C0] vkms_vblank_simulate: vblank timer overrun [ 1203.556690][T14953] FAULT_INJECTION: forcing a failure. [ 1203.556690][T14953] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.576868][ T30] audit: type=1326 audit(1755095175.651:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.599530][ T30] audit: type=1326 audit(1755095175.661:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14944 comm="syz.0.2362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f6b48b8ebe9 code=0x7ffc0000 [ 1203.623172][T14953] CPU: 0 UID: 0 PID: 14953 Comm: syz.6.2363 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1203.623200][T14953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1203.623212][T14953] Call Trace: [ 1203.623221][T14953] [ 1203.623228][T14953] dump_stack_lvl+0x189/0x250 [ 1203.623257][T14953] ? __pfx____ratelimit+0x10/0x10 [ 1203.623286][T14953] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1203.623309][T14953] ? __pfx__printk+0x10/0x10 [ 1203.623340][T14953] ? __pfx___might_resched+0x10/0x10 [ 1203.623369][T14953] should_fail_ex+0x414/0x560 [ 1203.623397][T14953] should_failslab+0xa8/0x100 [ 1203.623419][T14953] kmem_cache_alloc_noprof+0x73/0x3c0 [ 1203.623438][T14953] ? key_alloc+0x308/0x1030 [ 1203.623461][T14953] ? key_user_lookup+0x1bc/0x460 [ 1203.623487][T14953] key_alloc+0x308/0x1030 [ 1203.623527][T14953] request_key_auth_new+0x674/0x8b0 [ 1203.623564][T14953] ? __pfx_request_key_auth_new+0x10/0x10 [ 1203.623608][T14953] request_key_and_link+0xde9/0x14a0 [ 1203.623644][T14953] ? __pfx_request_key_and_link+0x10/0x10 [ 1203.623680][T14953] ? __pfx_asymmetric_key_cmp+0x10/0x10 [ 1203.623704][T14953] ? __pfx_keyring_search_iterator+0x10/0x10 [ 1203.623751][T14953] ? down_read+0x1ad/0x2e0 [ 1203.623783][T14953] __se_sys_request_key+0x22c/0x340 [ 1203.623809][T14953] ? __pfx___se_sys_request_key+0x10/0x10 [ 1203.623843][T14953] ? do_syscall_64+0xbe/0x3b0 [ 1203.623870][T14953] do_syscall_64+0xfa/0x3b0 [ 1203.623889][T14953] ? lockdep_hardirqs_on+0x9c/0x150 [ 1203.623910][T14953] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.623929][T14953] ? clear_bhb_loop+0x60/0xb0 [ 1203.623954][T14953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.623973][T14953] RIP: 0033:0x7fa2d7d8ebe9 [ 1203.623991][T14953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1203.624008][T14953] RSP: 002b:00007fa2d8c5b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 1203.624030][T14953] RAX: ffffffffffffffda RBX: 00007fa2d7fb5fa0 RCX: 00007fa2d7d8ebe9 [ 1203.624044][T14953] RDX: 0000200000001fee RSI: 0000200000001ffb RDI: 0000200000000040 [ 1203.624058][T14953] RBP: 00007fa2d8c5b090 R08: 0000000000000000 R09: 0000000000000000 [ 1203.624070][T14953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1203.624081][T14953] R13: 00007fa2d7fb6038 R14: 00007fa2d7fb5fa0 R15: 00007ffc0b295808 [ 1203.624116][T14953] [ 1203.864159][ C0] vkms_vblank_simulate: vblank timer overrun [ 1203.948710][T14961] netlink: 'syz.1.2364': attribute type 3 has an invalid length. [ 1203.956705][T14961] netlink: 'syz.1.2364': attribute type 28 has an invalid length. [ 1203.964797][T14961] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2364'. [ 1204.252477][ T5842] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1204.275824][ T5842] usb 6-1: not running at top speed; connect to a high speed hub [ 1204.815912][ T5842] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1204.827111][ T5842] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1204.854920][ T5842] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1204.864533][ T5842] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1204.890395][ T5842] usb 6-1: Product: syz [ 1204.894665][ T5842] usb 6-1: Manufacturer: syz [ 1204.899385][ T5842] usb 6-1: SerialNumber: syz [ 1206.998701][T12341] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1207.017267][T12341] Bluetooth: hci2: Injecting HCI hardware error event [ 1207.121360][T12341] Bluetooth: hci2: hardware error 0x00 [ 1207.128262][T14988] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR [ 1207.402379][ T5842] usb 6-1: 0:2 : does not exist [ 1207.617142][ T5842] usb 6-1: USB disconnect, device number 5 [ 1207.875692][T15000] netlink: 'syz.5.2376': attribute type 10 has an invalid length. [ 1207.923483][T15000] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2376'. [ 1208.099697][T15000] dummy0: entered promiscuous mode [ 1208.147553][T15000] bridge0: port 3(dummy0) entered blocking state [ 1208.190888][T15000] bridge0: port 3(dummy0) entered disabled state [ 1208.245853][T15000] dummy0: entered allmulticast mode [ 1208.300859][T15000] bridge0: port 3(dummy0) entered blocking state [ 1208.307419][T15000] bridge0: port 3(dummy0) entered forwarding state [ 1208.467198][T15005] netlink: 4276 bytes leftover after parsing attributes in process `syz.6.2377'. [ 1208.480376][T15005] netlink: 4276 bytes leftover after parsing attributes in process `syz.6.2377'. [ 1208.554673][T14994] Bluetooth: hci3: command 0x0406 tx timeout [ 1209.494999][ T51] Bluetooth: hci5: unexpected cc 0x0809 length: 68 > 4 [ 1209.502768][ T51] Bluetooth: hci5: unexpected event for opcode 0x0809 [ 1209.807290][T12341] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1210.183585][T15017] netlink: 88 bytes leftover after parsing attributes in process `syz.6.2380'. [ 1210.193187][T15017] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2380'. [ 1211.204552][T15024] FAULT_INJECTION: forcing a failure. [ 1211.204552][T15024] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.217394][T15024] CPU: 1 UID: 0 PID: 15024 Comm: syz.5.2383 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1211.217419][T15024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1211.217432][T15024] Call Trace: [ 1211.217440][T15024] [ 1211.217449][T15024] dump_stack_lvl+0x189/0x250 [ 1211.217477][T15024] ? __pfx____ratelimit+0x10/0x10 [ 1211.217499][T15024] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1211.217522][T15024] ? __pfx__printk+0x10/0x10 [ 1211.217556][T15024] ? __pfx___might_resched+0x10/0x10 [ 1211.217584][T15024] should_fail_ex+0x414/0x560 [ 1211.217612][T15024] should_failslab+0xa8/0x100 [ 1211.217637][T15024] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1211.217668][T15024] ? __alloc_skb+0x112/0x2d0 [ 1211.217701][T15024] __alloc_skb+0x112/0x2d0 [ 1211.217734][T15024] netlink_sendmsg+0x5c6/0xb30 [ 1211.217775][T15024] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1211.217813][T15024] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1211.217834][T15024] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1211.217863][T15024] __sock_sendmsg+0x21c/0x270 [ 1211.217890][T15024] ____sys_sendmsg+0x505/0x830 [ 1211.217927][T15024] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1211.217970][T15024] ? import_iovec+0x74/0xa0 [ 1211.218003][T15024] ___sys_sendmsg+0x21f/0x2a0 [ 1211.218038][T15024] ? __pfx____sys_sendmsg+0x10/0x10 [ 1211.218069][T15024] ? preempt_schedule_common+0x83/0xd0 [ 1211.218129][T15024] ? __fget_files+0x2a/0x420 [ 1211.218149][T15024] ? __fget_files+0x3a0/0x420 [ 1211.218183][T15024] __x64_sys_sendmsg+0x19b/0x260 [ 1211.218217][T15024] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1211.218257][T15024] ? __pfx_ksys_write+0x10/0x10 [ 1211.218283][T15024] ? do_syscall_64+0xbe/0x3b0 [ 1211.218310][T15024] do_syscall_64+0xfa/0x3b0 [ 1211.218330][T15024] ? lockdep_hardirqs_on+0x9c/0x150 [ 1211.218351][T15024] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.218370][T15024] ? clear_bhb_loop+0x60/0xb0 [ 1211.218395][T15024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.218412][T15024] RIP: 0033:0x7f9f68d8ebe9 [ 1211.218429][T15024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1211.218446][T15024] RSP: 002b:00007f9f69c8d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1211.218469][T15024] RAX: ffffffffffffffda RBX: 00007f9f68fb6090 RCX: 00007f9f68d8ebe9 [ 1211.218483][T15024] RDX: 0000000000004000 RSI: 0000200000000480 RDI: 0000000000000005 [ 1211.218495][T15024] RBP: 00007f9f69c8d090 R08: 0000000000000000 R09: 0000000000000000 [ 1211.218508][T15024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1211.218520][T15024] R13: 00007f9f68fb6128 R14: 00007f9f68fb6090 R15: 00007fff91a50778 [ 1211.218554][T15024] [ 1213.180360][T15056] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2390'. [ 1213.335056][T15058] netlink: 'syz.7.2393': attribute type 5 has an invalid length. [ 1213.570199][T15058] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1213.580045][T15058] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1213.590239][T15058] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1213.599118][T15058] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1213.737866][T15058] batman_adv: batadv0: Adding interface: vxlan0 [ 1213.805347][T15058] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1213.981512][T15058] batman_adv: batadv0: Interface activated: vxlan0 [ 1214.362354][T15074] comedi comedi3: comedi_config --init_data is deprecated [ 1215.283723][T15083] netlink: 'syz.1.2399': attribute type 1 has an invalid length. [ 1215.964380][ T5909] psmouse serio2: Failed to reset mouse on : -5 [ 1216.542228][T15095] syz.6.2402: attempt to access beyond end of device [ 1216.542228][T15095] nbd6: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 1216.568836][T15095] gfs2: error -5 reading superblock [ 1218.203960][T15113] ntfs3(nullb0): Primary boot signature is not NTFS. [ 1218.229489][T15113] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 1218.741385][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1218.939528][ T30] audit: type=1326 audit(1755095190.441:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.101711][ T30] audit: type=1326 audit(1755095190.441:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.125277][ T30] audit: type=1326 audit(1755095190.441:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.254054][ T30] audit: type=1326 audit(1755095190.441:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.339238][ T30] audit: type=1326 audit(1755095190.451:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.403901][ T30] audit: type=1326 audit(1755095190.451:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.476186][ T30] audit: type=1326 audit(1755095190.470:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.529826][ T30] audit: type=1326 audit(1755095190.470:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.786359][ T30] audit: type=1326 audit(1755095190.470:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1219.808694][ T30] audit: type=1326 audit(1755095190.479:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15115 comm="syz.1.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8b498ebe9 code=0x7ffc0000 [ 1220.122573][ T5909] misc userio: Buffer overflowed, userio client isn't keeping up [ 1220.839772][T15143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2418'. [ 1220.851028][T15143] 9pnet_fd: Insufficient options for proto=fd [ 1221.360180][T15153] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.2419'. [ 1221.375717][T15153] netlink: 4268 bytes leftover after parsing attributes in process `syz.0.2419'. [ 1221.640747][T10774] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 1221.784403][ T5909] input: PS/2 Generic Mouse as /devices/serio2/input/input30 [ 1222.147124][ T5909] psmouse serio2: Failed to enable mouse on [ 1222.197450][T15158] 9pnet_fd: Insufficient options for proto=fd [ 1222.753206][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1222.759859][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1222.882138][T15166] netlink: 'syz.6.2425': attribute type 1 has an invalid length. [ 1222.976970][T15166] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2425'. [ 1224.523910][T15196] overlay: ./file0 is not a directory [ 1225.487693][T15205] netlink: 'syz.0.2439': attribute type 1 has an invalid length. [ 1225.510046][T15205] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2439'. [ 1225.791492][T15213] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1225.890114][T15213] FAULT_INJECTION: forcing a failure. [ 1225.890114][T15213] name failslab, interval 1, probability 0, space 0, times 0 [ 1225.903104][T15213] CPU: 1 UID: 0 PID: 15213 Comm: syz.1.2438 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1225.903133][T15213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1225.903144][T15213] Call Trace: [ 1225.903161][T15213] [ 1225.903171][T15213] dump_stack_lvl+0x189/0x250 [ 1225.903200][T15213] ? __pfx____ratelimit+0x10/0x10 [ 1225.903223][T15213] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1225.903245][T15213] ? __pfx__printk+0x10/0x10 [ 1225.903279][T15213] ? __pfx___might_resched+0x10/0x10 [ 1225.903317][T15213] should_fail_ex+0x414/0x560 [ 1225.903345][T15213] should_failslab+0xa8/0x100 [ 1225.903370][T15213] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1225.903390][T15213] ? __alloc_skb+0x112/0x2d0 [ 1225.903423][T15213] __alloc_skb+0x112/0x2d0 [ 1225.903456][T15213] netlink_sendmsg+0x5c6/0xb30 [ 1225.903496][T15213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1225.903534][T15213] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1225.903554][T15213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1225.903583][T15213] __sock_sendmsg+0x21c/0x270 [ 1225.903612][T15213] ____sys_sendmsg+0x505/0x830 [ 1225.903650][T15213] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1225.903692][T15213] ? import_iovec+0x74/0xa0 [ 1225.903725][T15213] ___sys_sendmsg+0x21f/0x2a0 [ 1225.903758][T15213] ? __pfx____sys_sendmsg+0x10/0x10 [ 1225.903796][T15213] ? rcu_read_unlock_special+0x3fe/0x4c0 [ 1225.903858][T15213] ? __fget_files+0x2a/0x420 [ 1225.903881][T15213] ? __fget_files+0x3a0/0x420 [ 1225.903916][T15213] __x64_sys_sendmsg+0x19b/0x260 [ 1225.903950][T15213] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1225.903993][T15213] ? __pfx_ksys_write+0x10/0x10 [ 1225.904019][T15213] ? do_syscall_64+0xbe/0x3b0 [ 1225.904047][T15213] do_syscall_64+0xfa/0x3b0 [ 1225.904070][T15213] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1225.904090][T15213] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1225.904110][T15213] ? clear_bhb_loop+0x60/0xb0 [ 1225.904135][T15213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1225.904155][T15213] RIP: 0033:0x7fd8b498ebe9 [ 1225.904174][T15213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1225.904192][T15213] RSP: 002b:00007fd8b2bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1225.904215][T15213] RAX: ffffffffffffffda RBX: 00007fd8b4bb6180 RCX: 00007fd8b498ebe9 [ 1225.904230][T15213] RDX: 0000000020000100 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1225.904244][T15213] RBP: 00007fd8b2bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 1225.904256][T15213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1225.904268][T15213] R13: 00007fd8b4bb6218 R14: 00007fd8b4bb6180 R15: 00007fffabb97d38 [ 1225.904311][T15213] [ 1228.142376][T15227] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1228.258742][T15216] syz.0.2441: vmalloc error: size 269484032, failed to allocated page array size 526336, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 1228.282644][T15225] kvm: pic: level sensitive irq not supported [ 1228.282879][T15225] kvm: pic: non byte read [ 1228.453789][T15238] netlink: 'syz.5.2445': attribute type 21 has an invalid length. [ 1228.481634][T15216] CPU: 1 UID: 0 PID: 15216 Comm: syz.0.2441 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1228.481655][T15216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1228.481668][T15216] Call Trace: [ 1228.481673][T15216] [ 1228.481678][T15216] dump_stack_lvl+0x189/0x250 [ 1228.481700][T15216] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1228.481714][T15216] ? __pfx__printk+0x10/0x10 [ 1228.481730][T15216] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1228.481745][T15216] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1228.481761][T15216] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 1228.481777][T15216] warn_alloc+0x214/0x310 [ 1228.481796][T15216] ? __pfx_warn_alloc+0x10/0x10 [ 1228.481816][T15216] ? __get_vm_area_node+0x28f/0x300 [ 1228.481830][T15216] ? __do_replace+0xab/0x970 [ 1228.481848][T15216] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 1228.481880][T15216] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1228.481897][T15216] ? __do_replace+0xab/0x970 [ 1228.481912][T15216] vzalloc_noprof+0xb2/0xf0 [ 1228.481925][T15216] ? __do_replace+0xab/0x970 [ 1228.481941][T15216] __do_replace+0xab/0x970 [ 1228.481964][T15216] ? __pfx___do_replace+0x10/0x10 [ 1228.481981][T15216] ? _copy_from_user+0x94/0xb0 [ 1228.482001][T15216] do_ipt_set_ctl+0xa0d/0xcd0 [ 1228.482021][T15216] ? rcu_is_watching+0x15/0xb0 [ 1228.482034][T15216] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 1228.482061][T15216] ? __pfx___mutex_lock+0x10/0x10 [ 1228.482076][T15216] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1228.482097][T15216] ? ip_setsockopt+0x8a/0x110 [ 1228.482114][T15216] nf_setsockopt+0x26c/0x290 [ 1228.482133][T15216] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1228.482149][T15216] do_sock_setsockopt+0x179/0x1b0 [ 1228.482170][T15216] __x64_sys_setsockopt+0x13f/0x1b0 [ 1228.482190][T15216] do_syscall_64+0xfa/0x3b0 [ 1228.482204][T15216] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1228.482218][T15216] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1228.482232][T15216] ? clear_bhb_loop+0x60/0xb0 [ 1228.482255][T15216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1228.482266][T15216] RIP: 0033:0x7f6b48b8ebe9 [ 1228.482279][T15216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1228.482289][T15216] RSP: 002b:00007f6b49a27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1228.482304][T15216] RAX: ffffffffffffffda RBX: 00007f6b48db6090 RCX: 00007f6b48b8ebe9 [ 1228.482313][T15216] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000006 [ 1228.482321][T15216] RBP: 00007f6b48c11e19 R08: 0000000000007590 R09: 0000000000000000 [ 1228.482329][T15216] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000000 [ 1228.482337][T15216] R13: 00007f6b48db6128 R14: 00007f6b48db6090 R15: 00007ffe485dc4a8 [ 1228.482356][T15216] [ 1228.482379][T15216] Mem-Info: [ 1228.790823][T15216] active_anon:311 inactive_anon:7275 isolated_anon:0 [ 1228.790823][T15216] active_file:16185 inactive_file:39686 isolated_file:0 [ 1228.790823][T15216] unevictable:768 dirty:143 writeback:0 [ 1228.790823][T15216] slab_reclaimable:6223 slab_unreclaimable:111253 [ 1228.790823][T15216] mapped:38195 shmem:4299 pagetables:1154 [ 1228.790823][T15216] sec_pagetables:3 bounce:0 [ 1228.790823][T15216] kernel_misc_reclaimable:0 [ 1228.790823][T15216] free:1293792 free_pcp:7977 free_cma:0 [ 1228.792531][T15238] netlink: 156 bytes leftover after parsing attributes in process `syz.5.2445'. [ 1229.037597][T15216] Node 0 active_anon:1244kB inactive_anon:41000kB active_file:64208kB inactive_file:158744kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:151700kB dirty:568kB writeback:0kB shmem:27060kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12196kB pagetables:4452kB sec_pagetables:12kB all_unreclaimable? no Balloon:0kB [ 1229.912329][T15216] Node 1 active_anon:0kB inactive_anon:0kB active_file:532kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:252kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1230.410203][T15216] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1230.510010][T15216] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 1230.532388][T15216] Node 0 DMA32 free:1237708kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:9640kB inactive_anon:21868kB active_file:62424kB inactive_file:158684kB unevictable:1536kB writepending:584kB present:3129332kB managed:2560996kB mlocked:0kB bounce:0kB free_pcp:33620kB local_pcp:20292kB free_cma:0kB [ 1230.622856][T15216] lowmem_reserve[]: 0 0 1 1 1 [ 1230.668263][T15216] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:40kB active_file:1784kB inactive_file:60kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 1230.921414][T15216] lowmem_reserve[]: 0 0 0 0 0 [ 1230.926306][T15216] Node 1 Normal free:3920184kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:532kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1231.000876][T15216] lowmem_reserve[]: 0 0 0 0 0 [ 1231.026899][T15216] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1231.079162][T15216] Node 0 DMA32: 122*4kB (UM) 42*8kB (UME) 217*16kB (UM) 221*32kB (UME) 249*64kB (UME) 96*128kB (ME) 63*256kB (UME) 32*512kB (ME) 13*1024kB (UME) 5*2048kB (UME) 279*4096kB (UM) = 1238440kB [ 1231.132791][T15216] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1231.164900][T15216] Node 1 Normal: 208*4kB (UME) 41*8kB (UME) 49*16kB (UME) 225*32kB (UME) 104*64kB (UME) 33*128kB (UE) 15*256kB (UM) 6*512kB (UME) 4*1024kB (UME) 3*2048kB (UE) 948*4096kB (M) = 3920184kB [ 1231.205453][T15216] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1231.242879][T15216] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1231.264265][T15216] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1231.360301][T15216] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1231.412892][T15267] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2452'. [ 1231.427044][ T43] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1231.431124][T15268] FAULT_INJECTION: forcing a failure. [ 1231.431124][T15268] name failslab, interval 1, probability 0, space 0, times 0 [ 1231.543254][T15216] 57295 total pagecache pages [ 1231.814015][T15216] 0 pages in swap cache [ 1231.827430][T15216] Free swap = 124996kB [ 1231.827504][T15268] CPU: 1 UID: 0 PID: 15268 Comm: syz.7.2454 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1231.827530][T15268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1231.827541][T15268] Call Trace: [ 1231.827549][T15268] [ 1231.827557][T15268] dump_stack_lvl+0x189/0x250 [ 1231.827585][T15268] ? __pfx____ratelimit+0x10/0x10 [ 1231.827606][T15268] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1231.827627][T15268] ? __pfx__printk+0x10/0x10 [ 1231.827658][T15268] ? __pfx___might_resched+0x10/0x10 [ 1231.827678][T15268] ? fs_reclaim_acquire+0x7d/0x100 [ 1231.827706][T15268] should_fail_ex+0x414/0x560 [ 1231.827732][T15268] should_failslab+0xa8/0x100 [ 1231.827755][T15268] kmem_cache_alloc_noprof+0x73/0x3c0 [ 1231.827773][T15268] ? skb_clone+0x212/0x3a0 [ 1231.827798][T15268] skb_clone+0x212/0x3a0 [ 1231.827815][T15268] ? nfnetlink_rcv+0x486/0x2520 [ 1231.827838][T15268] nfnetlink_rcv+0x4b4/0x2520 [ 1231.827863][T15268] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 1231.827887][T15268] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 1231.827909][T15268] ? __dev_queue_xmit+0x27e/0x3a70 [ 1231.827929][T15268] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.827959][T15268] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1231.827996][T15268] ? ref_tracker_free+0x63a/0x7d0 [ 1231.828015][T15268] ? __copy_skb_header+0xa7/0x550 [ 1231.828036][T15268] ? __pfx_ref_tracker_free+0x10/0x10 [ 1231.828056][T15268] ? __skb_clone+0x63/0x7a0 [ 1231.828088][T15268] ? __skb_clone+0x483/0x7a0 [ 1231.828114][T15268] ? skb_clone+0x246/0x3a0 [ 1231.828136][T15268] ? __netlink_deliver_tap+0x807/0x850 [ 1231.828161][T15268] ? netlink_deliver_tap+0x2e/0x1b0 [ 1231.828193][T15268] ? netlink_deliver_tap+0x2e/0x1b0 [ 1231.828218][T15268] ? netlink_deliver_tap+0x2e/0x1b0 [ 1231.828257][T15268] netlink_unicast+0x75c/0x8e0 [ 1231.828291][T15268] netlink_sendmsg+0x805/0xb30 [ 1231.828327][T15268] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1231.828361][T15268] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1231.828379][T15268] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1231.828406][T15268] __sock_sendmsg+0x21c/0x270 [ 1231.828432][T15268] ____sys_sendmsg+0x505/0x830 [ 1231.828466][T15268] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1231.828502][T15268] ? import_iovec+0x74/0xa0 [ 1231.828531][T15268] ___sys_sendmsg+0x21f/0x2a0 [ 1231.828562][T15268] ? __pfx____sys_sendmsg+0x10/0x10 [ 1231.828626][T15268] ? __fget_files+0x2a/0x420 [ 1231.828647][T15268] ? __fget_files+0x3a0/0x420 [ 1231.828679][T15268] __x64_sys_sendmsg+0x19b/0x260 [ 1231.828710][T15268] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1231.828747][T15268] ? __pfx_ksys_write+0x10/0x10 [ 1231.828763][T15268] ? rcu_is_watching+0x15/0xb0 [ 1231.828789][T15268] ? do_syscall_64+0xbe/0x3b0 [ 1231.828814][T15268] do_syscall_64+0xfa/0x3b0 [ 1231.828833][T15268] ? lockdep_hardirqs_on+0x9c/0x150 [ 1231.828853][T15268] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.828871][T15268] ? clear_bhb_loop+0x60/0xb0 [ 1231.828894][T15268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.828913][T15268] RIP: 0033:0x7f811f98ebe9 [ 1231.828931][T15268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1231.828947][T15268] RSP: 002b:00007f811dbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1231.828968][T15268] RAX: ffffffffffffffda RBX: 00007f811fbb5fa0 RCX: 00007f811f98ebe9 [ 1231.828981][T15268] RDX: 0000000024044010 RSI: 0000200000000100 RDI: 0000000000000003 [ 1231.828993][T15268] RBP: 00007f811dbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 1231.829005][T15268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1231.829016][T15268] R13: 00007f811fbb6038 R14: 00007f811fbb5fa0 R15: 00007ffd564dd908 [ 1231.829047][T15268] [ 1232.098008][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 1232.114923][ T43] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice= 0.6d [ 1232.243306][T15216] Total swap = 124996kB [ 1232.269088][T15216] 2097051 pages RAM [ 1232.272939][T15216] 0 pages HighMem/MovableOnly [ 1232.278885][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1232.297130][ T43] usb 2-1: Product: syz [ 1232.314054][T15216] 424695 pages reserved [ 1232.315152][ T43] usb 2-1: Manufacturer: syz [ 1232.348257][T15216] 0 pages cma reserved [ 1232.355198][ T43] usb 2-1: SerialNumber: syz [ 1232.404630][ T43] usb 2-1: config 0 descriptor?? [ 1232.428455][ T43] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 1233.207501][T15263] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2453'. [ 1233.217321][ T43] gspca_sonixj: reg_w1 err -110 [ 1233.222604][ T43] sonixj 2-1:0.0: probe with driver sonixj failed with error -110 [ 1234.556342][T10774] usb 2-1: USB disconnect, device number 24 [ 1234.876792][T15301] hpfs: Bad magic ... probably not HPFS [ 1235.576189][T15306] fuse: Unknown parameter 'ÿÿÿÿ' [ 1236.153560][T15309] xt_connbytes: Forcing CT accounting to be enabled [ 1236.160609][T15309] set match dimension is over the limit! [ 1237.695432][T15320] C: renamed from team_slave_0 (while UP) [ 1237.734755][T15320] netlink: 'syz.7.2470': attribute type 3 has an invalid length. [ 1237.743539][T15320] netlink: 152 bytes leftover after parsing attributes in process `syz.7.2470'. [ 1237.755780][T15320] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1238.833536][T15326] can0: slcan on ttyS3. [ 1240.077520][T15327] can0 (unregistered): slcan off ttyS3. [ 1240.165185][ T5842] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1240.336271][ T5842] usb 6-1: device descriptor read/64, error -71 [ 1241.117716][T15352] netlink: 'syz.7.2477': attribute type 21 has an invalid length. [ 1241.125834][T15352] netlink: 156 bytes leftover after parsing attributes in process `syz.7.2477'. [ 1241.715228][ T5842] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1241.929157][ T5842] usb 6-1: device descriptor read/64, error -71 [ 1241.982057][T15358] Cannot find del_set index 0 as target [ 1243.045096][ T5842] usb usb6-port1: attempt power cycle [ 1243.135747][T15361] overlay: ./file0 is not a directory [ 1243.692728][ T5842] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1243.851300][ T5842] usb 6-1: device descriptor read/8, error -71 [ 1250.024790][T10774] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1250.028788][T15390] FAULT_INJECTION: forcing a failure. [ 1250.028788][T15390] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1250.051433][T15390] CPU: 0 UID: 0 PID: 15390 Comm: syz.0.2487 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1250.051462][T15390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1250.051474][T15390] Call Trace: [ 1250.051481][T15390] [ 1250.051487][T15390] dump_stack_lvl+0x189/0x250 [ 1250.051508][T15390] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1250.051533][T15390] should_fail_ex+0x414/0x560 [ 1250.051549][T15390] _copy_from_user+0x2d/0xb0 [ 1250.051566][T15390] do_tcp_getsockopt+0x1dd/0x2660 [ 1250.051590][T15390] ? __pfx_do_tcp_getsockopt+0x10/0x10 [ 1250.051607][T15390] ? sock_recv_errqueue+0x470/0x510 [ 1250.051621][T15390] ? __might_fault+0xb0/0x130 [ 1250.051635][T15390] ? _parse_integer_limit+0x1ae/0x1f0 [ 1250.051654][T15390] ? __lock_acquire+0xab9/0xd20 [ 1250.051672][T15390] ? get_pid_task+0x20/0x1f0 [ 1250.051701][T15390] ? __lock_acquire+0xab9/0xd20 [ 1250.051718][T15390] ? __might_fault+0xb0/0x130 [ 1250.051738][T15390] tcp_getsockopt+0x83/0x130 [ 1250.051754][T15390] ? sock_recv_errqueue+0x470/0x510 [ 1250.051768][T15390] ? sock_recv_errqueue+0x470/0x510 [ 1250.051781][T15390] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1250.051798][T15390] do_sock_getsockopt+0x36f/0x450 [ 1250.051817][T15390] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1250.051834][T15390] ? do_syscall_64+0x20/0x3b0 [ 1250.051848][T15390] ? __fget_files+0x3a0/0x420 [ 1250.051861][T15390] ? __fget_files+0x2a/0x420 [ 1250.051878][T15390] __x64_sys_getsockopt+0x1a5/0x250 [ 1250.051895][T15390] ? do_syscall_64+0x20/0x3b0 [ 1250.051909][T15390] ? do_syscall_64+0x20/0x3b0 [ 1250.051924][T15390] do_syscall_64+0xfa/0x3b0 [ 1250.051936][T15390] ? lockdep_hardirqs_on+0x9c/0x150 [ 1250.051948][T15390] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1250.051960][T15390] ? clear_bhb_loop+0x60/0xb0 [ 1250.051975][T15390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1250.051987][T15390] RIP: 0033:0x7f6b48b8ebe9 [ 1250.051999][T15390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1250.052010][T15390] RSP: 002b:00007f6b49a06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1250.052025][T15390] RAX: ffffffffffffffda RBX: 00007f6b48db6180 RCX: 00007f6b48b8ebe9 [ 1250.052034][T15390] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000008 [ 1250.052041][T15390] RBP: 00007f6b49a06090 R08: 0000200000000000 R09: 0000000000000000 [ 1250.052049][T15390] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 1250.052057][T15390] R13: 00007f6b48db6218 R14: 00007f6b48db6180 R15: 00007ffe485dc4a8 [ 1250.052076][T15390] [ 1250.760839][T10774] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1250.797468][T10774] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1250.825860][T10774] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1250.987069][T10774] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1251.003133][T15382] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1251.016968][T10774] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1251.114409][T15400] tipc: New replicast peer: 255.255.255.255 [ 1251.126618][T15400] tipc: Enabled bearer , priority 10 [ 1251.263989][T10774] usb 2-1: USB disconnect, device number 25 [ 1251.642083][T15409] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2493'. [ 1252.325104][T10774] tipc: Node number set to 264530783 [ 1254.191541][T15434] fuse: Unknown parameter 'ÿÿÿÿ' [ 1255.728768][T15447] overlay: ./file0 is not a directory [ 1256.972066][T15458] FAULT_INJECTION: forcing a failure. [ 1256.972066][T15458] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1256.985356][T15458] CPU: 0 UID: 0 PID: 15458 Comm: syz.1.2507 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1256.985383][T15458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1256.985394][T15458] Call Trace: [ 1256.985402][T15458] [ 1256.985411][T15458] dump_stack_lvl+0x189/0x250 [ 1256.985439][T15458] ? __pfx____ratelimit+0x10/0x10 [ 1256.985455][T15458] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1256.985469][T15458] ? __pfx__printk+0x10/0x10 [ 1256.985484][T15458] ? __might_fault+0xb0/0x130 [ 1256.985504][T15458] should_fail_ex+0x414/0x560 [ 1256.985521][T15458] _copy_to_iter+0x1db/0x16f0 [ 1256.985544][T15458] ? __pfx__copy_to_iter+0x10/0x10 [ 1256.985566][T15458] ? splice_from_pipe_next+0x608/0x660 [ 1256.985579][T15458] ? page_copy_sane+0x4e/0x280 [ 1256.985595][T15458] copy_page_to_iter+0x10c/0x1c0 [ 1256.985613][T15458] pipe_to_user+0xa8/0x140 [ 1256.985629][T15458] __splice_from_pipe+0x34a/0x920 [ 1256.985651][T15458] ? __pfx_pipe_to_user+0x10/0x10 [ 1256.985667][T15458] __se_sys_vmsplice+0x316/0x10d0 [ 1256.985688][T15458] ? kvm_sched_clock_read+0x11/0x20 [ 1256.985699][T15458] ? sched_clock+0x3f/0x60 [ 1256.985727][T15458] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 1256.985749][T15458] ? rcu_is_watching+0x15/0xb0 [ 1256.985763][T15458] ? trace_sched_exit_tp+0x38/0x120 [ 1256.985781][T15458] ? __schedule+0x16c8/0x4c90 [ 1256.985809][T15458] ? __pfx___schedule+0x10/0x10 [ 1256.985831][T15458] ? do_syscall_64+0xbe/0x3b0 [ 1256.985847][T15458] do_syscall_64+0xfa/0x3b0 [ 1256.985861][T15458] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.985872][T15458] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1256.985884][T15458] ? clear_bhb_loop+0x60/0xb0 [ 1256.985898][T15458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.985910][T15458] RIP: 0033:0x7fd8b498ebe9 [ 1256.985922][T15458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1256.985932][T15458] RSP: 002b:00007fd8b2bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1256.985947][T15458] RAX: ffffffffffffffda RBX: 00007fd8b4bb6180 RCX: 00007fd8b498ebe9 [ 1256.985956][T15458] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000004 [ 1256.985963][T15458] RBP: 00007fd8b2bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 1256.985970][T15458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1256.985977][T15458] R13: 00007fd8b4bb6218 R14: 00007fd8b4bb6180 R15: 00007fffabb97d38 [ 1256.985997][T15458] [ 1257.448756][T15460] netlink: 92 bytes leftover after parsing attributes in process `syz.6.2508'. [ 1257.494611][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1257.494664][ T30] audit: type=1400 audit(1755095226.795:1052): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=15459 comm="syz.6.2508" src=1 dest=20000 netif=wpan0 [ 1257.643590][T15464] comedi: valid board names for 8255 driver are: [ 1257.649959][T15464] 8255 [ 1257.652737][T15464] comedi: valid board names for vmk80xx driver are: [ 1257.659421][T15464] vmk80xx [ 1257.662446][T15464] comedi: valid board names for usbduxsigma driver are: [ 1257.669401][T15464] usbduxsigma [ 1257.672765][T15464] comedi: valid board names for usbduxfast driver are: [ 1257.679638][T15464] usbduxfast [ 1257.682926][T15464] comedi: valid board names for usbdux driver are: [ 1257.689881][T15464] usbdux [ 1257.692818][T15464] comedi: valid board names for ni6501 driver are: [ 1257.699447][T15464] ni6501 [ 1257.702382][T15464] comedi: valid board names for dt9812 driver are: [ 1257.709004][T15464] dt9812 [ 1257.711954][T15464] comedi: valid board names for ni_labpc_cs driver are: [ 1257.718957][T15464] ni_labpc_cs [ 1257.722374][T15464] comedi: valid board names for ni_daq_700 driver are: [ 1257.729292][T15464] ni_daq_700 [ 1257.732681][T15464] comedi: valid board names for labpc_pci driver are: [ 1257.739475][T15464] labpc_pci [ 1257.742673][T15464] comedi: valid board names for adl_pci9118 driver are: [ 1257.749761][T15464] pci9118dg [ 1257.752971][T15464] pci9118hg [ 1257.756201][T15464] pci9118hr [ 1257.759406][T15464] comedi: valid board names for 8255_pci driver are: [ 1257.766115][T15464] 8255_pci [ 1257.769222][T15464] comedi: valid board names for s526 driver are: [ 1257.775573][T15464] s526 [ 1257.778347][T15464] comedi: valid board names for multiq3 driver are: [ 1257.784995][T15464] multiq3 [ 1257.788040][T15464] comedi: valid board names for pcmuio driver are: [ 1257.794565][T15464] pcmuio48 [ 1257.798114][T15464] pcmuio96 [ 1257.801228][T15464] comedi: valid board names for pcmmio driver are: [ 1257.807798][T15464] pcmmio [ 1257.810740][T15464] comedi: valid board names for pcmda12 driver are: [ 1257.817371][T15464] pcmda12 [ 1257.820399][T15464] comedi: valid board names for pcmad driver are: [ 1257.826876][T15464] pcmad12 [ 1257.829922][T15464] pcmad16 [ 1257.832992][T15464] comedi: valid board names for ni_labpc driver are: [ 1257.839775][T15464] lab-pc-1200 [ 1257.843147][T15464] lab-pc-1200ai [ 1257.846903][T15464] lab-pc+ [ 1257.849922][T15464] comedi: valid board names for atmio16 driver are: [ 1257.856537][T15464] atmio16 [ 1257.859642][T15464] atmio16d [ 1257.862748][T15464] comedi: valid board names for ni_at_ao driver are: [ 1257.869447][T15464] at-ao-6 [ 1257.872477][T15464] at-ao-10 [ 1257.875599][T15464] comedi: valid board names for ni_at_a2150 driver are: [ 1257.882681][T15464] ni_at_a2150 [ 1257.886052][T15464] comedi: valid board names for adq12b driver are: [ 1257.893103][T15464] adq12b [ 1257.896037][T15464] comedi: valid board names for mpc624 driver are: [ 1257.902670][T15464] mpc624 [ 1257.905689][T15464] comedi: valid board names for c6xdigio driver are: [ 1257.913007][T15464] c6xdigio [ 1257.916127][T15464] comedi: valid board names for aio_iiro_16 driver are: [ 1257.923106][T15464] aio_iiro_16 [ 1257.926492][T15464] comedi: valid board names for aio_aio12_8 driver are: [ 1257.933467][T15464] aio_aio12_8 [ 1257.936838][T15464] aio_ai12_8 [ 1257.940121][T15464] aio_ao12_4 [ 1257.943458][T15464] comedi: valid board names for fl512 driver are: [ 1257.950131][T15464] fl512 [ 1257.953033][T15464] comedi: valid board names for dmm32at driver are: [ 1257.959703][T15464] dmm32at [ 1257.962731][T15464] comedi: valid board names for dt282x driver are: [ 1257.969448][T15464] dt2821 [ 1257.972392][T15464] dt2821-f [ 1257.975564][T15464] dt2821-g [ 1257.978686][T15464] dt2823 [ 1257.981720][T15464] dt2824-pgh [ 1257.985045][T15464] dt2824-pgl [ 1257.988328][T15464] dt2825 [ 1257.991262][T15464] dt2827 [ 1257.994205][T15464] dt2828 [ 1257.997176][T15464] dt2829 [ 1258.000111][T15464] dt21-ez [ 1258.003130][T15464] dt23-ez [ 1258.006177][T15464] dt24-ez [ 1258.009216][T15464] dt24-ez-pgl [ 1258.012585][T15464] comedi: valid board names for dt2817 driver are: [ 1258.019516][T15464] dt2817 [ 1258.022455][T15464] comedi: valid board names for dt2815 driver are: [ 1258.029102][T15464] dt2815 [ 1258.032067][T15464] comedi: valid board names for dt2814 driver are: [ 1258.038616][T15464] dt2814 [ 1258.041646][T15464] comedi: valid board names for dt2811 driver are: [ 1258.048323][T15464] dt2811-pgh [ 1258.051640][T15464] dt2811-pgl [ 1258.054957][T15464] comedi: valid board names for dt2801 driver are: [ 1258.061506][T15464] dt2801 [ 1258.064457][T15464] comedi: valid board names for das6402 driver are: [ 1258.071095][T15464] das6402-12 [ 1258.074380][T15464] das6402-16 [ 1258.077675][T15464] comedi: valid board names for das1800 driver are: [ 1258.084309][T15464] das-1701st [ 1258.087601][T15464] das-1701st-da [ 1258.091171][T15464] das-1702st [ 1258.094483][T15464] das-1702st-da [ 1258.098056][T15464] das-1702hr [ 1258.101348][T15464] das-1702hr-da [ 1258.105018][T15464] das-1701ao [ 1258.108390][T15464] das-1702ao [ 1258.111692][T15464] das-1801st [ 1258.115028][T15464] das-1801st-da [ 1258.118578][T15464] das-1802st [ 1258.121869][T15464] das-1802st-da [ 1258.126151][T15464] das-1802hr [ 1258.129447][T15464] das-1802hr-da [ 1258.132990][T15464] das-1801hc [ 1258.136339][T15464] das-1802hc [ 1258.139636][T15464] das-1801ao [ 1258.142928][T15464] das-1802ao [ 1258.146263][T15464] comedi: valid board names for das800 driver are: [ 1258.152762][T15464] das-800 [ 1258.155813][T15464] cio-das800 [ 1258.159105][T15464] das-801 [ 1258.162134][T15464] cio-das801 [ 1258.165441][T15464] das-802 [ 1258.168560][T15464] cio-das802 [ 1258.171963][T15464] cio-das802/16 [ 1258.175531][T15464] comedi: valid board names for isa-das08 driver are: [ 1258.182419][T15464] isa-das08 [ 1258.185620][T15464] das08-pgm [ 1258.188898][T15464] das08-pgh [ 1258.192111][T15464] das08-pgl [ 1258.195328][T15464] das08-aoh [ 1258.198567][T15464] das08-aol [ 1258.201767][T15464] das08-aom [ 1258.204980][T15464] das08/jr-ao [ 1258.208361][T15464] das08jr-16-ao [ 1258.212048][T15464] pc104-das08 [ 1258.215415][T15464] das08jr/16 [ 1258.218694][T15464] comedi: valid board names for das16m1 driver are: [ 1258.225504][T15464] das16m1 [ 1258.228530][T15464] comedi: valid board names for dac02 driver are: [ 1258.235497][T15464] dac02 [ 1258.238447][T15464] comedi: valid board names for rti802 driver are: [ 1258.244977][T15464] rti802 [ 1258.247922][T15464] comedi: valid board names for rti800 driver are: [ 1258.254474][T15464] rti800 [ 1258.257409][T15464] rti815 [ 1258.260342][T15464] comedi: valid board names for pcm3724 driver are: [ 1258.266955][T15464] pcm3724 [ 1258.269976][T15464] comedi: valid board names for pcl818 driver are: [ 1258.276529][T15464] pcl818l [ 1258.279556][T15464] pcl818h [ 1258.282582][T15464] pcl818hd [ 1258.285707][T15464] pcl818hg [ 1258.288830][T15464] pcl818 [ 1258.291764][T15464] pcl718 [ 1258.294734][T15464] pcm3718 [ 1258.297752][T15464] comedi: valid board names for pcl816 driver are: [ 1258.304245][T15464] pcl816 [ 1258.307213][T15464] pcl814b [ 1258.310235][T15464] comedi: valid board names for pcl812 driver are: [ 1258.316763][T15464] pcl812 [ 1258.319696][T15464] pcl812pg [ 1258.322803][T15464] acl8112pg [ 1258.326001][T15464] acl8112dg [ 1258.329225][T15464] acl8112hg [ 1258.332504][T15464] a821pgl [ 1258.335520][T15464] a821pglnda [ 1258.338828][T15464] a821pgh [ 1258.341867][T15464] a822pgl [ 1258.345297][T15464] a822pgh [ 1258.348381][T15464] a823pgl [ 1258.351408][T15464] a823pgh [ 1258.354440][T15464] pcl813 [ 1258.357373][T15464] pcl813b [ 1258.360423][T15464] acl8113 [ 1258.363443][T15464] iso813 [ 1258.366405][T15464] acl8216 [ 1258.369452][T15464] a826pg [ 1258.372394][T15464] comedi: valid board names for pcl730 driver are: [ 1258.378905][T15464] pcl730 [ 1258.381885][T15464] iso730 [ 1258.384820][T15464] acl7130 [ 1258.387854][T15464] pcm3730 [ 1258.390920][T15464] pcl725 [ 1258.393854][T15464] p8r8dio [ 1258.396870][T15464] acl7225b [ 1258.399972][T15464] p16r16dio [ 1258.403206][T15464] pcl733 [ 1258.406156][T15464] pcl734 [ 1258.409105][T15464] opmm-1616-xt [ 1258.412603][T15464] pearl-mm-p [ 1258.415882][T15464] ir104-pbf [ 1258.419072][T15464] comedi: valid board names for pcl726 driver are: [ 1258.425640][T15464] pcl726 [ 1258.428601][T15464] pcl727 [ 1258.431533][T15464] pcl728 [ 1258.434494][T15464] acl6126 [ 1258.437509][T15464] acl6128 [ 1258.440531][T15464] comedi: valid board names for pcl724 driver are: [ 1258.447142][T15464] pcl724 [ 1258.450074][T15464] pcl722 [ 1258.453092][T15464] pcl731 [ 1258.456453][T15464] acl7122 [ 1258.459472][T15464] acl7124 [ 1258.462489][T15464] pet48dio [ 1258.465641][T15464] pcmio48 [ 1258.468659][T15464] onyx-mm-dio [ 1258.472123][T15464] comedi: valid board names for pcl711 driver are: [ 1258.478896][T15464] pcl711 [ 1258.481841][T15464] pcl711b [ 1258.485465][T15464] acl8112hg [ 1258.488732][T15464] acl8112dg [ 1258.491953][T15464] comedi: valid board names for amplc_pc263 driver are: [ 1258.498945][T15464] pc263 [ 1258.501891][T15464] comedi: valid board names for amplc_pc236 driver are: [ 1258.508942][T15464] pc36at [ 1258.511874][T15464] comedi: valid board names for amplc_dio200 driver are: [ 1258.519014][T15464] pc212e [ 1258.521953][T15464] pc214e [ 1258.524885][T15464] pc215e [ 1258.527812][T15464] pc218e [ 1258.530777][T15464] pc272e [ 1258.533705][T15464] comedi: valid board names for comedi_parport driver are: [ 1258.540913][T15464] comedi_parport [ 1258.544537][T15464] comedi: valid board names for comedi_test driver are: [ 1258.552186][T15464] comedi_test [ 1258.555597][T15464] comedi: valid board names for comedi_bond driver are: [ 1258.565120][T15464] comedi_bond [ 1258.859328][T15473] netlink: 'syz.6.2513': attribute type 21 has an invalid length. [ 1258.911327][T15473] netlink: 156 bytes leftover after parsing attributes in process `syz.6.2513'. [ 1259.008588][T15482] netlink: 'syz.6.2513': attribute type 21 has an invalid length. [ 1259.024261][T15482] netlink: 6 bytes leftover after parsing attributes in process `syz.6.2513'. [ 1259.294815][T15489] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1260.298192][T15495] sctp: [Deprecated]: syz.5.2519 (pid 15495) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1260.298192][T15495] Use struct sctp_sack_info instead [ 1260.927434][T15503] kernel read not supported for file /!se÷ih,i¬PælNnuxselinux (pid: 15503 comm: syz.5.2521) [ 1260.941067][ T30] audit: type=1800 audit(1755095230.013:1053): pid=15503 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.2521" name=217365F769682C1769AC50E66C4E6E757873656C696E7578 dev="mqueue" ino=48043 res=0 errno=0 [ 1261.440896][T15511] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2523'. [ 1261.451901][T15511] netlink: 204 bytes leftover after parsing attributes in process `syz.5.2523'. [ 1261.463090][T15511] netlink: 204 bytes leftover after parsing attributes in process `syz.5.2523'. [ 1261.984571][T15518] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1262.120393][T15522] fuse: Unknown parameter 'ÿÿÿÿ' [ 1263.177338][T15528] overlayfs: missing 'workdir' [ 1263.701061][T15535] netlink: 209592 bytes leftover after parsing attributes in process `syz.6.2529'. [ 1264.827711][T15550] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2533'. [ 1265.687817][T15569] netlink: 84 bytes leftover after parsing attributes in process `syz.7.2539'. [ 1265.965521][ T30] audit: type=1400 audit(1755095234.691:1054): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=15568 comm="syz.7.2539" src=1 dest=20000 netif=wpan0 [ 1266.313838][ T5842] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1266.504292][ T5842] usb 6-1: Using ep0 maxpacket: 16 [ 1266.539695][ T5842] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1266.570990][ T5842] usb 6-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=9d.03 [ 1266.583641][ T5842] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1266.751193][ T5842] usb 6-1: Product: syz [ 1266.760773][ T5842] usb 6-1: Manufacturer: syz [ 1266.771585][ T5842] usb 6-1: SerialNumber: syz [ 1266.788587][ T5842] usb 6-1: config 0 descriptor?? [ 1266.879821][T15576] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2541'. [ 1267.597105][ T5842] gl620a 6-1:0.0: probe with driver gl620a failed with error -22 [ 1267.928046][T15572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1267.947517][T15572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1268.070506][T15585] netlink: 'syz.1.2543': attribute type 2 has an invalid length. [ 1268.104025][T15585] netlink: 'syz.1.2543': attribute type 1 has an invalid length. [ 1268.138353][T15585] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2543'. [ 1268.667623][T15572] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1268.704611][ T5917] usb 6-1: USB disconnect, device number 10 [ 1269.028438][T15590] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1270.261494][T15602] FAULT_INJECTION: forcing a failure. [ 1270.261494][T15602] name failslab, interval 1, probability 0, space 0, times 0 [ 1270.398225][T15602] CPU: 0 UID: 0 PID: 15602 Comm: syz.5.2548 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1270.398256][T15602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1270.398269][T15602] Call Trace: [ 1270.398277][T15602] [ 1270.398285][T15602] dump_stack_lvl+0x189/0x250 [ 1270.398314][T15602] ? __pfx____ratelimit+0x10/0x10 [ 1270.398361][T15602] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1270.398391][T15602] ? __pfx__printk+0x10/0x10 [ 1270.398426][T15602] ? __pfx___might_resched+0x10/0x10 [ 1270.398447][T15602] ? fs_reclaim_acquire+0x7d/0x100 [ 1270.398477][T15602] should_fail_ex+0x414/0x560 [ 1270.398506][T15602] should_failslab+0xa8/0x100 [ 1270.398531][T15602] __kmalloc_cache_noprof+0x70/0x3d0 [ 1270.398551][T15602] ? tcf_block_get_ext+0x68d/0x17d0 [ 1270.398585][T15602] tcf_block_get_ext+0x68d/0x17d0 [ 1270.398639][T15602] tcf_block_get+0x67/0xa0 [ 1270.398665][T15602] ? __pfx_tcf_chain_head_change_dflt+0x10/0x10 [ 1270.398699][T15602] cake_init+0x1cb/0x830 [ 1270.398736][T15602] ? qdisc_alloc+0x7a1/0xaa0 [ 1270.398766][T15602] ? __pfx_cake_init+0x10/0x10 [ 1270.398795][T15602] qdisc_create+0x7ac/0xea0 [ 1270.398831][T15602] tc_modify_qdisc+0x1538/0x20e0 [ 1270.398881][T15602] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 1270.398944][T15602] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 1270.398967][T15602] rtnetlink_rcv_msg+0x779/0xb70 [ 1270.398999][T15602] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1270.399025][T15602] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1270.399060][T15602] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 1270.399102][T15602] netlink_rcv_skb+0x205/0x470 [ 1270.399137][T15602] ? rcu_is_watching+0x15/0xb0 [ 1270.399160][T15602] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1270.399189][T15602] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1270.399234][T15602] ? netlink_deliver_tap+0x2e/0x1b0 [ 1270.399284][T15602] netlink_unicast+0x75c/0x8e0 [ 1270.399346][T15602] netlink_sendmsg+0x805/0xb30 [ 1270.399371][T15602] ? rcu_is_watching+0x15/0xb0 [ 1270.399403][T15602] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1270.399435][T15602] ? irqentry_exit+0x74/0x90 [ 1270.399461][T15602] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1270.399481][T15602] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1270.399519][T15602] __sock_sendmsg+0x21c/0x270 [ 1270.399549][T15602] ____sys_sendmsg+0x505/0x830 [ 1270.399587][T15602] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1270.399630][T15602] ? import_iovec+0x74/0xa0 [ 1270.399663][T15602] ___sys_sendmsg+0x21f/0x2a0 [ 1270.399698][T15602] ? __pfx____sys_sendmsg+0x10/0x10 [ 1270.399726][T15602] ? preempt_schedule_common+0x83/0xd0 [ 1270.399793][T15602] ? __fget_files+0x2a/0x420 [ 1270.399815][T15602] ? __fget_files+0x3a0/0x420 [ 1270.399851][T15602] __x64_sys_sendmsg+0x19b/0x260 [ 1270.399885][T15602] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1270.399929][T15602] ? __pfx_ksys_write+0x10/0x10 [ 1270.399946][T15602] ? rcu_is_watching+0x15/0xb0 [ 1270.399976][T15602] ? do_syscall_64+0xbe/0x3b0 [ 1270.400004][T15602] do_syscall_64+0xfa/0x3b0 [ 1270.400027][T15602] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1270.400048][T15602] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1270.400068][T15602] ? clear_bhb_loop+0x60/0xb0 [ 1270.400094][T15602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1270.400122][T15602] RIP: 0033:0x7f9f68d8ebe9 [ 1270.400142][T15602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1270.400161][T15602] RSP: 002b:00007f9f69cae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1270.400185][T15602] RAX: ffffffffffffffda RBX: 00007f9f68fb5fa0 RCX: 00007f9f68d8ebe9 [ 1270.400201][T15602] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 1270.400214][T15602] RBP: 00007f9f69cae090 R08: 0000000000000000 R09: 0000000000000000 [ 1270.400227][T15602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1270.400239][T15602] R13: 00007f9f68fb6038 R14: 00007f9f68fb5fa0 R15: 00007fff91a50778 [ 1270.400274][T15602] [ 1270.786783][ C0] vkms_vblank_simulate: vblank timer overrun [ 1270.983009][ T5917] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1271.120878][ T30] audit: type=1400 audit(1755095239.518:1055): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=15605 comm="syz.6.2549" src=1 dest=20000 netif=wpan0 [ 1271.254823][T15609] FAULT_INJECTION: forcing a failure. [ 1271.254823][T15609] name failslab, interval 1, probability 0, space 0, times 0 [ 1271.268331][T15609] CPU: 0 UID: 0 PID: 15609 Comm: syz.0.2550 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1271.268349][T15609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1271.268357][T15609] Call Trace: [ 1271.268361][T15609] [ 1271.268366][T15609] dump_stack_lvl+0x189/0x250 [ 1271.268386][T15609] ? __pfx____ratelimit+0x10/0x10 [ 1271.268399][T15609] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1271.268412][T15609] ? __pfx__printk+0x10/0x10 [ 1271.268432][T15609] ? __pfx___might_resched+0x10/0x10 [ 1271.268445][T15609] ? fs_reclaim_acquire+0x7d/0x100 [ 1271.268462][T15609] should_fail_ex+0x414/0x560 [ 1271.268478][T15609] should_failslab+0xa8/0x100 [ 1271.268493][T15609] __kmalloc_noprof+0xcb/0x4f0 [ 1271.268504][T15609] ? fib6_info_alloc+0x30/0xf0 [ 1271.268522][T15609] fib6_info_alloc+0x30/0xf0 [ 1271.268537][T15609] ip6_route_info_create+0x142/0x860 [ 1271.268552][T15609] ? inet6_rtm_newroute+0x2ee/0x18c0 [ 1271.268570][T15609] inet6_rtm_newroute+0x47e/0x18c0 [ 1271.268592][T15609] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 1271.268618][T15609] ? __kernel_text_address+0xd/0x40 [ 1271.268635][T15609] ? unwind_get_return_address+0x4d/0x90 [ 1271.268647][T15609] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1271.268662][T15609] ? arch_stack_walk+0xfc/0x150 [ 1271.268696][T15609] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 1271.268710][T15609] rtnetlink_rcv_msg+0x7cc/0xb70 [ 1271.268728][T15609] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1271.268743][T15609] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1271.268768][T15609] netlink_rcv_skb+0x205/0x470 [ 1271.268785][T15609] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1271.268802][T15609] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1271.268826][T15609] ? netlink_deliver_tap+0x2e/0x1b0 [ 1271.268842][T15609] ? netlink_deliver_tap+0x2e/0x1b0 [ 1271.268861][T15609] netlink_unicast+0x75c/0x8e0 [ 1271.268883][T15609] netlink_sendmsg+0x805/0xb30 [ 1271.268905][T15609] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1271.268928][T15609] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1271.268940][T15609] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1271.268956][T15609] __sock_sendmsg+0x21c/0x270 [ 1271.268973][T15609] ____sys_sendmsg+0x52d/0x830 [ 1271.268994][T15609] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1271.269018][T15609] ? import_iovec+0x74/0xa0 [ 1271.269036][T15609] ___sys_sendmsg+0x21f/0x2a0 [ 1271.269055][T15609] ? __pfx____sys_sendmsg+0x10/0x10 [ 1271.269095][T15609] ? __fget_files+0x2a/0x420 [ 1271.269108][T15609] ? __fget_files+0x3a0/0x420 [ 1271.269128][T15609] __sys_sendmmsg+0x227/0x430 [ 1271.269149][T15609] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1271.269165][T15609] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1271.269204][T15609] ? ksys_write+0x22a/0x250 [ 1271.269217][T15609] ? __pfx_ksys_write+0x10/0x10 [ 1271.269233][T15609] __x64_sys_sendmmsg+0xa0/0xc0 [ 1271.269252][T15609] do_syscall_64+0xfa/0x3b0 [ 1271.269264][T15609] ? lockdep_hardirqs_on+0x9c/0x150 [ 1271.269276][T15609] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1271.269288][T15609] ? clear_bhb_loop+0x60/0xb0 [ 1271.269303][T15609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1271.269314][T15609] RIP: 0033:0x7f6b48b8ebe9 [ 1271.269325][T15609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1271.269336][T15609] RSP: 002b:00007f6b49a48038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1271.269349][T15609] RAX: ffffffffffffffda RBX: 00007f6b48db5fa0 RCX: 00007f6b48b8ebe9 [ 1271.269358][T15609] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 000000000000000b [ 1271.269367][T15609] RBP: 00007f6b49a48090 R08: 0000000000000000 R09: 0000000000000000 [ 1271.269374][T15609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1271.269381][T15609] R13: 00007f6b48db6038 R14: 00007f6b48db5fa0 R15: 00007ffe485dc4a8 [ 1271.269400][T15609] [ 1271.638314][ C0] vkms_vblank_simulate: vblank timer overrun [ 1271.645298][ T5917] usb 2-1: Using ep0 maxpacket: 16 [ 1271.782919][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 1271.831322][ T5917] usb 2-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 1271.859383][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1271.878474][ T5917] usb 2-1: Product: syz [ 1271.897206][ T5917] usb 2-1: Manufacturer: syz [ 1271.910427][ T5917] usb 2-1: SerialNumber: syz [ 1271.920996][ T5917] usb 2-1: config 0 descriptor?? [ 1271.931525][ T5917] kobil_sct 2-1:0.0: KOBIL USB smart card terminal converter detected [ 1272.153573][ T5917] usb 2-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 1272.614179][ T5917] usb 2-1: USB disconnect, device number 26 [ 1272.662998][ T5917] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 1272.721068][ T5917] kobil_sct 2-1:0.0: device disconnected [ 1273.970843][T15637] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2558'. [ 1274.040686][ T30] audit: type=1400 audit(1755095242.278:1056): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=15636 comm="syz.5.2558" src=1 dest=20000 netif=wpan0 [ 1274.583705][T15650] sctp: [Deprecated]: syz.0.2562 (pid 15650) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1274.583705][T15650] Use struct sctp_sack_info instead [ 1274.949848][T15653] netlink: 'syz.5.2563': attribute type 21 has an invalid length. [ 1274.986511][T15653] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2563'. [ 1275.007849][T15653] netlink: 43 bytes leftover after parsing attributes in process `syz.5.2563'. [ 1276.819957][T15674] netlink: 84 bytes leftover after parsing attributes in process `syz.7.2571'. [ 1276.869637][ T30] audit: type=1400 audit(1755095244.916:1057): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=15672 comm="syz.7.2571" src=1 dest=20000 netif=wpan0 [ 1277.094034][T15675] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2570'. [ 1278.766056][T15695] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 1278.786627][T15695] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1282.116148][T15716] FAULT_INJECTION: forcing a failure. [ 1282.116148][T15716] name failslab, interval 1, probability 0, space 0, times 0 [ 1282.128984][T15716] CPU: 0 UID: 0 PID: 15716 Comm: syz.1.2581 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1282.129002][T15716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1282.129010][T15716] Call Trace: [ 1282.129015][T15716] [ 1282.129020][T15716] dump_stack_lvl+0x189/0x250 [ 1282.129047][T15716] ? __pfx____ratelimit+0x10/0x10 [ 1282.129061][T15716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1282.129075][T15716] ? __pfx__printk+0x10/0x10 [ 1282.129092][T15716] ? __pfx___might_resched+0x10/0x10 [ 1282.129105][T15716] ? fs_reclaim_acquire+0x7d/0x100 [ 1282.129123][T15716] should_fail_ex+0x414/0x560 [ 1282.129139][T15716] should_failslab+0xa8/0x100 [ 1282.129153][T15716] __kmalloc_noprof+0xcb/0x4f0 [ 1282.129164][T15716] ? tomoyo_encode+0x28b/0x550 [ 1282.129182][T15716] tomoyo_encode+0x28b/0x550 [ 1282.129201][T15716] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1282.129222][T15716] ? tomoyo_domain+0xda/0x130 [ 1282.129241][T15716] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1282.129254][T15716] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1282.129268][T15716] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1282.129293][T15716] ? __lock_acquire+0xab9/0xd20 [ 1282.129318][T15716] ? __fget_files+0x2a/0x420 [ 1282.129333][T15716] ? __fget_files+0x2a/0x420 [ 1282.129345][T15716] ? __fget_files+0x3a0/0x420 [ 1282.129357][T15716] ? __fget_files+0x2a/0x420 [ 1282.129373][T15716] security_file_ioctl+0xcb/0x2d0 [ 1282.129388][T15716] __se_sys_ioctl+0x47/0x170 [ 1282.129408][T15716] do_syscall_64+0xfa/0x3b0 [ 1282.129420][T15716] ? lockdep_hardirqs_on+0x9c/0x150 [ 1282.129433][T15716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1282.129445][T15716] ? clear_bhb_loop+0x60/0xb0 [ 1282.129459][T15716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1282.129471][T15716] RIP: 0033:0x7fd8b498ebe9 [ 1282.129482][T15716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1282.129493][T15716] RSP: 002b:00007fd8b5722038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1282.129507][T15716] RAX: ffffffffffffffda RBX: 00007fd8b4bb6090 RCX: 00007fd8b498ebe9 [ 1282.129515][T15716] RDX: 0000200000000480 RSI: 000000004048aecb RDI: 0000000000000006 [ 1282.129523][T15716] RBP: 00007fd8b5722090 R08: 0000000000000000 R09: 0000000000000000 [ 1282.129530][T15716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1282.129537][T15716] R13: 00007fd8b4bb6128 R14: 00007fd8b4bb6090 R15: 00007fffabb97d38 [ 1282.129557][T15716] [ 1282.129586][T15716] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1285.119559][T10805] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1285.527613][T15726] Unsupported ieee802154 address type: 0 [ 1285.627732][T10805] usb 6-1: Using ep0 maxpacket: 8 [ 1285.639318][T10805] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1285.661689][T10805] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1285.679405][ T30] audit: type=1400 audit(1755095253.158:1058): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=15731 comm="syz.7.2589" src=1 dest=20000 netif=wpan0 [ 1285.763128][T10805] usb 6-1: config 0 descriptor?? [ 1286.771341][T10805] usb 6-1: can't set config #0, error -71 [ 1286.782358][T10805] usb 6-1: USB disconnect, device number 11 [ 1287.616298][T15754] syz.7.2595: attempt to access beyond end of device [ 1287.616298][T15754] nbd7: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1287.630473][T15754] SQUASHFS error: Failed to read block 0x0: -5 [ 1287.637891][T15754] unable to read squashfs_super_block [ 1288.492226][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1288.498793][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1293.201601][T15804] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1293.216178][T15804] ------------[ cut here ]------------ [ 1293.223064][T15804] WARNING: CPU: 0 PID: 15804 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310 [ 1293.234149][T15804] Modules linked in: [ 1293.239297][T15804] CPU: 0 UID: 0 PID: 15804 Comm: syz.0.2608 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1293.249987][T15804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1293.260824][T15804] RIP: 0010:folio_memcg+0x1a8/0x310 [ 1293.267745][T15804] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 1293.288669][T15804] RSP: 0018:ffffc90003787250 EFLAGS: 00010287 [ 1293.295545][T15804] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000 [ 1293.304122][T15804] RDX: ffffc90004772000 RSI: 000000000000071d RDI: 000000000000071e [ 1293.312229][T15804] RBP: 0000000000000000 R08: ffffea00012a7547 R09: 1ffffd4000254ea8 [ 1293.320570][T15804] R10: dffffc0000000000 R11: fffff94000254ea9 R12: ffffea00012a7570 [ 1293.328750][T15804] R13: dffffc0000000000 R14: ffff88807a991000 R15: 0000000000000002 [ 1293.336836][T15804] FS: 00007f6b49a486c0(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000 [ 1293.345969][T15804] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1293.352637][T15804] CR2: 0000000000000000 CR3: 0000000034470000 CR4: 00000000003526f0 [ 1293.360730][T15804] Call Trace: [ 1293.364055][T15804] [ 1293.367080][T15804] workingset_activation+0x5f/0x4a0 [ 1293.372783][T15804] ? folio_mark_accessed+0x361/0x4a0 [ 1293.378679][T15804] folio_mark_accessed+0x3b5/0x4a0 [ 1293.383867][T15804] kvm_release_page_clean+0x9a/0xe0 [ 1293.389165][T15804] kvm_tdp_page_fault+0x2dd/0x370 [ 1293.394251][T15804] kvm_mmu_do_page_fault+0x2c5/0x640 [ 1293.399726][T15804] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 1293.405577][T15804] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 1293.411182][T15804] ? __pfx_current_save_fsgs+0x10/0x10 [ 1293.416666][T15804] kvm_mmu_page_fault+0x22f/0xb70 [ 1293.421847][T15804] ? __pfx_handle_ept_violation+0x10/0x10 [ 1293.427611][T15804] vmx_handle_exit+0x1090/0x18a0 [ 1293.432677][T15804] ? vcpu_run+0x361c/0x6f70 [ 1293.437249][T15804] vcpu_run+0x432e/0x6f70 [ 1293.441786][T15804] ? vcpu_run+0x361c/0x6f70 [ 1293.446774][T15804] ? __pfx_vcpu_run+0x10/0x10 [ 1293.451507][T15804] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 1293.457331][T15804] ? rcu_is_watching+0x15/0xb0 [ 1293.462307][T15804] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 1293.468091][T15804] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 1293.473962][T15804] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 1293.480196][T15804] ? rcu_is_watching+0x15/0xb0 [ 1293.485618][T15804] ? trace_contention_end+0x39/0x120 [ 1293.491670][T15804] ? __mutex_lock+0x330/0xe80 [ 1293.496515][T15804] ? kasan_quarantine_put+0xdd/0x220 [ 1293.502074][T15804] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 1293.507172][T15804] ? __pfx___mutex_lock+0x10/0x10 [ 1293.512259][T15804] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1293.518198][T15804] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1293.523935][T15804] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1293.530320][T15804] kvm_vcpu_ioctl+0x95c/0xe90 [ 1293.535119][T15804] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1293.540496][T15804] ? __lock_acquire+0xab9/0xd20 [ 1293.545431][T15804] ? __asan_memset+0x22/0x50 [ 1293.550277][T15804] ? smack_file_ioctl+0x302/0x340 [ 1293.555383][T15804] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1293.561030][T15804] ? __fget_files+0x2a/0x420 [ 1293.565748][T15804] ? __fget_files+0x3a0/0x420 [ 1293.570596][T15804] ? __fget_files+0x2a/0x420 [ 1293.575349][T15804] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1293.580482][T15804] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1293.585752][T15804] __se_sys_ioctl+0xfc/0x170 [ 1293.590948][T15804] do_syscall_64+0xfa/0x3b0 [ 1293.595506][T15804] ? lockdep_hardirqs_on+0x9c/0x150 [ 1293.601627][T15804] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1293.607998][T15804] ? clear_bhb_loop+0x60/0xb0 [ 1293.613033][T15804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1293.619012][T15804] RIP: 0033:0x7f6b48b8ebe9 [ 1293.623553][T15804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1293.643441][T15804] RSP: 002b:00007f6b49a48038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1293.652059][T15804] RAX: ffffffffffffffda RBX: 00007f6b48db5fa0 RCX: 00007f6b48b8ebe9 [ 1293.660172][T15804] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1293.668307][T15804] RBP: 00007f6b48c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1293.676416][T15804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1293.684531][T15804] R13: 00007f6b48db6038 R14: 00007f6b48db5fa0 R15: 00007ffe485dc4a8 [ 1293.692930][T15804] [ 1293.696036][T15804] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1293.703374][T15804] CPU: 0 UID: 0 PID: 15804 Comm: syz.0.2608 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1293.713417][T15804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1293.723504][T15804] Call Trace: [ 1293.726885][T15804] [ 1293.730095][T15804] dump_stack_lvl+0x99/0x250 [ 1293.735068][T15804] ? __asan_memcpy+0x40/0x70 [ 1293.739716][T15804] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1293.744929][T15804] ? __pfx__printk+0x10/0x10 [ 1293.749553][T15804] panic+0x2db/0x790 [ 1293.753467][T15804] ? __pfx_panic+0x10/0x10 [ 1293.758172][T15804] __warn+0x31b/0x4b0 [ 1293.762169][T15804] ? folio_memcg+0x1a8/0x310 [ 1293.766862][T15804] ? folio_memcg+0x1a8/0x310 [ 1293.771471][T15804] report_bug+0x2be/0x4f0 [ 1293.775809][T15804] ? folio_memcg+0x1a8/0x310 [ 1293.780413][T15804] ? folio_memcg+0x1a8/0x310 [ 1293.785021][T15804] ? folio_memcg+0x1aa/0x310 [ 1293.789631][T15804] handle_bug+0x84/0x160 [ 1293.793893][T15804] exc_invalid_op+0x1a/0x50 [ 1293.798424][T15804] asm_exc_invalid_op+0x1a/0x20 [ 1293.803388][T15804] RIP: 0010:folio_memcg+0x1a8/0x310 [ 1293.808607][T15804] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 1293.828244][T15804] RSP: 0018:ffffc90003787250 EFLAGS: 00010287 [ 1293.834328][T15804] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000 [ 1293.842314][T15804] RDX: ffffc90004772000 RSI: 000000000000071d RDI: 000000000000071e [ 1293.850295][T15804] RBP: 0000000000000000 R08: ffffea00012a7547 R09: 1ffffd4000254ea8 [ 1293.858274][T15804] R10: dffffc0000000000 R11: fffff94000254ea9 R12: ffffea00012a7570 [ 1293.866254][T15804] R13: dffffc0000000000 R14: ffff88807a991000 R15: 0000000000000002 [ 1293.874248][T15804] ? folio_memcg+0x1a7/0x310 [ 1293.878882][T15804] workingset_activation+0x5f/0x4a0 [ 1293.884185][T15804] ? folio_mark_accessed+0x361/0x4a0 [ 1293.889501][T15804] folio_mark_accessed+0x3b5/0x4a0 [ 1293.895087][T15804] kvm_release_page_clean+0x9a/0xe0 [ 1293.900316][T15804] kvm_tdp_page_fault+0x2dd/0x370 [ 1293.905381][T15804] kvm_mmu_do_page_fault+0x2c5/0x640 [ 1293.910697][T15804] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 1293.916534][T15804] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 1293.922715][T15804] ? __pfx_current_save_fsgs+0x10/0x10 [ 1293.928194][T15804] kvm_mmu_page_fault+0x22f/0xb70 [ 1293.933241][T15804] ? __pfx_handle_ept_violation+0x10/0x10 [ 1293.938972][T15804] vmx_handle_exit+0x1090/0x18a0 [ 1293.943920][T15804] ? vcpu_run+0x361c/0x6f70 [ 1293.948549][T15804] vcpu_run+0x432e/0x6f70 [ 1293.952910][T15804] ? vcpu_run+0x361c/0x6f70 [ 1293.957495][T15804] ? __pfx_vcpu_run+0x10/0x10 [ 1293.962206][T15804] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 1293.967951][T15804] ? rcu_is_watching+0x15/0xb0 [ 1293.972730][T15804] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 1293.978300][T15804] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 1293.984041][T15804] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 1293.990043][T15804] ? rcu_is_watching+0x15/0xb0 [ 1293.994838][T15804] ? trace_contention_end+0x39/0x120 [ 1294.000139][T15804] ? __mutex_lock+0x330/0xe80 [ 1294.004957][T15804] ? kasan_quarantine_put+0xdd/0x220 [ 1294.010268][T15804] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 1294.015135][T15804] ? __pfx___mutex_lock+0x10/0x10 [ 1294.020176][T15804] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1294.025822][T15804] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1294.031466][T15804] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1294.037464][T15804] kvm_vcpu_ioctl+0x95c/0xe90 [ 1294.042162][T15804] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1294.047377][T15804] ? __lock_acquire+0xab9/0xd20 [ 1294.052244][T15804] ? __asan_memset+0x22/0x50 [ 1294.056851][T15804] ? smack_file_ioctl+0x302/0x340 [ 1294.061890][T15804] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1294.067285][T15804] ? __fget_files+0x2a/0x420 [ 1294.071886][T15804] ? __fget_files+0x3a0/0x420 [ 1294.076574][T15804] ? __fget_files+0x2a/0x420 [ 1294.081182][T15804] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1294.086135][T15804] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1294.091351][T15804] __se_sys_ioctl+0xfc/0x170 [ 1294.095975][T15804] do_syscall_64+0xfa/0x3b0 [ 1294.100520][T15804] ? lockdep_hardirqs_on+0x9c/0x150 [ 1294.105819][T15804] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1294.111907][T15804] ? clear_bhb_loop+0x60/0xb0 [ 1294.116612][T15804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1294.122516][T15804] RIP: 0033:0x7f6b48b8ebe9 [ 1294.126946][T15804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1294.146578][T15804] RSP: 002b:00007f6b49a48038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1294.155008][T15804] RAX: ffffffffffffffda RBX: 00007f6b48db5fa0 RCX: 00007f6b48b8ebe9 [ 1294.162989][T15804] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1294.170967][T15804] RBP: 00007f6b48c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1294.178953][T15804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1294.186929][T15804] R13: 00007f6b48db6038 R14: 00007f6b48db5fa0 R15: 00007ffe485dc4a8 [ 1294.194929][T15804] [ 1294.198275][T15804] Kernel Offset: disabled [ 1294.202601][T15804] Rebooting in 86400 seconds..