last executing test programs: 5m11.71335171s ago: executing program 1 (id=793): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000009, 0x4031, r2, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000c000000", @ANYRES32=0x0, @ANYRES32], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r7}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open_tree(0xffffffffffffffff, &(0x7f00000001c0)='\x00', 0x89901) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x14, r1, 0xe985e4df3848afb5, 0x20}, 0x14}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="2800000003080103000000000000000000000000050003002f0000000c00a014b68cbd0480080002fce64ccd52e3293af3c0e360085b14335f96d68ea89a199752c06f0f31266110d4efdb3694973ac053e29bd2c521b3"], 0x28}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000044000)=0x0) timer_settime(r11, 0x0, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) clock_gettime(0x0, &(0x7f0000000380)) 5m9.565651269s ago: executing program 1 (id=797): r0 = socket(0x10, 0x80002, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@RTM_NEWMDB={0x38, 0x54, 0x1e5, 0x70bd2a, 0xffffffff, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x1, 0x3, 0x3, {@ip4=@broadcast, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2800}, 0x40084c0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 5m8.397629247s ago: executing program 1 (id=800): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000) creat(0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) r7 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r9) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x70bd29, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0xfffffffe, 0x0, 0x0, 0xfff}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0x7}, 0x2, r10}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002580)={0x1e0, 0x0, r6, [{0x1400000000000007, 0x1000000, 0x1b7, 0x0, '\x7f\xb4\xe4\xa3\xe8$I\x88\x8c\n}\xac\xa9\x0e\x92\x04\xbc\xd4\xba\xdb\xc6\xf9K\x0eS\x00\xbdu\xb9;\xcd\xeb\x1aL\xec?\x7f\\N\xe1E\x89\xc9f\xd1\x8ax\xf3\x81\x04KJ\v\xe9\x19H+\xdf\xe3\xdb\xa42Lh\xb8\xe4nL\xfe1\xd5`\x86Cc\xdd\xf2n\x0e\xa7\xf5\x86\x03\xee\xec8\xad\x06\xa8\xd70\xba\xa9\xae(\xc0\x063\xd5\xb6i\xeb\xae\xe2>f\xa1\xc7\xe8_\xd9\xae,\x8d\xb0\x01\xf0<\xd6_e\xa4F\x10\xc0\xc6\x10=\x17\x16\x1a\xd9\x8b\xafq\x1e_\xee \xbb\x92\x9f\x89\n\x1b\xaf\xa2DDi\xe4\x9begcv\xa1\xe4E\x8fs\x8e\xc6[.\x98\x0f;\xc3H5\xfb\x0e\xe8\xb2<>\r\xeb\x9b\f\xf6\x15\xf2\xc0&L\xec;\xca\xc0\xa3\xb6\x84\xc7h\x9c\x9d\xfdUY-o3\xce\x00\x003\x90\xdc\x9f\x95,\xb2\xa5\r\xcc\x98\xf5\x00\x00\x00\x00\x00\x00\x00\x00J\xf4\xa9\xd02S\fZ\xfb\xfc !e\x0e/\xeb\xc5\xfa\xe3\xf5\x9e\x91\xadJ\xbd+-n\xb4\xb8a4\xbc\xdf\x1d\xd8\xc1D\xff|G$\xf6\r\xf3\xad5O~\xa9q\t\xb4\x83\n\x06f\xf0\xb3\xa6\x04\xa7\xec\xfdz\xf3\xdaX\xc1SA\xe4x\xa1\xd9j\xaa\xbdT\xbe\xc7\x94\xa8\xe5w\x97\x11\b\f\xfc\xe6\x9ax\x11\x03R\x81\xc9\x90\x1fQ\xf7\xae(h\xd2\x8fj\tp\xf8VdY0\xa8\xc6|M?2J\x03\xff\xfaI\x9av\xf6^\x01R\xce@\xb4\xe5\b\x00!To\xdb}\xdd\x9d&|L+U\xb2\x10\xaeo\xe6\xf5\xcf\xb2\xb1\x10\x84\xd0\"\x96\xa8FstV\xb5:\xd7\x8cE\x95\x0e\fgJ\xba\xee\x17\x8b\xc2\xc1<@c\xc1\a\x17\b\x94\xb2\x06\xfb\x8e4\x0f\xcaT\xe1M\x98\x06M|\xa9\xb7\x9a\x82\xf4'}]}, 0x1e0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x1c, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x0) 5m6.941214254s ago: executing program 1 (id=804): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) (async) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) umount2(&(0x7f0000000480)='./file0\x00', 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="140000001000010000000000000000001300000a20000000000a01030000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000048000000060a010400000000000000000100000008000b400000000018000480140001800b00010072656a6563740000040002800900010073797a300000000005000740ef000000140000001100010000000000000000000000000a"], 0xbc}}, 0x0) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="140000001000010000000000000000001300000a20000000000a01030000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a300000000048000000060a010400000000000000000100000008000b400000000018000480140001800b00010072656a6563740000040002800900010073797a300000000005000740ef000000140000001100010000000000000000000000000a"], 0xbc}}, 0x0) 5m5.628939196s ago: executing program 1 (id=809): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) close(0x3) socket(0x2b, 0x80801, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f0000000040)={0xa}) 5m3.22527373s ago: executing program 1 (id=815): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000) creat(0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) r7 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r9) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x70bd29, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0xfffffffe, 0x0, 0x0, 0xfff}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0x7}, 0x2, r10}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002580)={0x1e0, 0x0, r6, [{0x1400000000000007, 0x1000000, 0x1b7, 0x0, '\x7f\xb4\xe4\xa3\xe8$I\x88\x8c\n}\xac\xa9\x0e\x92\x04\xbc\xd4\xba\xdb\xc6\xf9K\x0eS\x00\xbdu\xb9;\xcd\xeb\x1aL\xec?\x7f\\N\xe1E\x89\xc9f\xd1\x8ax\xf3\x81\x04KJ\v\xe9\x19H+\xdf\xe3\xdb\xa42Lh\xb8\xe4nL\xfe1\xd5`\x86Cc\xdd\xf2n\x0e\xa7\xf5\x86\x03\xee\xec8\xad\x06\xa8\xd70\xba\xa9\xae(\xc0\x063\xd5\xb6i\xeb\xae\xe2>f\xa1\xc7\xe8_\xd9\xae,\x8d\xb0\x01\xf0<\xd6_e\xa4F\x10\xc0\xc6\x10=\x17\x16\x1a\xd9\x8b\xafq\x1e_\xee \xbb\x92\x9f\x89\n\x1b\xaf\xa2DDi\xe4\x9begcv\xa1\xe4E\x8fs\x8e\xc6[.\x98\x0f;\xc3H5\xfb\x0e\xe8\xb2<>\r\xeb\x9b\f\xf6\x15\xf2\xc0&L\xec;\xca\xc0\xa3\xb6\x84\xc7h\x9c\x9d\xfdUY-o3\xce\x00\x003\x90\xdc\x9f\x95,\xb2\xa5\r\xcc\x98\xf5\x00\x00\x00\x00\x00\x00\x00\x00J\xf4\xa9\xd02S\fZ\xfb\xfc !e\x0e/\xeb\xc5\xfa\xe3\xf5\x9e\x91\xadJ\xbd+-n\xb4\xb8a4\xbc\xdf\x1d\xd8\xc1D\xff|G$\xf6\r\xf3\xad5O~\xa9q\t\xb4\x83\n\x06f\xf0\xb3\xa6\x04\xa7\xec\xfdz\xf3\xdaX\xc1SA\xe4x\xa1\xd9j\xaa\xbdT\xbe\xc7\x94\xa8\xe5w\x97\x11\b\f\xfc\xe6\x9ax\x11\x03R\x81\xc9\x90\x1fQ\xf7\xae(h\xd2\x8fj\tp\xf8VdY0\xa8\xc6|M?2J\x03\xff\xfaI\x9av\xf6^\x01R\xce@\xb4\xe5\b\x00!To\xdb}\xdd\x9d&|L+U\xb2\x10\xaeo\xe6\xf5\xcf\xb2\xb1\x10\x84\xd0\"\x96\xa8FstV\xb5:\xd7\x8cE\x95\x0e\fgJ\xba\xee\x17\x8b\xc2\xc1<@c\xc1\a\x17\b\x94\xb2\x06\xfb\x8e4\x0f\xcaT\xe1M\x98\x06M|\xa9\xb7\x9a\x82\xf4'}]}, 0x1e0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x1c, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x0) 5m2.746218118s ago: executing program 32 (id=815): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000) creat(0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) r7 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r9) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x70bd29, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0xfffffffe, 0x0, 0x0, 0xfff}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0x7}, 0x2, r10}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0) write$FUSE_DIRENT(0xffffffffffffffff, &(0x7f0000002580)={0x1e0, 0x0, r6, [{0x1400000000000007, 0x1000000, 0x1b7, 0x0, '\x7f\xb4\xe4\xa3\xe8$I\x88\x8c\n}\xac\xa9\x0e\x92\x04\xbc\xd4\xba\xdb\xc6\xf9K\x0eS\x00\xbdu\xb9;\xcd\xeb\x1aL\xec?\x7f\\N\xe1E\x89\xc9f\xd1\x8ax\xf3\x81\x04KJ\v\xe9\x19H+\xdf\xe3\xdb\xa42Lh\xb8\xe4nL\xfe1\xd5`\x86Cc\xdd\xf2n\x0e\xa7\xf5\x86\x03\xee\xec8\xad\x06\xa8\xd70\xba\xa9\xae(\xc0\x063\xd5\xb6i\xeb\xae\xe2>f\xa1\xc7\xe8_\xd9\xae,\x8d\xb0\x01\xf0<\xd6_e\xa4F\x10\xc0\xc6\x10=\x17\x16\x1a\xd9\x8b\xafq\x1e_\xee \xbb\x92\x9f\x89\n\x1b\xaf\xa2DDi\xe4\x9begcv\xa1\xe4E\x8fs\x8e\xc6[.\x98\x0f;\xc3H5\xfb\x0e\xe8\xb2<>\r\xeb\x9b\f\xf6\x15\xf2\xc0&L\xec;\xca\xc0\xa3\xb6\x84\xc7h\x9c\x9d\xfdUY-o3\xce\x00\x003\x90\xdc\x9f\x95,\xb2\xa5\r\xcc\x98\xf5\x00\x00\x00\x00\x00\x00\x00\x00J\xf4\xa9\xd02S\fZ\xfb\xfc !e\x0e/\xeb\xc5\xfa\xe3\xf5\x9e\x91\xadJ\xbd+-n\xb4\xb8a4\xbc\xdf\x1d\xd8\xc1D\xff|G$\xf6\r\xf3\xad5O~\xa9q\t\xb4\x83\n\x06f\xf0\xb3\xa6\x04\xa7\xec\xfdz\xf3\xdaX\xc1SA\xe4x\xa1\xd9j\xaa\xbdT\xbe\xc7\x94\xa8\xe5w\x97\x11\b\f\xfc\xe6\x9ax\x11\x03R\x81\xc9\x90\x1fQ\xf7\xae(h\xd2\x8fj\tp\xf8VdY0\xa8\xc6|M?2J\x03\xff\xfaI\x9av\xf6^\x01R\xce@\xb4\xe5\b\x00!To\xdb}\xdd\x9d&|L+U\xb2\x10\xaeo\xe6\xf5\xcf\xb2\xb1\x10\x84\xd0\"\x96\xa8FstV\xb5:\xd7\x8cE\x95\x0e\fgJ\xba\xee\x17\x8b\xc2\xc1<@c\xc1\a\x17\b\x94\xb2\x06\xfb\x8e4\x0f\xcaT\xe1M\x98\x06M|\xa9\xb7\x9a\x82\xf4'}]}, 0x1e0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x1c, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x0) 3m35.904399606s ago: executing program 4 (id=1012): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4000, 0x3, 0x0, 0xffdfffff}, 0x10) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) getrandom(0x0, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x10) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x2) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x1}, 0x18, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300), 0x12) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x48380, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x7ffffffe, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a001e00014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r0], 0x1c}}, 0x0) 3m35.454355075s ago: executing program 4 (id=1014): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x2a, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110390000000000950000006e590c23"], &(0x7f0000000480)='GPL\x00'}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x7, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0xfffc}}, 0x14}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x4, 0xfffffffd, 0x4, {0x0, 0x0, 0x0, 0x0, {}, {0x6, 0x4}, {0x3, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0xc587c39a81dc7c98) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xffe0, 0x10}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x4, 0xd}}]}}]}, 0x40}}, 0x801) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0xf2ff000000000000) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) ioperm(0x0, 0x2, 0x7e) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1) r4 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000340)) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e81f782db44b9b545c7910006007c09", 0x18}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e3, &(0x7f0000000180)={r4, r5}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x4080801) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000180), 0x4) 3m33.223268124s ago: executing program 4 (id=1019): sendmsg$NL80211_CMD_DEL_MPATH(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c"], 0x1c}, 0x1, 0x0, 0x0, 0x4000014}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f0000000440)="5040f2d770957e56fa0a65472d2488d9fef6b3fb105be0ecb30af03054a00b56df32da", 0x23}], 0x1) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) (async) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x80841) ioctl$DRM_IOCTL_MODE_ADDFB(r3, 0xc01c64ae, &(0x7f00000002c0)={0x0, 0x100004, 0x6, 0x2, 0x1, 0x1, 0x80000001}) (async) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@x86={0xb0, 0x6, 0xb, 0x0, 0x10, 0x8, 0x2, 0xff, 0x6b, 0xf, 0x4, 0x0, 0x0, 0x6, 0x1, 0x2, 0x9, 0x5, 0xc4, '\x00', 0x6, 0xc98}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m32.529292098s ago: executing program 4 (id=1022): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) socket$inet_sctp(0x2, 0x1, 0x84) r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000540)=@l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000240)='~', 0x1}], 0x1}, 0x48000) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) r6 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="5c00000014006b03000000d86e6c1d0002845da60600000000000000e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/90, 0x5a}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x20000040) 3m31.171148719s ago: executing program 4 (id=1024): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4000, 0x3, 0x0, 0xffdfffff}, 0x10) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) getrandom(0x0, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x10) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x2) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x1}, 0x18, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300), 0x12) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x48380, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x7ffffffe, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a001e00014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r0], 0x1c}}, 0x0) 3m29.230625836s ago: executing program 4 (id=1028): r0 = syz_open_procfs(0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000580)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000040)=r1) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) read(0xffffffffffffffff, &(0x7f0000000980)=""/210, 0xd2) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000000)={0x5e, @time={0x2, 0x1000}, 0x0, {0x8}, 0x1, 0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r2, 0xc04c5349, &(0x7f00000006c0)={0x400, 0x2, 0xe}) tkill(0x0, 0x7) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="7472616e733d6664177266646e6f3d3569603b4544f0a31bbb17910603ba495f527c8aca2d2d82e982457724dd87fa39438c9372324e906029e4f38934795ec6329a0b138baf39c613e99fb0ee0b62ed597d9de4748e7fe385c9f2061c5568b28d3eb673dfb01ce3a16a4ba803003f945f4447f46522af4840dabeaedd4661ea6c950ba377eab8054ac0ec7f851b9f6e200fc3e75e6525f5f10457ae63f614ec05b71ecdc7be7d", @ANYRESHEX=r2, @ANYRESDEC, @ANYRESHEX=r0, @ANYRESHEX=r0]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x5, &(0x7f0000000380)=ANY=[], 0x0, 0xe5, 0x0, 0x0, 0x40f00, 0x1f}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x2}, 0x6e) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace(0x10, r5) ptrace$setsig(0x4203, r5, 0x6, &(0x7f0000000b00)={0x14, 0x0, 0x6}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a0900000001000000000000000000000000ffff0000"], 0x4c}}, 0x1) 3m14.142038934s ago: executing program 33 (id=1028): r0 = syz_open_procfs(0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000580)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f0000000040)=r1) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) read(0xffffffffffffffff, &(0x7f0000000980)=""/210, 0xd2) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000000)={0x5e, @time={0x2, 0x1000}, 0x0, {0x8}, 0x1, 0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r2, 0xc04c5349, &(0x7f00000006c0)={0x400, 0x2, 0xe}) tkill(0x0, 0x7) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="7472616e733d6664177266646e6f3d3569603b4544f0a31bbb17910603ba495f527c8aca2d2d82e982457724dd87fa39438c9372324e906029e4f38934795ec6329a0b138baf39c613e99fb0ee0b62ed597d9de4748e7fe385c9f2061c5568b28d3eb673dfb01ce3a16a4ba803003f945f4447f46522af4840dabeaedd4661ea6c950ba377eab8054ac0ec7f851b9f6e200fc3e75e6525f5f10457ae63f614ec05b71ecdc7be7d", @ANYRESHEX=r2, @ANYRESDEC, @ANYRESHEX=r0, @ANYRESHEX=r0]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x5, &(0x7f0000000380)=ANY=[], 0x0, 0xe5, 0x0, 0x0, 0x40f00, 0x1f}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x2}, 0x6e) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace(0x10, r5) ptrace$setsig(0x4203, r5, 0x6, &(0x7f0000000b00)={0x14, 0x0, 0x6}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a0900000001000000000000000000000000ffff0000"], 0x4c}}, 0x1) 2m49.685713643s ago: executing program 5 (id=1121): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000c40)={'vxcan0\x00'}) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newtaction={0x14c, 0x30, 0x1, 0x0, 0x800, {}, [{0x138, 0x1, [@m_vlan={0xec, 0xa, 0x0, 0x0, {{0x9}, {0x44, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x5}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x1, 0x0, 0x20000000, 0x6, 0x7}, 0x2}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x3, 0x21, 0x5, 0xfffffff8, 0x9}, 0x1}}]}, {0x7e, 0x6, "ec4d861309787dbcb8c1e4328fabc550cf45a23788f42b1f9cf74f4581cf706769c9887cf826097ca7510ec9357fc3621d43edfaed1f99f1b6fc50c8ae0d2c3d48e0bd337e623f979e76b515fd216beda62db12fe9950eb7668ca2a6e97267c63015368498833b29a06b91862059cffafae59a73b43cda33bef8"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x804}, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f0000000100)={0xa00000, 0x1, 0x49, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90b, 0x9e69, '\x00', @ptr=0x6}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xfffffffffffffffe, 0x4904}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r5 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) tkill(r5, 0xb) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0xfffffc8f) add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630b00c145f94cd977", 0x18, 0xffffffffffffffff) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x83}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) 2m46.502886648s ago: executing program 5 (id=1130): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff00000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r2, 0x19, &(0x7f0000000080)={0xc4, 0xb}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x578410eb) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x19, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc84}, 0x94) r3 = getpid() capset(&(0x7f0000000140)={0x20080522}, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4, 0x5}) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@map=0x1, 0x2e, 0x0, 0x0, 0x0, 0xff7a, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x8, 0xd, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x7}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x5}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) wait4(0x0, 0x0, 0x80000000, 0x0) 2m43.747798976s ago: executing program 5 (id=1136): socketpair(0x1, 0x100000005, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYRESHEX], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x765e, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x23}, 0xc) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c) sendto$inet6(r1, &(0x7f0000000180)="1a", 0x1, 0x8000000, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) writev(r1, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000001a00010025bd7000ffdbdf2502141408fc02ff0100210000df9b8e01837bf3ebdaf3da91e7e3dc7001a800263074d7de1d2e69bedc538da1bcb80defc5cfd12340e216c9906c957a7a68d9a9b36f7f97aab6d99d4a6a8259ec6ef940fcb876fdae342ece50982d7c471fe97998a6f4223ed8657c0c526f0224ceb264adc7c3500b22374f9345adc27ff916a7bc9ef152f20f3003964a591f12ad47b57e873d08eff121857f63e085c6bcd62b947e447d3458acfa0b1d84bde4a81721165a7b44c1e812928f6eb5a68abbc8bdf212f76deff6a3b1e1ed96325f6d2934c27e32ad23e757"], 0x1c}, 0x1, 0x0, 0x0, 0x20048055}, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r4, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) 2m42.45533752s ago: executing program 5 (id=1139): socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4000, 0x3, 0x0, 0xffdfffff}, 0x10) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) getrandom(&(0x7f0000000400)=""/136, 0x88, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$phonet_pipe(0x23, 0x5, 0x2) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x2) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x5, 0x0, @buffer={0x2, 0x4f, &(0x7f00000000c0)=""/79}, &(0x7f0000000380)="259374c96e", 0x0, 0x0, 0x0, 0x0, 0x0}) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300), 0x12) landlock_restrict_self(0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x7ffffffe, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a001e00014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0) 2m38.138519078s ago: executing program 5 (id=1154): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x2b8, 0x150, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x220, 0xffffff7a, 0xffffffff, 0x220, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @local, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00'}, 0x6, 0x130, 0x150, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d30500000000000000490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5cffa56a5e8d7137024c183ebacdf741cea92ded3a9ca54de162d99e000000000000000000ffffff7f00", 0x0, 0x0, {0xc81}}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000740)=ANY=[@ANYRES16=r0, @ANYRES64, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000180)='syzkaller\x00', 0x1000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffcce) memfd_secret(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000008c0)=@getsadinfo={0x1164, 0x23, 0x200, 0x70bd27, 0x25dfdbfb, 0x0, [@algo_auth={0x0, 0x1, {{'wp384\x00'}, 0x0, "4459ba302bb372dd8441a15ddcfef497e23498d8439bffc59c4b32f473fb5a6f8bff28c7c874574e5be9eb8aa374fcf1e55b03a549d69c9e7b7834323c4a32c294fe2a1cef16eedbbed52c3d7b538872c73016669b6409987a627db467332a7b8d4308de0145cf55dbdfe6"}}, @proto={0x5, 0x19, 0x2b}, @address_filter={0x28, 0x1a, {@in=@broadcast, @in=@broadcast, 0xa, 0x8, 0x5}}, @algo_comp={0x83, 0x3, {{'deflate\x00'}, 0x1f5, "eb42970385e2bf7be70bd557b6cc77713dc1efebb0244ede8c6b39fdda7099556c30097a09597abd5a30a935c64d4494dac096a139735f1a13fb30"}}, @algo_auth={0x1048, 0x1, {{'sha224-avx2\x00'}, 0x8000, "99cc7f62b8400092d335e60e58f0d063d7278b3d3e10c78021bab562301dd5a865fd693e5a690c639c40a78db406a9bcfeca7dcdafd41f922aae3deac84f26b18ed05fa5d49f93d06050d6bdb9efb9847aa1880dabc237a6fdf27eb128800d6e2a95ac7f5d203f2ef21da050c62d1538bd91cea0e478d88308596b8b3f3d50ff3fed6a50de0cb87e50717c2b13dfc4613bd9f7b2a86802717c979dfc952e423acd7a06fd3c3bb15ee32160aa52a90d914c87b86a914f1aee01dcc2a22abb05152f854aa448da62282ba4ea9664440bd74d18f39445e20136eaf9c361e495f5ae906316bfe99d7f7afbd3fde8f200d90ea5f4104be47383b1afecbbbd671b5a3cce68865742ccc3f86f18089fa71741356b2a8ce884c4e14b9f772f3776123bcdbb4206fb22e612a27b84f4b0ec8d177261599de565943ccc98b15370308a3eaf52909c9ed981449a1436bedc408451ede2e479d2d999587747ce0a26865b490b64bc2c5f126caea341ccd09756cce432ac808e82850749c0978b6a04f1b8913d3d1cb8a62238f15da84a09b3645eee68b230d89c58a1175ee6ad9398780251600174081202605e472424747d9ed903e8c4f972ce771ce60d2e97688dca0e8b067c67fa345416f85e4b588512ab3d45c4f08d2bbd740ecd767853ef1f348f3138dc93570317a5071c63d55b55862fafcf840d7384b8f3004ded6289ac2ba922ea64313da3c53237b63fe756775983b77314f12a929d57162ca1932508db925ad838f10c4c646bcfb6a25644a7a8b3d42bb86c6755daaf514b9f56f48e0659bd20ec6ab217a2c0c4e6025eff97050b4bd5518c03fbb9ec7d741084022a94cc9eeab961463212d92c2bac2ddd631656be2033eff96b6fdaedd05ef62e00b52b754a3016bfe9eb926be6003e191f0a9b748f08baea687b42ca1c0be535d1038a107d3812d5ac3bec7277afbc6b4d873186cb018982b3d53a075b3aa3d59cfeac472d7e7179d0eeb74bd82acfe82ebbe04749974a07deac2d9900b7b7e3c450fc3d84b25ade0aca2d8c1de7f47f03fef9f16c12d346006c1a1684b401d2f183c8697d498a0aafc06a51e46e4e0cdc56383a6f711d9ccff3df203993028981325f98e6f95f95736cff8042d08c2a894de66aa7f02b85522e65a2baaf66b7283d9e62648ecf2c51f35a294c1f9d3ee78edf676315fcb6968a267274d3bd1c67b35f48193dd7e346c87ce5ed8c1924aa41d5010a144649caf6f325cca3dc65537652237a6339eb1c51827c685452a71b8dcc9ed6a3cdfb247e285e049854af4aa9494bc620a559c3e9bfdcdf52cac275555477f261b2e4ae469463b946bae2f1a8d13ceb882ee8952083dd48280a3a2b69e2dff4ae0df3fed83877e26495d3dae64c1e856550f12a179e8a424bc06a47233f64efb48bf636ace18b72cb7b8cf7054f59f2e11ae64860ca613ba8287f71cb87b12e77bc5981cca677807bd7dcd7eae23fb6d66b51f0e5eb3e6c91181435be78248874251d0a813a76f895c0ab5f197e1e463b482f9df83681058f0bbc3d57ec6ee6710154e545f4a717afa9496a90b1cacb9453a07bc9c2ddb15c2a3476ea6ad35c0b676a819edfa98681b222ff3d9bae3afb2193ad36c6aac722e7830e074a7ddce7cb8fc5cca2ce1cbe49e1ad744bed8b4156e59ee5420e606397ecb556f41f9c5324a112b06734ed6355f45641f33e3153a7e4f78872c010e7231df94867f26fdb8199586f0d533b3f570bf057de2c0f0a6ef6df90431e78217db4de755bdb273f50b86c6ce2bb952780916dd133bc9d01893832231e593b2f36c814288c1b5b7c63cebb8368269bde7dc57d1d12b52f9ff08c4839177ea250630597b8322bd601de4afe1d7fecf62374dd6532fbfcd7e3522fe7370e585eed14c4aa580aeb311a81489bb70fba360761fc4006c06ab7717bb0144f96d81666bc85a0a3cb203be83122935be9fb70b3e5ab67d58351ccbca1dbd6811e217a13ab3b6fe5a7439f658173c213d880592ed910c0ac69af0bac141c821ff5efedb9fd306f8ddcae0388f7ed70c557b6e11e7fff9f149e0e5c73366a698f9654c0068700352c43fd52779d72daebae3e64ec4c77944c6be255a9c69eebdaec75a88ee77298bcf5b5cfdc06937407ef47b6ccd1c85d28c122fbcc9914a12c48c10e5fe9f5e7c248251e4fe6387ec787d89ff5122871e56578a38964f8ee3e60b14ea619a82e5ffc07633c93ef6480b1fae237233dece4d7b79126f208629da8c137b78ebb00a596ebb162da89dbc9c38023d9790ccafab2fdcd4b00caa966194a625e86d3c7c7b7efe274cafd7cbbc71754ed42947082e282f7a73a21077e99558c89c81b6ae0fa0cc6f1d9ab5c11f717b73abe0a55ee04ee7fe7941e6bf894de1064ea1767ad1a50210d00f96177c60d9e970367c12157a743562873b632a308120b53f5ea0ae8fb1ac4deb80949391cd57328863dd1db7df8740b4ba8a09576604b705a7edfc948ca20398c6a8da90834f17094e7e4aa80f725c1a578b71550ab4eb9861e52475d751f6dacc40960352464544037da007a78c634ddc1f08797c0c3130c70d9d7d4532523bd68fc929cf1a5b109ff0c8b0b11d2327280a89f291b60ec02b348bffef7e1de5f7544593de8b748fc8d346134ec3b9a0dacfa22feb05aa18e3556150d7a301abb4d118cb529df2403f0da7ce68ed301123693396a67b8f3da4ca2aeb883d6f2383f866a8f7800672e4d65dcd1f01821c1e36a695504cbff696360da3508013030d57ab3cbe572612a1d2818d2c19cbd1548f84fdd735a1ca40a8c42938f7478bbce9f2d14bcf8b7bbcb6e5cb5b7bb9fb439286bb33081ae986ce5157ae279e8cd5e8021efa43a5b3007e88fd5f4de3dbbab607c96c23122df21c392ae09ef12316acf6ef76f2a4e589bbc61a4d1ab8ad73c5a5d213cac64896d7ad753f116380ec96f2feb840d3ba758dcbb2d7e1ac40e9854723b2bd8184ac6f5c25be81765a7796ff056f6ed284a2a746abbcb90f5808cbe05679dd2ad2fbed6598084d27419d433d3c2f4c38213739acfb996de2908faaec2da5b42885262ece1e02322c26693e88d1ca28bf6dfbe245940df76df55d6e747a24706bc67d3e4508e34caa2fd8aa7eb8d2e7ed8c963155ea78109ccda96efc5162a6c4529f2d517fa478c9a3ad01010a4cab6ee8c26ec0e393bc996803968f4ba9d8514219bc57a22a69167fcc6303f22eeef8c048770d39462779853c6f35e32548f51c3de2238b0e2f5d79f33726e1b2ec698e301796bd5053162c9640dd88003c320386383b77b69af649421757733946532a15b48f8d0c7fc61e0af5fe59037f467b9872224864eb7a62e9b415da62c9b6cff2e7175b981aabddd5e8fc09ba4af73469c72d2dfda383dba89edf42acbf112e40abe50d246b8b036095ccb938607cff3ec4b6f22dfb99c92058d4bb47f0d4c875feef8f3b25694420e3211a97d8e8da9287e225022bed554992f2530598f02499b35183dcaced74ff8aca69ce7d00c0d207922d8d89bc51aeb23a4eff54e6f36046fbca6cd489fd1cd0a7b775cbd913b2fd5a5920f2d02d606a4f86dbb04b3628778976a3bc8524a672f8644eeed58ef6461a6dc9592a86dce79be44a4b6b96febf6f4fa4da00a2097824fe1764a6aa36f430cfa4a7eed316892219579ba7feca6bf386f3709649dbc8c29a8b443fd9f8770c2db4aafcabf61d04e8aca93256fa216f718658c73528f18d820d84f7b8ec3c0207fa894dc27adcc872fc6f3080f03fe16a48b65107915e70f30d6307b7f5fe11241e87ec67aa6394750a0c1ae27cfa879ee3ca3c834e677c8778c9757137c214ae00b18fd0eb2fe880897a5d8b81e9239eee1183e62129f97c30206bfc120f5b59c103ee7ab83cb6f9a5f6ae380a7ef33b9b602a4c0c8aefdff327da0d222e54fdfc88fae32b95b271d03529d505f89158408ee82d9be4e463f73776c8746d707cb35ddc5dcf252bcb5c2c7b6bb05c20827e6616c3f5c948fe8b0eadfab4403f03b87e7dadb31a727199865d7918f7e7d47c4e0fe27995d4cbf1a8edb1bb221e1df009e052acefcaf18974047840f5a052452e20390b2bf02a3191c570391dbc6da0d3c2ba6c5fd3406e771327d072e9625b00a5d4035864d8af3e72b6b92bb7a7f54eff931ef8d1aa49509d2d7c857b2da3e4a5e75d98cc97f44087b354af32ec7a5e3d26376441ef513f9978584f2dacb8bc8f55c9e729a2db70bec752af17114271ed2c84f07ca62b514ebca7f70c7fc54c175f1074e5ff5a12e5dd0cb171112735394a94e14627d0d7e05ffc11bd902355cd2bc64cb05a4ab91fcc5ce82d93842de431c09e37ea0cf76c108bc5f15d19a0d2cbd8998eea485cfd4d734289ae1c3ab7b5862018385362020e31b00a9bd8326b9a8e6ac1f83d72aa0066734118d75c7b605cb92ca07c4cef06293498c1ca752e96c5a54409e06ef30ace5b6379ab7fb50d20a7103a759d38b42f985d5137b185dc22915dfaa515114a2c01429e0a39d3cc5d2571bc74472d3d22acb2ab288b88cb6be1835cfe792a859478a32fc89090abf46281694136a771d4b420b94531936617c4f65f6448f875b46a471835f67efa32925a26020bf1aef744096fc793798e8b05f37a09330944aac92b2b07a1b3b1b2b4f9fffb650562c7844054eb63b887b21178cef15649181210bfce41a336b84bbedd39c4a844a1b570870bb50814056bca0a780a68f37e1fd72fc251082b9b089f8334d0e694f7cc668e151e3686c44076001b503d6f243c96ae0714d325972030dc923d6747a00907cb9197cf8a1745412d13e7f3055373a9b14c1fa6d2fdbbf16090365bdab356eeede1dfc243aad679a59b491397fd046e9c15dfb55f38e6a502f780f29e2a3213e5beec1a2c4d5221f163655208d85f30bab2b508de35ab26e30cd0f2f17b8b34daf85df8d99bc7f48cb30b16a6d08f8121d19d07fbffb5fb0564c67770c8f89ddca228ebda7252976af95474b2aadaaeec0eaec72698776ca03cdaa65075ca15e6cf1fad99114a7f5cfe3083285a01fa70cab32899ffebf3f0c9fe8adea1673fcd787ac108f09f6551a8ba736fa740dc81c98da234a905d86035c959259b752c56e51e68573c0fee8edd47c6b3a1a93d87a55a47712ba596ade0e3408d6b45ea26d15ce20eebe3d08b175b4d33949826ab4fbf7c015aa58d2b2a1b4403911974f6dafcf272ab874aeba8fd23a94e05d08cfa1c9787c9caeea2090d4b11c9ad1efa74583b4fdda3a8ad406a2b0304ad832cbd1b577a89068ec26db04468321ce8028527e3afa3daff30d37bc40dbfd6eebe866802f60a42e83f025033dad678ece2598312e42e8103e5ba79d7c19cda3b2be6dbfca827a7c443ef4071a1e5478d5a148a37828289fac99eb5f53be4fe7d35bf6fa0599d73cbd89e34e7f4fd1e32b3b60c468ea1c4d2435512e6f0831bae57f37ee9cb3b82e98b53a4ac1266eb5a3c596cf720cfaef9527968c2adc054a0476e86d21a19f109de7a424d397b25f992631902cf333d1e559f372c68af7bf5a8788493aa4a9ab11a4fbfafeee9152f325057d3816d14aff535930ec22368393757d3188d7b3b0a7fcc8f822b65a483f5ab30a35bd84fdafa02367c7f5e605b161f577dd2601e704adaa7a1db0c0c6914b48c956ecfca23a2ba50c597dbdbce34223c0ad16ba54b8f672f467754aeb4d08e48abaddc73f8737815f820df351502b20ed25bcad393fb66bd080203a0bffa17f10"}}, @replay_val={0x10, 0xa, {0x70bd2c, 0x70bd26, 0x5}}, @coaddr={0x14, 0xe, @in=@broadcast}, @policy={0x0, 0x7, {{@in6=@loopback, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4e23, 0x5, 0x4e23, 0x0, 0x2, 0x0, 0x80}, {0x5, 0x1000, 0x7, 0x9, 0x14e2000000, 0x9, 0x0, 0xc}, {0x10000006, 0x4, 0x5, 0x696ce816}, 0x5, 0x6e6bb8, 0x0, 0x1, 0x2}}]}, 0x1164}, 0x1, 0x0, 0x0, 0xc4855}, 0x4800) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x48, 0x8, 0xfe, 0x8}]}) r5 = socket$netlink(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r7}, 0x10) sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r6, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r3, @ANYBLOB="10100000000000000800200005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r3], 0x40c}}, 0x0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) r9 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r9, 0x0) listen(r9, 0xd) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r8, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="5c000000020601030000000000000000000000000900020073797a300000000005000100060000000600050000000000050004000000000014000780080011400000000005001500800000000d000300686173683a6d616300"], 0x5c}}, 0x0) sendto$inet6(r8, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback, 0x10000}, 0x1c) r11 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00') r12 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r11, @ANYBLOB=',wfdno=', @ANYRESHEX=r12]) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e24, @multicast1}}, 0x19, 0x4, 0x15, 0xb39, 0x8, 0x5, 0x87}, &(0x7f0000000880)=0x9c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r11, 0x84, 0x75, &(0x7f0000000840)={r13, 0xd}, 0x8) 2m32.393284969s ago: executing program 5 (id=1204): creat(&(0x7f00000001c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_LK(r2, &(0x7f0000000340)={0x28, 0x0, 0x0, {{0x2, 0x0, 0x1}}}, 0x28) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x20000}], 0x2) 2m14.957379573s ago: executing program 34 (id=1204): creat(&(0x7f00000001c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) write$FUSE_LK(r2, &(0x7f0000000340)={0x28, 0x0, 0x0, {{0x2, 0x0, 0x1}}}, 0x28) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x20000}], 0x2) 12.368062823s ago: executing program 3 (id=1660): r0 = socket$netlink(0x10, 0x3, 0xf) r1 = socket$netlink(0x10, 0x3, 0xf) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4) r2 = socket(0x2b, 0x80801, 0x1) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000400)={'filter\x00', 0xb001, 0x4, 0x3b0, 0x0, 0x0, 0x1f0, 0x2d0, 0x2d0, 0x2d0, 0x7fffffe, 0x0, {[{{@arp={@local, @local, 0xff, 0xff000000, 0xa, 0x9, {@empty, {[0xff, 0xff, 0xff, 0x0, 0xff]}}, {@mac=@local, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x1, 0x2, 0x5, 0x7, 0x7, 0xfff, 'gretap0\x00', 'hsr0\x00', {}, {}, 0x0, 0x10a}, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2, 0x1}}}, {{@uncond, 0xbc, 0xe4, 0x0, {0x0, 0x1e03}}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x8de, 0x400}}}, {{@uncond, 0xbc, 0xe0}, @unspec=@CLASSIFY={0x24, 'CLASSIFY\x00', 0x0, {0x31caf518}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x3fc) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f00000005c0)=""/147, &(0x7f00000000c0)=0x93) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x1}, 0x28) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x8}}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x50}, 0x1, 0x0, 0x0, 0xc080}, 0x0) 12.214666332s ago: executing program 3 (id=1661): fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0) umount2(&(0x7f0000000340)='./file0\x00', 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x34, 0x2d, 0x101, 0x0, 0x0, "", [@nested={0x24, 0x0, 0x0, 0x1, [@typed={0xc, 0x11, 0x0, 0x0, @u64=0x8000000000000000}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}]}]}, 0x34}], 0x1}, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000002"]) openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0) 9.167313199s ago: executing program 0 (id=1669): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r2, 0x19, &(0x7f0000000080)={0xc4, 0xb}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x578410eb) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x19, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc84}, 0x94) r3 = getpid() capset(&(0x7f0000000140)={0x20080522}, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4, 0x5}) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@map=0x1, 0x2e, 0x0, 0x0, 0x0, 0xff7a, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x8, 0xd, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x7}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x5}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) wait4(0x0, 0x0, 0x80000000, 0x0) 8.621376085s ago: executing program 7 (id=1670): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x2a, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110390000000000950000006e590c23"], &(0x7f0000000480)='GPL\x00'}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x7, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0xfffc}}, 0x14}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x4, 0xfffffffd, 0x4, {0x0, 0x0, 0x0, 0x0, {}, {0x6, 0x4}, {0x3, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0xc587c39a81dc7c98) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000007c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xffe0, 0x10}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x4, 0xd}}]}}]}, 0x40}}, 0x801) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0xf2ff000000000000) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) ioperm(0x0, 0x2, 0x7e) futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1) r5 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000340)) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{0x0}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e3, &(0x7f0000000180)={r5, r6}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x4080801) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000180), 0x4) 8.461189424s ago: executing program 7 (id=1671): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003d80)=[{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000580)="af495476c553ddc8a6ab0d41bbf27f419850c7b7a59c81716a95ce2d1fa29383be4ae460f00373b28a6248e432dacd395bc32d4651122f3ed7cc220a0ad359ce6fa1a2800d563786bb1c918a1583", 0x4e}], 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4805}], 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$kcm(0x2, 0x1, 0x84) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x10}, 0x9c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0x29, 0x4) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="be9e7bf5fe9a7856011b5e4be3280ae9948208a9e6e9aeb19cd18b502a884ac795d6d767ab59b9d11bda1958656da8749ad2f7c0cd09215f37356a296848dcb4f16e24a7"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040), 0xe) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34c8, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 8.228869714s ago: executing program 2 (id=1672): keyctl$reject(0x14, 0x0, 0x1ffffffd, 0x8000000000000001, 0x0) r0 = geteuid() capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x7}) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000022000040"]) setreuid(r0, r2) 8.053902843s ago: executing program 0 (id=1673): socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4000, 0x3, 0x0, 0xffdfffff}, 0x10) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) getrandom(0x0, 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$phonet_pipe(0x23, 0x5, 0x2) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x2) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x5, 0x0, @buffer={0x2, 0x4f, &(0x7f00000000c0)=""/79}, &(0x7f0000000380)="259374c96e", 0x0, 0x0, 0x0, 0x0, 0x0}) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300), 0x12) landlock_restrict_self(0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x7ffffffe, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a001e00014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0) 8.00084341s ago: executing program 7 (id=1674): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket(0x2b, 0x80801, 0x1) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r2, 0x40049366, &(0x7f0000000180)) r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_FMT(r3, 0xc0d05604, &(0x7f0000000040)={0xa}) 7.849658897s ago: executing program 0 (id=1675): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000ddc0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x24, 0x0, 0x41046140, 0xffff, 0x0, 0xf7, 0x0, 0x0, 0x0, 0x9d5e236cac7a57c6}}, 0x50) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) r3 = syz_open_dev$loop(&(0x7f0000000180), 0x5, 0x105002) openat$smackfs_logging(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x404c4701, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r4, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) sendto$inet6(r2, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000002d40)={0x1, 0x1}, 0x8) 7.749313156s ago: executing program 2 (id=1677): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x1, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2152c, 0x800}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x1}, @IFLA_ADDRESS={0xa}]}, 0x34}}, 0x0) unlink(&(0x7f0000000080)='.\x00') r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x1}, 0x8) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000240)=',', 0x1}], 0x1) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r4, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) r5 = socket$rds(0x15, 0x5, 0x0) ppoll(&(0x7f00000000c0)=[{r5}], 0x1, 0x0, 0x0, 0x0) bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) sendmsg$rds(r5, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r5, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="f7", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="18"], 0x18}], 0x1, 0x0) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000002c0)=0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x2) 7.691800219s ago: executing program 6 (id=1678): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000) creat(0x0, 0x0) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r5, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) r7 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r8) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x70bd29, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0xfffffffe, 0x0, 0x0, 0xfff}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0x7}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x8000}, 0x0) write$FUSE_DIRENT(r5, &(0x7f0000002580)={0x1e0, 0x0, r6, [{0x1400000000000007, 0x1000000, 0x1b7, 0x0, '\x7f\xb4\xe4\xa3\xe8$I\x88\x8c\n}\xac\xa9\x0e\x92\x04\xbc\xd4\xba\xdb\xc6\xf9K\x0eS\x00\xbdu\xb9;\xcd\xeb\x1aL\xec?\x7f\\N\xe1E\x89\xc9f\xd1\x8ax\xf3\x81\x04KJ\v\xe9\x19H+\xdf\xe3\xdb\xa42Lh\xb8\xe4nL\xfe1\xd5`\x86Cc\xdd\xf2n\x0e\xa7\xf5\x86\x03\xee\xec8\xad\x06\xa8\xd70\xba\xa9\xae(\xc0\x063\xd5\xb6i\xeb\xae\xe2>f\xa1\xc7\xe8_\xd9\xae,\x8d\xb0\x01\xf0<\xd6_e\xa4F\x10\xc0\xc6\x10=\x17\x16\x1a\xd9\x8b\xafq\x1e_\xee \xbb\x92\x9f\x89\n\x1b\xaf\xa2DDi\xe4\x9begcv\xa1\xe4E\x8fs\x8e\xc6[.\x98\x0f;\xc3H5\xfb\x0e\xe8\xb2<>\r\xeb\x9b\f\xf6\x15\xf2\xc0&L\xec;\xca\xc0\xa3\xb6\x84\xc7h\x9c\x9d\xfdUY-o3\xce\x00\x003\x90\xdc\x9f\x95,\xb2\xa5\r\xcc\x98\xf5\x00\x00\x00\x00\x00\x00\x00\x00J\xf4\xa9\xd02S\fZ\xfb\xfc !e\x0e/\xeb\xc5\xfa\xe3\xf5\x9e\x91\xadJ\xbd+-n\xb4\xb8a4\xbc\xdf\x1d\xd8\xc1D\xff|G$\xf6\r\xf3\xad5O~\xa9q\t\xb4\x83\n\x06f\xf0\xb3\xa6\x04\xa7\xec\xfdz\xf3\xdaX\xc1SA\xe4x\xa1\xd9j\xaa\xbdT\xbe\xc7\x94\xa8\xe5w\x97\x11\b\f\xfc\xe6\x9ax\x11\x03R\x81\xc9\x90\x1fQ\xf7\xae(h\xd2\x8fj\tp\xf8VdY0\xa8\xc6|M?2J\x03\xff\xfaI\x9av\xf6^\x01R\xce@\xb4\xe5\b\x00!To\xdb}\xdd\x9d&|L+U\xb2\x10\xaeo\xe6\xf5\xcf\xb2\xb1\x10\x84\xd0\"\x96\xa8FstV\xb5:\xd7\x8cE\x95\x0e\fgJ\xba\xee\x17\x8b\xc2\xc1<@c\xc1\a\x17\b\x94\xb2\x06\xfb\x8e4\x0f\xcaT\xe1M\x98\x06M|\xa9\xb7\x9a\x82\xf4'}]}, 0x1e0) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x1c, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x0) 6.738650059s ago: executing program 3 (id=1679): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000047c0)=""/4060, 0xfdc}, {&(0x7f00000027c0)=""/4069, 0xfe5}, {&(0x7f0000000700)=""/244, 0xf4}, {&(0x7f00000005c0)=""/138, 0x8a}, {&(0x7f00000004c0)=""/38, 0x26}], 0x5}, 0x40000100) r1 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x5a2, 0x4000, 0x0, 0x144}, &(0x7f00000003c0)=0x0, &(0x7f00000001c0)) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r3], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x497, &(0x7f0000000680)={0x0, 0x549d, 0x8000, 0xfffffffe, 0x200}, &(0x7f0000000500)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x81, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x1}) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r5, &(0x7f00000002c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x75, 0x6000, @fd_index=0x9, 0x400000080000fff, 0x0, 0x0, 0x22, 0x0, {0x0, r6}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) r7 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x16fa, 0x800, 0x4, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000140)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r7, 0x3516, 0x0, 0x4, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r9 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r9, &(0x7f0000032680)=""/102400, 0x19000) read$alg(0xffffffffffffffff, 0x0, 0x0) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 6.645392751s ago: executing program 2 (id=1680): syz_io_uring_setup(0x10a, &(0x7f00000001c0)={0x0, 0x5883, 0x400, 0x0, 0xfffffdfc}, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000008c0)={{0x12, 0x1, 0x0, 0xf2, 0x6c, 0x44, 0x20, 0x84f, 0x1, 0xe0b8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xb2, 0x84, 0xbb}}]}}]}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000000c0)={&(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, 0xffffffffffffffff}) r2 = openat$cgroup_ro(r1, &(0x7f0000000100)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x64, 0x10, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21a8}, [@IFLA_IFNAME={0x14, 0x3, 'vcan0\x00'}, @IFLA_IFALIAS={0x14, 0x14, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0xfffffffe, 0x2}}]}]}]}, 0x64}}, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) r5 = syz_open_dev$video(&(0x7f0000000040), 0xa4, 0x0) ioctl$VIDIOC_S_FMT(r5, 0xc0d05640, &(0x7f0000000340)={0x1, @pix={0x0, 0x0, 0x30314442, 0x0, 0x0, 0x0, 0x7, 0xfeeddafe, 0x0, 0x0, 0x0, 0x4}}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="74010000", @ANYRES16=r7, @ANYBLOB="11060000000000000000010000000800050001000000200108803c0000801400040002000000ac1e00010000000000000000240001000000000000000000000000000000000000000000000000000000000000000000e0000080a400098028000080060001000a0000001400020020010000000000000000000000000001050003000100000028000080060001000a00000014000200ff010000000000000000000000000001050003000100000028000080060001000a00000014000200ff010000000000000000000000000001050003000300000028020080060001000a00000014000200ff0100000000000000000000000000010500030000000000240001000000000000000000000000000000000000000000000000000000000000000000140004000200000000000000000000000000000024000300000000000000000000000000000000000000000000000000000000000000000014000200776731"], 0x174}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000300)={&(0x7f0000000900)={0x9a8, r7, 0x10, 0x70bd2a, 0x25dfdbff, {}, [@WGDEVICE_A_PEERS={0x968, 0x8, 0x0, 0x1, [{0x3b0, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ALLOWEDIPS={0x14c, 0x9, 0x0, 0x1, [{0x148, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x1c}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_ALLOWEDIPS={0x204, 0x9, 0x0, 0x1, [{0x10c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x31}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x9}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x2}}]}, {0xf4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x27}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @multicast1}}]}, {0x68, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @loopback}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @private=0xa010101}}, @WGPEER_A_FLAGS={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x8, @loopback, 0x3e}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @broadcast}}]}, {0xa4, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x80, 0x9, 0x0, 0x1, [{0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @empty}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0xc2d, @local, 0x82}}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x5261}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @multicast1}}]}, {0xf0, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_FLAGS={0x8, 0x3, 0x6}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "97425bb248bfa8b259b42aa96d210a453421e5c50c3b90c9ad6d0dad189524fe"}, @WGPEER_A_ALLOWEDIPS={0xb0, 0x9, 0x0, 0x1, [{0xac, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}]}]}]}, {0x1dc, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x1d8, 0x9, 0x0, 0x1, [{0x13c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x2e}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xe}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x5, 0x3, 0x2}}]}]}]}, {0x17c, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x170, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x3}}]}, {0xb8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}]}, {0x4}]}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r8}]}, 0x9a8}, 0x1, 0x0, 0x0, 0x24000000}, 0x20044884) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000050000000000000f00000008000300", @ANYRES32=r9, @ANYBLOB], 0x2c}}, 0x0) 6.587972163s ago: executing program 6 (id=1681): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000000000000040"], &(0x7f0000000340)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x8b20, &(0x7f0000000040)={'veth0\x00', @multicast}) 5.914854734s ago: executing program 6 (id=1682): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', 0x0}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x8, 0x4, 0x400, 0x10100, 0x1, 0x4, '\x00', r1, r2, 0x3, 0x3, 0x5, 0xe, @void, @value, @value=r2}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x40004) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x22002, 0x0) ioctl$FBIOBLANK(r5, 0x4611, 0x2) ioctl$SNDCTL_SYNTH_MEMAVL(0xffffffffffffffff, 0xc004510e, &(0x7f0000000080)=0x5) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, 0x0, &(0x7f0000000000)=""/3, 0x2}, 0x20) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r6, 0x25, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x88, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_TUPLE_MASTER={0x24, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x88}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xfff3}}}, 0x24}}, 0x800) r8 = socket$phonet_pipe(0x23, 0x5, 0x2) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r9, 0x84, 0xa, &(0x7f00000002c0)={0x9, 0x3, 0x200, 0x0, 0x3, 0x0, 0xffffffff, 0x3ff}, 0x20) setsockopt$PNPIPE_ENCAP(r8, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) 5.745360499s ago: executing program 3 (id=1683): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILE_ALLOC_RANGE(r2, 0x19, &(0x7f0000000080)={0xc4, 0xb}, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x578410eb) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x19, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc84}, 0x94) r3 = getpid() capset(&(0x7f0000000140)={0x20080522}, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4, 0x5}) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000500)={@map=0x1, 0x2e, 0x0, 0x0, 0x0, 0xff7a, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x8, 0xd, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x7}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x5}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) wait4(0x0, 0x0, 0x80000000, 0x0) 5.557635211s ago: executing program 0 (id=1684): r0 = socket$netlink(0x10, 0x3, 0x14) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0xfffffffe, "", [{{0x9, 0x2, 'syz0\x00'}, {0x0, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0) 4.280806433s ago: executing program 0 (id=1685): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[], &(0x7f0000000100)=""/189, 0x3c, 0xbd, 0x1}, 0x28) r0 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000440)='/sys/fs/smackfs/load-self\x00', 0x2, 0x0) write$smackfs_load(r0, &(0x7f0000000100)=ANY=[], 0x36) 4.047875907s ago: executing program 0 (id=1686): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) r3 = getpid() socket$packet(0x11, 0x3, 0x300) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000009, 0x4031, r2, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000c000000", @ANYRES32=0x0, @ANYRES32], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x14, r1, 0xe985e4df3848afb5, 0x20}, 0x14}}, 0x0) 4.016095017s ago: executing program 3 (id=1687): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x60}, 0x1, 0x0, 0x0, 0x880}, 0x0) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_ifindex, @private}, 0x10) 3.975442085s ago: executing program 6 (id=1688): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000001340)=@raw={'raw\x00', 0x3c1, 0x3, 0x1b78, 0x1918, 0xffffff80, 0x178, 0x0, 0x178, 0x1aa8, 0x22b, 0x258, 0x1aa8, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x18b8, 0x1918, 0x340, {0x1e0002a8, 0x7203000000000000}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.cpu/syz0\x00'}}, @common=@unspec=@u32={{0x7e0}, {[{}, {[{}, {}, {}, {}, {}, {0x0, 0x1}]}, {}, {}, {}, {}, {[{}, {}, {}, {}, {}, {}, {0x1}]}]}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, [0xff, 0x0, 0xff, 0xffffff00], 0x4e21, 0x4e22, 0x4e23, 0x4e22, 0x7ff, 0x3, 0x7, 0x4, 0x5}}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_bridge\x00', 'ip6gre0\x00'}, 0x0, 0x160, 0x190, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @local, @private1}}, @common=@ipv6header={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1bd8) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000340)={0x1d, r7, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) r8 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r8, &(0x7f0000000100)={0x1d, r9}, 0x18) connect$can_j1939(r8, &(0x7f0000000080)={0x1d, r9, 0x0, {0x0, 0xf0, 0x2}, 0x1}, 0x18) sendmsg$can_j1939(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) connect$can_j1939(r6, &(0x7f0000000000)={0x1d, r7, 0x3, {0x2, 0xff, 0x3}, 0xfd}, 0x18) sendmsg$nl_route_sched(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r7, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a00)=ANY=[@ANYBLOB="300000001800010000000000000000000a800000ff03000600000000140001000000000000000000000000ce"], 0x30}}, 0x0) 3.80541472s ago: executing program 3 (id=1689): fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f00000001c0)='grpquota') syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0) umount2(&(0x7f0000000340)='./file0\x00', 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x34, 0x2d, 0x101, 0x0, 0x0, "", [@nested={0x24, 0x0, 0x0, 0x1, [@typed={0xc, 0x11, 0x0, 0x0, @u64=0x8000000000000000}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}}]}]}, 0x34}], 0x1}, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000000000000020100"]) openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0) 3.736257083s ago: executing program 7 (id=1690): socket$nl_route(0x10, 0x3, 0x0) socket(0x2b, 0x80801, 0x1) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4000, 0x3, 0x0, 0xffdfffff}, 0x10) getrandom(&(0x7f0000000400)=""/136, 0x88, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$phonet_pipe(0x23, 0x5, 0x2) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x10) r2 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x2) ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) r3 = syz_open_dev$sg(0x0, 0x0, 0x401) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x5, 0x0, @buffer={0x2, 0x4f, &(0x7f00000000c0)=""/79}, &(0x7f0000000380)="259374c96e", 0x0, 0x0, 0x0, 0x0, 0x0}) landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x1}, 0x18, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300), 0x12) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x48380, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) setsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x7ffffffe, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a001e00014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r0], 0x1c}}, 0x0) 3.080797019s ago: executing program 2 (id=1691): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x6, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000040)={0x1, 0x0, {0x2778f40c, 0x7, 0x4, 0x1}}) readv(0xffffffffffffffff, &(0x7f00000017c0), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'veth0_to_batadv\x00'}) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2000, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$kcm(0x11, 0xa, 0x300) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={r3, 0x0, 0xa}, 0xc) (fail_nth: 2) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB='\v\x00\x00\x00\b\x00\x00\x00\f\x00\x00\x00'], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r4}, 0x38) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0x2}, 0x18) 2.233391448s ago: executing program 6 (id=1692): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000100)=0x3b) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r1 = fcntl$getown(0xffffffffffffffff, 0x9) prlimit64(r1, 0xe, &(0x7f0000000080)={0x8, 0x8b}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x15) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000040)=0x80010, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x800000002, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xb, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000440)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0xe}, @ptr={0x70742a85, 0x0, &(0x7f00000008c0)=""/224, 0xe0, 0x1, 0x5}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x37}}, &(0x7f0000000180)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) sendmmsg$sock(r4, &(0x7f00000044c0), 0x4000000000001c0, 0x0) recvfrom(r5, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0) 1.497830929s ago: executing program 2 (id=1693): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000047c0)=""/4060, 0xfdc}, {&(0x7f00000027c0)=""/4069, 0xfe5}, {&(0x7f0000000700)=""/244, 0xf4}, {&(0x7f00000005c0)=""/138, 0x8a}, {&(0x7f00000004c0)=""/38, 0x26}], 0x5}, 0x40000100) r1 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x5a2, 0x4000, 0x0, 0x144}, &(0x7f00000003c0)=0x0, &(0x7f00000001c0)) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r3], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_setup(0x497, &(0x7f0000000680)={0x0, 0x549d, 0x8000, 0xfffffffe, 0x200}, &(0x7f0000000500)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x81, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x1}) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r5, &(0x7f00000002c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x75, 0x6000, @fd_index=0x9, 0x400000080000fff, 0x0, 0x0, 0x22, 0x0, {0x0, r6}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) r7 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x16fa, 0x800, 0x4, 0x8}, &(0x7f0000000340)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, 0x400, 0x1}) io_uring_enter(r7, 0x3516, 0x0, 0x4, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r10 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r10, &(0x7f0000032680)=""/102400, 0x19000) read$alg(0xffffffffffffffff, 0x0, 0x0) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.484924398s ago: executing program 7 (id=1694): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) kexec_load(0x0, 0x0, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 37.241246ms ago: executing program 2 (id=1695): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4a, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3, 0x0, 0x7}, 0x18) socket(0x28, 0x803, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000140)={0xffffffff, "030000000000000023000000debd12ffff00000000000000000020000400", 0xffffffffffffffff}) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f00000000c0)={0x40000001}) setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, &(0x7f0000000080)={'nat\x00', 0x0, 0x0, 0x0, [0x54, 0x0, 0x3, 0x3, 0xb], 0x0, 0x0}, 0x78) epoll_wait(r6, &(0x7f0000000580)=[{}], 0x1, 0x800) syz_open_dev$video(&(0x7f0000000000), 0xc000, 0x0) r7 = socket$netlink(0x10, 0x3, 0x4) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r8, &(0x7f00000004c0)={0x1a, 0x1, 0xc0, 0x1, 0x3f, 0x0, @remote}, 0x10) writev(r7, &(0x7f0000000140)=[{&(0x7f0000000040)="ab", 0x1}], 0x1) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000500), 0xa0201, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000980)={{0x3, 0x0, 0x24000000, 0x3ff, '\x00', 0x6}, 0x1, [0x9, 0x11, 0xfffffffffffffff9, 0x5, 0xf, 0x1, 0x0, 0xff, 0xfffffffffffffffc, 0x9, 0x5, 0x8, 0xfffffffffffffff7, 0x4, 0x3ff, 0x1, 0x36, 0x482, 0xc0010, 0x4000009, 0x1, 0x3ff, 0x7ff, 0x5, 0x80, 0x0, 0x4, 0x6, 0xffffffff, 0x9, 0x1, 0x71, 0xa, 0x2, 0x1ff, 0x7fffffff, 0x9, 0x4, 0x5, 0x10, 0xfffffffffffffff7, 0x16, 0x9db6, 0x7b, 0x4, 0x2, 0x5, 0x9, 0x0, 0x8, 0x3, 0x303, 0xa2, 0x8000, 0xd, 0x400, 0x9, 0x1fd, 0x3, 0x2, 0xc9a8, 0xffffffff, 0x3, 0x8, 0xffff, 0x0, 0x10000, 0xffffffffffffffff, 0x9, 0x3, 0x5, 0x9, 0xec, 0x7f, 0xffffffffffffffff, 0x100000004, 0x9f1a, 0xffffffffffffffff, 0xffffffff, 0x3, 0x0, 0x9, 0x800000000003, 0x9, 0x1, 0x4, 0x3, 0xa, 0x8, 0x8, 0x1, 0x2, 0x4, 0xbf, 0xe70, 0xfffffffffffffff7, 0xb, 0x8000000000000000, 0x6, 0x9, 0x5, 0x639, 0x8004000000000002, 0x4, 0x400, 0x9a06, 0x9, 0xffffffff00000000, 0x3, 0xb3, 0x200080000001, 0x5, 0xd30, 0x9, 0x400000000000004, 0x256, 0x6ff, 0x3, 0x7, 0x1ff, 0x6, 0x7, 0x0, 0x3, 0x7, 0x1000000000008, 0xfffffffffffffff7, 0x9]}) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) r9 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r9, 0x0, 0x0) 36.999179ms ago: executing program 7 (id=1696): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[], &(0x7f0000000100)=""/189, 0x3c, 0xbd, 0x1}, 0x28) r0 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000440)='/sys/fs/smackfs/load-self\x00', 0x2, 0x0) write$smackfs_load(r0, &(0x7f0000000100)=ANY=[], 0x36) 0s ago: executing program 6 (id=1697): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x7f67, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000040)={0x0, 0x0, {0x870, 0x0, 0x2025, 0x4, 0x0, 0x9, 0x0, 0x4}}) kernel console output (not intermixed with test programs): k: 'syz.0.774': attribute type 1 has an invalid length. [ 400.808435][ T8986] netlink: 228 bytes leftover after parsing attributes in process `syz.0.774'. [ 401.102081][ T8994] netlink: 4 bytes leftover after parsing attributes in process `syz.4.775'. [ 402.007840][ T8993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.773'. [ 404.531525][ T9012] syz.4.778: attempt to access beyond end of device [ 404.531525][ T9012] nbd4: rw=0, sector=2, nr_sectors = 1 limit=0 [ 404.544421][ T9012] hfs: can't find a HFS filesystem on dev nbd4 [ 405.310338][ T9033] tipc: Started in network mode [ 405.315285][ T9033] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 405.368245][ T9033] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 405.413650][ T9033] tipc: Enabled bearer , priority 10 [ 406.135006][ T9036] netlink: 'syz.4.787': attribute type 4 has an invalid length. [ 406.601171][ T5903] tipc: Node number set to 1 [ 408.967116][ T9071] netlink: 'syz.2.792': attribute type 30 has an invalid length. [ 410.048540][ T9091] FAULT_INJECTION: forcing a failure. [ 410.048540][ T9091] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 410.063293][ T9091] CPU: 0 UID: 0 PID: 9091 Comm: syz.0.799 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 410.063322][ T9091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 410.063339][ T9091] Call Trace: [ 410.063351][ T9091] [ 410.063360][ T9091] dump_stack_lvl+0x189/0x250 [ 410.063396][ T9091] ? __pfx____ratelimit+0x10/0x10 [ 410.063425][ T9091] ? __pfx_dump_stack_lvl+0x10/0x10 [ 410.063455][ T9091] ? __pfx__printk+0x10/0x10 [ 410.063515][ T9091] should_fail_ex+0x414/0x560 [ 410.063546][ T9091] _copy_to_user+0x31/0xb0 [ 410.063580][ T9091] simple_read_from_buffer+0xe1/0x170 [ 410.063612][ T9091] proc_fail_nth_read+0x1df/0x250 [ 410.063646][ T9091] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 410.063679][ T9091] ? rw_verify_area+0x258/0x650 [ 410.063702][ T9091] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 410.063733][ T9091] vfs_read+0x1fd/0x980 [ 410.063762][ T9091] ? __pfx___mutex_lock+0x10/0x10 [ 410.063793][ T9091] ? __pfx_vfs_read+0x10/0x10 [ 410.063817][ T9091] ? __fget_files+0x2a/0x420 [ 410.063849][ T9091] ? __fget_files+0x3a0/0x420 [ 410.063875][ T9091] ? __fget_files+0x2a/0x420 [ 410.063912][ T9091] ksys_read+0x145/0x250 [ 410.063939][ T9091] ? __pfx_ksys_read+0x10/0x10 [ 410.063959][ T9091] ? rcu_is_watching+0x15/0xb0 [ 410.063995][ T9091] ? do_syscall_64+0xbe/0x3b0 [ 410.064030][ T9091] do_syscall_64+0xfa/0x3b0 [ 410.064058][ T9091] ? lockdep_hardirqs_on+0x9c/0x150 [ 410.064086][ T9091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.064107][ T9091] ? clear_bhb_loop+0x60/0xb0 [ 410.064133][ T9091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.064153][ T9091] RIP: 0033:0x7fc95718d33c [ 410.064172][ T9091] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 410.064189][ T9091] RSP: 002b:00007fc958027030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 410.064218][ T9091] RAX: ffffffffffffffda RBX: 00007fc9573b5fa0 RCX: 00007fc95718d33c [ 410.064233][ T9091] RDX: 000000000000000f RSI: 00007fc9580270a0 RDI: 0000000000000004 [ 410.064246][ T9091] RBP: 00007fc958027090 R08: 0000000000000000 R09: 0000000000000000 [ 410.064259][ T9091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.064271][ T9091] R13: 0000000000000000 R14: 00007fc9573b5fa0 R15: 00007fff8c7763e8 [ 410.064303][ T9091] [ 410.958963][ T9099] netlink: 'syz.1.800': attribute type 4 has an invalid length. [ 413.896540][ T9110] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 414.135263][ T9117] netlink: 'syz.2.807': attribute type 11 has an invalid length. [ 414.494458][ T9139] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.814'. [ 414.552270][ T9139] bridge: RTM_NEWNEIGH with invalid state 0x1 [ 415.534546][ T5982] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.670064][ T5982] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.901736][ T9157] netlink: 12 bytes leftover after parsing attributes in process `syz.3.819'. [ 417.862007][ T5982] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.525823][ T5982] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.532306][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 419.542653][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 419.557126][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 419.565341][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 419.575000][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 419.735598][ T9176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.766980][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 419.871470][ T9176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.937098][ T5903] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 419.955035][ T9182] FAULT_INJECTION: forcing a failure. [ 419.955035][ T9182] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 419.975718][ T9182] CPU: 0 UID: 0 PID: 9182 Comm: syz.0.823 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 419.975747][ T9182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 419.975759][ T9182] Call Trace: [ 419.975768][ T9182] [ 419.975776][ T9182] dump_stack_lvl+0x189/0x250 [ 419.975810][ T9182] ? __pfx____ratelimit+0x10/0x10 [ 419.975838][ T9182] ? __pfx_dump_stack_lvl+0x10/0x10 [ 419.975866][ T9182] ? __pfx__printk+0x10/0x10 [ 419.975886][ T9182] ? __might_fault+0xb0/0x130 [ 419.975922][ T9182] should_fail_ex+0x414/0x560 [ 419.975949][ T9182] _copy_from_user+0x2d/0xb0 [ 419.975980][ T9182] __sys_sendto+0x25c/0x520 [ 419.976004][ T9182] ? __pfx___sys_sendto+0x10/0x10 [ 419.976022][ T9182] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 419.976082][ T9182] ? __fget_files+0x3a0/0x420 [ 419.976121][ T9182] ? ksys_write+0x22a/0x250 [ 419.976146][ T9182] ? __pfx_ksys_write+0x10/0x10 [ 419.976174][ T9182] ? rcu_is_watching+0x15/0xb0 [ 419.976209][ T9182] __x64_sys_sendto+0xde/0x100 [ 419.976235][ T9182] do_syscall_64+0xfa/0x3b0 [ 419.976263][ T9182] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.976291][ T9182] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.976312][ T9182] ? clear_bhb_loop+0x60/0xb0 [ 419.976338][ T9182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.976358][ T9182] RIP: 0033:0x7fc95718e929 [ 419.976376][ T9182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.976393][ T9182] RSP: 002b:00007fc958027038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 419.976416][ T9182] RAX: ffffffffffffffda RBX: 00007fc9573b5fa0 RCX: 00007fc95718e929 [ 419.976444][ T9182] RDX: 0000000000000016 RSI: 0000200000000180 RDI: 0000000000000003 [ 419.976456][ T9182] RBP: 00007fc958027090 R08: 0000200000000140 R09: 0000000000000014 [ 419.976470][ T9182] R10: 0000000000040080 R11: 0000000000000246 R12: 0000000000000001 [ 419.976482][ T9182] R13: 0000000000000000 R14: 00007fc9573b5fa0 R15: 00007fff8c7763e8 [ 419.976513][ T9182] [ 420.259124][ T5903] usb 4-1: config 128 has an invalid interface association descriptor of length 7, skipping [ 420.277363][ T5903] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 420.331350][ T5982] bridge_slave_1: left allmulticast mode [ 420.337849][ T5982] bridge_slave_1: left promiscuous mode [ 420.345208][ T5982] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.427375][ T5903] usb 4-1: config 128 has 0 interfaces, different from the descriptor's value: 5 [ 420.480612][ T5903] usb 4-1: New USB device found, idVendor=0763, idProduct=2019, bcdDevice=a0.36 [ 420.481947][ T5982] bridge_slave_0: left allmulticast mode [ 420.516938][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.539445][ T5982] bridge_slave_0: left promiscuous mode [ 420.545350][ T5982] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.614434][ T5903] usb 4-1: can't set config #128, error -71 [ 420.786917][ T5903] usb 4-1: USB disconnect, device number 15 [ 420.811797][ T9197] netlink: 'syz.2.825': attribute type 30 has an invalid length. [ 421.608728][ T5823] Bluetooth: hci2: command tx timeout [ 424.125653][ T5823] Bluetooth: hci2: command tx timeout [ 424.963057][ T9237] netlink: 12 bytes leftover after parsing attributes in process `syz.4.833'. [ 425.187838][ T5982] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 426.010703][ T5982] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 426.041698][ T5982] bond0 (unregistering): Released all slaves [ 426.167299][ T5836] Bluetooth: hci2: command tx timeout [ 426.261092][ T5982] bond1 (unregistering): Released all slaves [ 426.288366][ T9169] chnl_net:caif_netlink_parms(): no params data found [ 426.297290][ T5890] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 426.506959][ T5890] usb 5-1: Using ep0 maxpacket: 32 [ 426.543972][ T5890] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 426.563798][ T5890] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 426.575308][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.605352][ T5890] usb 5-1: Product: syz [ 426.609906][ T5890] usb 5-1: Manufacturer: syz [ 426.614887][ T5890] usb 5-1: SerialNumber: syz [ 426.681210][ T5890] usb 5-1: config 0 descriptor?? [ 426.717756][ T5890] cdc_ether 5-1:0.0: probe with driver cdc_ether failed with error -22 [ 426.749023][ T5890] usb 5-1: unsupported MDLM descriptors [ 426.815490][ T5982] tipc: Left network mode [ 426.856664][ T9255] syz.2.837: attempt to access beyond end of device [ 426.856664][ T9255] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0 [ 426.870643][ T9255] ADFS-fs (nbd2): error: unable to read block 3, try 0 [ 427.632631][ T9265] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 427.668553][ T9268] netlink: 'syz.3.838': attribute type 1 has an invalid length. [ 427.687537][ T9265] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 427.711532][ T9264] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 427.893603][ T9274] netlink: 36 bytes leftover after parsing attributes in process `syz.3.838'. [ 428.114840][ T9281] netlink: 'syz.2.841': attribute type 30 has an invalid length. [ 428.214643][ T9260] veth5: entered promiscuous mode [ 428.249055][ T5836] Bluetooth: hci2: command tx timeout [ 428.303850][ T9286] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 428.327888][ T6860] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 428.338438][ T9169] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.361135][ T9169] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.406820][ T9169] bridge_slave_0: entered allmulticast mode [ 428.435174][ T9169] bridge_slave_0: entered promiscuous mode [ 428.457360][ T9290] x_tables: duplicate underflow at hook 1 [ 428.472990][ T9169] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.482716][ T9169] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.498071][ T9169] bridge_slave_1: entered allmulticast mode [ 428.525941][ T9169] bridge_slave_1: entered promiscuous mode [ 428.546598][ T6860] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 428.561667][ T6860] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 428.639151][ T6860] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 428.670019][ T6860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 428.681570][ T6860] usb 4-1: SerialNumber: syz [ 428.839378][ T9169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 428.873443][ T9169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 429.005915][ T5982] hsr_slave_0: left promiscuous mode [ 429.013027][ T5982] hsr_slave_1: left promiscuous mode [ 429.020311][ T5982] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 429.037528][ T5982] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 429.170720][ T5982] veth1_macvtap: left promiscuous mode [ 429.201566][ T5982] veth0_macvtap: left promiscuous mode [ 429.220690][ T5890] usb 5-1: USB disconnect, device number 21 [ 429.224642][ T5982] veth1_vlan: left promiscuous mode [ 429.235205][ T5982] veth0_vlan: left promiscuous mode [ 429.832591][ T9301] syz.2.843: attempt to access beyond end of device [ 429.832591][ T9301] nbd2: rw=0, sector=2, nr_sectors = 1 limit=0 [ 429.845966][ T9301] hfs: can't find a HFS filesystem on dev nbd2 [ 430.286284][ T6860] usb 4-1: 0:2 : does not exist [ 430.302157][ T6860] usb 4-1: unit 5: unexpected type 0x0a [ 430.386588][ T6860] usb 4-1: USB disconnect, device number 16 [ 430.462741][ T9259] udevd[9259]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 431.737168][ T9319] netlink: 'syz.0.848': attribute type 30 has an invalid length. [ 432.922515][ T5982] team0 (unregistering): Port device team_slave_1 removed [ 432.991530][ T5982] team0 (unregistering): Port device team_slave_0 removed [ 433.197383][ T9328] netlink: 'syz.0.851': attribute type 30 has an invalid length. [ 433.629177][ T5890] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 434.107472][ T5890] usb 5-1: Using ep0 maxpacket: 32 [ 434.114483][ T5890] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 434.139623][ T5890] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 434.153826][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.168542][ T5890] usb 5-1: Product: syz [ 434.176206][ T5890] usb 5-1: Manufacturer: syz [ 434.194509][ T5890] usb 5-1: SerialNumber: syz [ 434.206475][ T5890] usb 5-1: config 0 descriptor?? [ 434.229389][ T5890] cdc_ether 5-1:0.0: probe with driver cdc_ether failed with error -22 [ 434.238886][ T5890] usb 5-1: unsupported MDLM descriptors [ 434.412210][ T9169] team0: Port device team_slave_0 added [ 434.463698][ T9333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 434.486008][ T9333] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 434.613763][ T9169] team0: Port device team_slave_1 added [ 434.711292][ T9347] netlink: 'syz.3.854': attribute type 1 has an invalid length. [ 434.839786][ T9345] veth7: entered promiscuous mode [ 435.003779][ T9356] netlink: 36 bytes leftover after parsing attributes in process `syz.3.854'. [ 435.209739][ T6860] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 435.820349][ T9169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 435.887017][ T6860] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 435.911950][ T9169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 435.935670][ T6860] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 435.938010][ C1] vkms_vblank_simulate: vblank timer overrun [ 435.982233][ T9359] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 436.009917][ T6860] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 436.026952][ T6860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 436.061756][ T6860] usb 4-1: SerialNumber: syz [ 436.083505][ T9169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 436.150259][ T9169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 436.186131][ T9169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 436.212242][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.227276][ T9169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 436.609934][ T5890] usb 5-1: USB disconnect, device number 22 [ 436.617727][ T9169] hsr_slave_0: entered promiscuous mode [ 436.635159][ T9169] hsr_slave_1: entered promiscuous mode [ 436.659589][ T9169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 436.669441][ T9169] Cannot create hsr debugfs directory [ 436.779920][ T9374] netlink: 'syz.0.859': attribute type 30 has an invalid length. [ 438.458747][ T6860] usb 4-1: 0:2 : does not exist [ 438.463687][ T6860] usb 4-1: unit 5: unexpected type 0x0a [ 438.541103][ T6860] usb 4-1: USB disconnect, device number 17 [ 438.733322][ T9259] udevd[9259]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 438.756675][ T9386] netlink: 'syz.0.861': attribute type 30 has an invalid length. [ 440.017743][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.026101][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.101786][ T9404] netlink: 'syz.4.865': attribute type 1 has an invalid length. [ 441.549841][ T9422] netlink: 'syz.3.870': attribute type 30 has an invalid length. [ 441.578639][ T9404] 8021q: adding VLAN 0 to HW filter on device bond1 [ 442.255490][ T9431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.872'. [ 442.281384][ T9169] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 442.306882][ T9434] netlink: 'syz.3.873': attribute type 30 has an invalid length. [ 442.366045][ T9169] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 442.408419][ T9439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.872'. [ 442.438911][ T9169] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 443.351913][ T9445] ucma_write: process 647 (syz.4.871) changed security contexts after opening file descriptor, this is not allowed. [ 443.379973][ T9169] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 443.737172][ T6849] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 444.178317][ T9169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 444.192289][ T6849] usb 3-1: Using ep0 maxpacket: 32 [ 444.211797][ T6849] usb 3-1: config 0 has an invalid interface number: 183 but max is 0 [ 444.230485][ T6849] usb 3-1: config 0 has no interface number 0 [ 444.232481][ T9465] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 444.261365][ T6849] usb 3-1: config 0 interface 183 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 528 [ 444.317897][ T6849] usb 3-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=70.f8 [ 444.341489][ T9169] 8021q: adding VLAN 0 to HW filter on device team0 [ 444.348194][ T6849] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.348291][ T6849] usb 3-1: Product: syz [ 444.426160][ T6849] usb 3-1: Manufacturer: syz [ 444.445805][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.454112][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.486976][ T6849] usb 3-1: SerialNumber: syz [ 444.504836][ T6849] usb 3-1: config 0 descriptor?? [ 444.530049][ T6860] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 444.531223][ T9452] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 444.589179][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.596390][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.931308][ T9485] netlink: 'syz.3.882': attribute type 30 has an invalid length. [ 445.454775][ T9487] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 445.544179][ T9479] Can't find ip_set type ha3h:net,port [ 445.624311][ T6849] net1080 3-1:0.183 usb0: register 'net1080' at usb-dummy_hcd.2-1, NetChip TurboCONNECT, ca:7f:d8:73:86:b1 [ 445.849381][ T9492] netlink: 'syz.3.883': attribute type 30 has an invalid length. [ 446.234074][ T6860] usb 3-1: USB disconnect, device number 14 [ 446.273700][ T6860] net1080 3-1:0.183 usb0: unregister 'net1080' usb-dummy_hcd.2-1, NetChip TurboCONNECT [ 447.365100][ T9169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 448.871354][ T9536] netlink: 132 bytes leftover after parsing attributes in process `syz.4.891'. [ 449.007084][ T9537] netlink: 8 bytes leftover after parsing attributes in process `syz.4.891'. [ 449.847557][ T9547] netlink: 'syz.0.892': attribute type 30 has an invalid length. [ 449.895264][ T9169] veth0_vlan: entered promiscuous mode [ 449.921057][ T9169] veth1_vlan: entered promiscuous mode [ 449.986499][ T9556] netlink: 'syz.3.894': attribute type 30 has an invalid length. [ 450.060776][ T9169] veth0_macvtap: entered promiscuous mode [ 450.085907][ T9169] veth1_macvtap: entered promiscuous mode [ 450.120393][ T9169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 450.151032][ T9169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 450.171965][ T9169] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.183351][ T9169] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.196087][ T9169] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.211760][ T9169] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.127766][ T9580] IPVS: length: 129 != 8 [ 452.290207][ T6069] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.346987][ T6069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.607686][ T9590] input: syz0 as /devices/virtual/input/input9 [ 452.992400][ T3461] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.032812][ T3461] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.321254][ T9605] netlink: 'syz.2.905': attribute type 30 has an invalid length. [ 453.418794][ T24] psmouse serio2: Failed to reset mouse on : -5 [ 453.876494][ T9610] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 454.246747][ T9614] netlink: 'syz.2.907': attribute type 30 has an invalid length. [ 457.954717][ T9641] misc userio: Invalid payload size [ 459.243881][ T9658] netlink: 'syz.5.916': attribute type 30 has an invalid length. [ 459.527607][ T24] misc userio: Buffer overflowed, userio client isn't keeping up [ 459.554623][ T9659] netlink: 4 bytes leftover after parsing attributes in process `syz.4.915'. [ 460.033341][ T9669] capability: warning: `syz.5.918' uses 32-bit capabilities (legacy support in use) [ 460.419778][ T9674] netlink: 'syz.2.919': attribute type 30 has an invalid length. [ 460.824579][ T24] input: PS/2 Generic Mouse as /devices/serio2/input/input10 [ 461.832492][ T9681] kernel profiling enabled (shift: 17) [ 462.026961][ T24] psmouse serio2: Failed to enable mouse on [ 463.737151][ T5890] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 464.073911][ T9710] No such timeout policy "syz1" [ 464.787343][ T5890] usb 3-1: Using ep0 maxpacket: 32 [ 464.797821][ T5890] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 464.806051][ T5890] usb 3-1: config 0 has no interface number 0 [ 464.813269][ T5890] usb 3-1: config 0 interface 184 has no altsetting 0 [ 464.823745][ T5890] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 464.866437][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.091054][ T5890] usb 3-1: Product: syz [ 465.136131][ T9717] netlink: 'syz.0.928': attribute type 30 has an invalid length. [ 465.409351][ T5890] usb 3-1: Manufacturer: syz [ 465.434385][ T5890] usb 3-1: SerialNumber: syz [ 465.477018][ T6860] IPVS: starting estimator thread 0... [ 465.508328][ T5890] usb 3-1: config 0 descriptor?? [ 465.531971][ T5890] usb 3-1: can't set config #0, error -71 [ 465.560370][ T5890] usb 3-1: USB disconnect, device number 15 [ 465.581277][ T9718] IPVS: using max 27 ests per chain, 64800 per kthread [ 465.646593][ T9724] netlink: 132 bytes leftover after parsing attributes in process `syz.2.930'. [ 466.426200][ T9736] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 466.662921][ T9748] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 468.269156][ T9774] netlink: 'syz.5.944': attribute type 30 has an invalid length. [ 468.761672][ T9783] netlink: 'syz.2.946': attribute type 1 has an invalid length. [ 468.772805][ T9783] netlink: 228 bytes leftover after parsing attributes in process `syz.2.946'. [ 469.268730][ T9795] netlink: 4 bytes leftover after parsing attributes in process `syz.5.948'. [ 469.279069][ T9795] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 469.483941][ T9796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.947'. [ 470.311560][ T9804] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 470.843372][ T9795] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 471.078801][ T9811] netlink: 4 bytes leftover after parsing attributes in process `syz.4.951'. [ 472.524418][ T9815] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 472.739350][ T9824] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 473.507091][ T6847] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 473.731358][ T9840] netlink: 'syz.5.958': attribute type 30 has an invalid length. [ 473.941586][ T6847] usb 3-1: Using ep0 maxpacket: 8 [ 473.957173][ T6847] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89 [ 473.986645][ T6847] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 474.519062][ T6847] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 474.535643][ T6847] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.544015][ T6847] usb 3-1: Product: syz [ 474.558494][ T6847] usb 3-1: Manufacturer: syz [ 474.591879][ T6847] usb 3-1: SerialNumber: syz [ 474.624090][ T6847] usb 3-1: config 0 descriptor?? [ 474.678532][ T6847] streamzap 3-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200 [ 476.461975][ T9859] ceph: No mds server is up or the cluster is laggy [ 476.470031][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 476.476994][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 476.779919][ T5890] libceph: connect (1)[c::]:6789 error -101 [ 479.856642][ T5890] libceph: mon0 (1)[c::]:6789 connect error [ 479.899264][ T5890] usb 3-1: USB disconnect, device number 16 [ 479.957238][ T6863] libceph: connect (1)[c::]:6789 error -101 [ 479.981472][ T6863] libceph: mon0 (1)[c::]:6789 connect error [ 480.286774][ T6863] libceph: connect (1)[c::]:6789 error -101 [ 480.837023][ T6863] libceph: mon0 (1)[c::]:6789 connect error [ 481.858829][ T9889] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 482.526676][ T9901] netlink: 68 bytes leftover after parsing attributes in process `syz.3.967'. [ 483.508534][ T9907] ip6erspan1: entered allmulticast mode [ 483.546190][ T9911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.968'. [ 485.514939][ T9926] netlink: 'syz.2.972': attribute type 30 has an invalid length. [ 486.405793][ T9946] netlink: 'syz.3.977': attribute type 4 has an invalid length. [ 486.421773][ T9946] CUSE: unknown device info "KJ éH+ßãÛ¤2Lh¸änLþ1Õ`†CcÝòn§õ†îì8­¨×0º©®(À3Õ¶ië®â>f¡Çè_Ù®,°ð<Ö_e¤FÀÆ" [ 486.435536][ T9946] CUSE: unknown device info "3ÜŸ•,²¥Ì˜õ" [ 486.442012][ T9946] CUSE: unknown device info "Jô©Ð2S Zûü !e/ëÅúãõž‘­J½+-n´¸a4¼ßØÁDÿ|G$öó­5O~©q ´ƒ [ 486.442012][ T9946] f𳦧ìýzóÚXÁSAäx¡Ùjª½T¾Ç”¨åw— üæšxRÉQ÷®(hÒj pøVdY0¨Æ|M?2JÿúIšvö^RÎ@´å" [ 486.463929][ T9946] CUSE: unknown device info "!ToÛ}Ý&|L+U²®oæõϲ±„Ð"–¨FstVµ:׌E• gJºî‹ÂÁ<@cÁ”²ûŽ4ÊTáM˜M|©·š‚ô" [ 486.505401][ T9946] CUSE: DEVNAME unspecified [ 488.028553][ T9955] netlink: 'syz.5.979': attribute type 30 has an invalid length. [ 488.213290][ T9964] netlink: 20 bytes leftover after parsing attributes in process `syz.2.981'. [ 491.844447][ T9993] netlink: 'syz.3.986': attribute type 30 has an invalid length. [ 492.539426][T10005] syz.0.989: attempt to access beyond end of device [ 492.539426][T10005] nbd0: rw=0, sector=2, nr_sectors = 1 limit=0 [ 492.552687][T10005] hfs: can't find a HFS filesystem on dev nbd0 [ 494.236996][ T6847] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 494.427220][ T6847] usb 6-1: device descriptor read/64, error -71 [ 495.177212][ T6847] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 495.225694][T10025] netlink: 'syz.2.994': attribute type 30 has an invalid length. [ 495.451702][ T6847] usb 6-1: device descriptor read/64, error -71 [ 495.607429][ T6847] usb usb6-port1: attempt power cycle [ 495.862405][T10052] netlink: 'syz.0.998': attribute type 30 has an invalid length. [ 495.987212][ T6847] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 496.112458][ T6847] usb 6-1: device descriptor read/8, error -71 [ 496.417491][ T6847] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 497.153446][T10060] mkiss: ax0: crc mode is auto. [ 498.627389][ T6847] usb 6-1: device not accepting address 5, error -71 [ 498.806955][T10069] syz.5.1003: attempt to access beyond end of device [ 498.806955][T10069] nbd5: rw=0, sector=2, nr_sectors = 1 limit=0 [ 498.820265][T10069] hfs: can't find a HFS filesystem on dev nbd5 [ 499.302469][ T6847] usb usb6-port1: unable to enumerate USB device [ 501.207755][T10074] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1006'. [ 501.500141][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.506666][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.589514][T10101] netlink: 'syz.2.1009': attribute type 30 has an invalid length. [ 502.773896][T10109] netlink: 'syz.4.1012': attribute type 30 has an invalid length. [ 503.123484][T10120] CUSE: unknown device info "KJ éH+ßãÛ¤2Lh¸änLþ1Õ`†CcÝòn§õ†îì8­¨×0º©®(À3Õ¶ië®â>f¡Çè_Ù®,°ð<Ö_e¤FÀÆ" [ 503.135915][T10120] CUSE: unknown device info "3ÜŸ•,²¥Ì˜õ" [ 503.145278][T10120] CUSE: unknown device info "Jô©Ð2S Zûü !e/ëÅúãõž‘­J½+-n´¸a4¼ßØÁDÿ|G$öó­5O~©q ´ƒ [ 503.145278][T10120] f𳦧ìýzóÚXÁSAäx¡Ùjª½T¾Ç”¨åw— üæšxRÉQ÷®(hÒj pøVdY0¨Æ|M?2JÿúIšvö^RÎ@´å" [ 503.164280][T10120] CUSE: unknown device info "!ToÛ}Ý&|L+U²®oæõϲ±„Ð"–¨FstVµ:׌E• gJºî‹ÂÁ<@cÁ”²ûŽ4ÊTáM˜M|©·š‚ô" [ 503.175847][T10120] CUSE: DEVNAME unspecified [ 505.058829][T10139] ALSA: mixer_oss: invalid OSS volume 'LI' [ 506.333107][T10153] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1020'. [ 507.566308][T10174] netlink: 'syz.3.1023': attribute type 30 has an invalid length. [ 508.389123][T10183] netlink: 'syz.4.1024': attribute type 30 has an invalid length. [ 508.880520][T10187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1025'. [ 509.643560][T10207] FAULT_INJECTION: forcing a failure. [ 509.643560][T10207] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 509.681371][T10207] CPU: 0 UID: 0 PID: 10207 Comm: syz.0.1030 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 509.681403][T10207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 509.681417][T10207] Call Trace: [ 509.681426][T10207] [ 509.681436][T10207] dump_stack_lvl+0x189/0x250 [ 509.681473][T10207] ? __pfx____ratelimit+0x10/0x10 [ 509.681503][T10207] ? __pfx_dump_stack_lvl+0x10/0x10 [ 509.681532][T10207] ? __pfx__printk+0x10/0x10 [ 509.681553][T10207] ? __might_fault+0xb0/0x130 [ 509.681591][T10207] should_fail_ex+0x414/0x560 [ 509.681621][T10207] _copy_from_user+0x2d/0xb0 [ 509.681652][T10207] ___sys_sendmsg+0x158/0x2a0 [ 509.681680][T10207] ? __pfx____sys_sendmsg+0x10/0x10 [ 509.681744][T10207] ? __fget_files+0x2a/0x420 [ 509.681770][T10207] ? __fget_files+0x3a0/0x420 [ 509.681809][T10207] __x64_sys_sendmsg+0x19b/0x260 [ 509.681836][T10207] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 509.681870][T10207] ? __pfx_ksys_write+0x10/0x10 [ 509.681891][T10207] ? rcu_is_watching+0x15/0xb0 [ 509.681926][T10207] ? do_syscall_64+0xbe/0x3b0 [ 509.681959][T10207] do_syscall_64+0xfa/0x3b0 [ 509.681985][T10207] ? lockdep_hardirqs_on+0x9c/0x150 [ 509.682014][T10207] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.682034][T10207] ? clear_bhb_loop+0x60/0xb0 [ 509.682059][T10207] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.682079][T10207] RIP: 0033:0x7fc95718e929 [ 509.682097][T10207] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.682116][T10207] RSP: 002b:00007fc958027038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 509.682138][T10207] RAX: ffffffffffffffda RBX: 00007fc9573b5fa0 RCX: 00007fc95718e929 [ 509.682161][T10207] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 509.682174][T10207] RBP: 00007fc958027090 R08: 0000000000000000 R09: 0000000000000000 [ 509.682187][T10207] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 509.682200][T10207] R13: 0000000000000000 R14: 00007fc9573b5fa0 R15: 00007fff8c7763e8 [ 509.682232][T10207] [ 511.468185][T10233] netlink: 'syz.2.1037': attribute type 30 has an invalid length. [ 512.555771][T10244] netlink: 'syz.5.1038': attribute type 30 has an invalid length. [ 512.715987][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 512.716007][ T30] audit: type=1326 audit(1751427590.592:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 512.823812][ T30] audit: type=1326 audit(1751427590.602:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 512.909534][ T30] audit: type=1326 audit(1751427590.612:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 512.940380][ T30] audit: type=1326 audit(1751427590.612:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 512.963193][ T30] audit: type=1326 audit(1751427590.612:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 512.986360][ T30] audit: type=1326 audit(1751427590.622:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 513.028521][ T30] audit: type=1326 audit(1751427590.622:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 513.063991][T10251] 8021q: adding VLAN 0 to HW filter on device bond1 [ 513.082600][ T30] audit: type=1326 audit(1751427590.622:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 513.105398][ T30] audit: type=1326 audit(1751427590.622:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 513.128588][ T30] audit: type=1326 audit(1751427590.632:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.5.1039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6588d8e929 code=0x7ffc0000 [ 513.297892][T10261] netlink: 'syz.3.1035': attribute type 10 has an invalid length. [ 513.747739][T10261] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 513.758756][T10261] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 514.457085][ T6849] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 515.176971][ T6849] usb 6-1: Using ep0 maxpacket: 32 [ 515.186537][ T6849] usb 6-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 64 [ 515.197526][T10301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1047'. [ 515.206566][ T6849] usb 6-1: config 1 interface 0 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 515.250287][ T6849] usb 6-1: config 1 interface 0 has no altsetting 0 [ 515.296215][ T6849] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 515.319463][ T6849] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.350786][ T6849] usb 6-1: Product: syz [ 515.355377][ T6849] usb 6-1: Manufacturer: Ñ… [ 515.380949][ T6849] usb 6-1: SerialNumber: syz [ 515.399913][T10282] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 515.417940][T10282] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 515.600798][T10312] netlink: 'syz.3.1049': attribute type 30 has an invalid length. [ 515.901097][ T6849] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 9 proto 1 vid 0x0525 pid 0xA4A8 [ 516.088045][ T6849] usb 6-1: USB disconnect, device number 6 [ 516.266763][T10321] netlink: 'syz.2.1051': attribute type 30 has an invalid length. [ 516.705911][ T6849] usblp0: removed [ 516.910957][T10324] SET target dimension over the limit! [ 516.998340][ T6849] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 517.186980][ T6849] usb 6-1: Using ep0 maxpacket: 32 [ 517.429253][ T6849] usb 6-1: device descriptor read/all, error -71 [ 517.665548][T10336] netlink: 'syz.3.1057': attribute type 1 has an invalid length. [ 517.839901][ T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 518.537626][ T24] usb 1-1: device descriptor read/64, error -71 [ 518.899115][T10335] veth9: entered promiscuous mode [ 519.027226][ T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 519.177014][ T24] usb 1-1: device descriptor read/64, error -71 [ 519.225973][T10337] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1057'. [ 519.314047][ T24] usb usb1-port1: attempt power cycle [ 519.530417][ T6850] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 519.678053][ T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 519.719590][ T24] usb 1-1: device descriptor read/8, error -71 [ 519.749695][ T6850] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 519.795339][ T6850] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 519.852746][ T6850] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 519.872841][ T6850] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 519.889439][ T6850] usb 4-1: SerialNumber: syz [ 519.956971][ T24] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 519.988332][ T24] usb 1-1: device descriptor read/8, error -71 [ 520.057145][T10361] netlink: 'syz.2.1059': attribute type 10 has an invalid length. [ 520.094822][T10361] 8021q: adding VLAN 0 to HW filter on device team0 [ 520.104092][ T24] usb usb1-port1: unable to enumerate USB device [ 520.118647][T10361] bond0: (slave team0): Enslaving as an active interface with an up link [ 521.599555][ T6850] usb 4-1: 0:2 : does not exist [ 521.639155][ T6850] usb 4-1: unit 5: unexpected type 0x0a [ 521.862608][ T6850] usb 4-1: USB disconnect, device number 18 [ 521.901313][T10386] afs: Unknown parameter 'dynimer' [ 522.038709][T10314] udevd[10314]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 522.704797][T10384] netlink: 'syz.2.1063': attribute type 30 has an invalid length. [ 524.490168][ T6860] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 524.702426][ T6860] usb 6-1: Using ep0 maxpacket: 32 [ 525.088346][ T6860] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 525.116943][ T6860] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 525.159810][ T6860] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 525.198459][ T6860] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.224262][ T6860] usb 6-1: config 0 descriptor?? [ 525.557031][ T5903] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 525.649239][T10433] veth5: entered promiscuous mode [ 525.667508][T10433] netlink: 'syz.0.1075': attribute type 1 has an invalid length. [ 525.714890][ T6860] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0 [ 525.739310][ T5903] usb 3-1: not running at top speed; connect to a high speed hub [ 525.769009][ T5903] usb 3-1: config 64 has an invalid interface number: 3 but max is 0 [ 525.810794][ T5903] usb 3-1: config 64 has an invalid interface number: 3 but max is 0 [ 525.821214][T10441] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1075'. [ 525.840580][ T5903] usb 3-1: config 64 has no interface number 0 [ 525.864071][ T5903] usb 3-1: config 64 interface 3 altsetting 5 endpoint 0x84 has invalid maxpacket 1023, setting to 64 [ 525.895775][ T5823] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 525.906757][ T5823] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 525.915841][ T5823] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 525.924057][ T5823] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 525.932044][ T5823] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 525.945738][ T5903] usb 3-1: config 64 interface 3 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 525.957673][ T5903] usb 3-1: config 64 interface 3 altsetting 5 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 525.980389][ T5903] usb 3-1: config 64 interface 3 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 525.991631][ T5903] usb 3-1: config 64 interface 3 altsetting 5 has a duplicate endpoint with address 0x86, skipping [ 526.002844][ T5903] usb 3-1: config 64 interface 3 altsetting 5 has a duplicate endpoint with address 0xF, skipping [ 526.013949][ T5903] usb 3-1: config 64 interface 3 altsetting 5 has 8 endpoint descriptors, different from the interface descriptor's value: 12 [ 526.027279][ T5903] usb 3-1: too many endpoints for config 64 interface 3 altsetting 71: 118, using maximum allowed: 30 [ 526.038884][ T5903] usb 3-1: config 64 interface 3 altsetting 71 has a duplicate endpoint with address 0x9, skipping [ 526.049845][ T5903] usb 3-1: config 64 interface 3 altsetting 71 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 526.067031][ T5903] usb 3-1: config 64 interface 3 altsetting 71 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 526.079211][ T5903] usb 3-1: config 64 interface 3 altsetting 71 has 5 endpoint descriptors, different from the interface descriptor's value: 118 [ 526.093756][ T5903] usb 3-1: config 64 interface 3 has no altsetting 0 [ 526.106872][ T5903] usb 3-1: config 64 interface 3 has no altsetting 1 [ 526.120062][ T5903] usb 3-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=84.b8 [ 526.135047][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.153545][ T5903] usb 3-1: Product: ц [ 526.160208][ T5903] usb 3-1: Manufacturer: á ‰ [ 526.166549][ T5903] usb 3-1: SerialNumber: â°‰ [ 526.178546][ T6860] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 526.189050][T10425] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 526.378998][ T6860] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 526.418269][ T6860] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 526.456373][ T6860] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 526.474600][ T6860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 526.504071][ T6860] usb 1-1: SerialNumber: syz [ 526.527123][T10425] ipvlan2: entered promiscuous mode [ 526.537647][T10425] ipvlan2: entered allmulticast mode [ 526.543108][T10425] macvlan1: entered allmulticast mode [ 526.549286][T10425] veth1_vlan: entered allmulticast mode [ 526.700370][ T6865] usb 6-1: USB disconnect, device number 9 [ 526.784796][ T5903] usb 3-1: USB disconnect, device number 17 [ 527.201255][T10467] loop6: detected capacity change from 0 to 63 [ 527.214345][T10467] buffer_io_error: 7 callbacks suppressed [ 527.214366][T10467] Buffer I/O error on dev loop6, logical block 0, async page read [ 527.228576][T10467] Buffer I/O error on dev loop6, logical block 0, async page read [ 527.236771][T10467] Buffer I/O error on dev loop6, logical block 0, async page read [ 527.245211][T10467] Buffer I/O error on dev loop6, logical block 0, async page read [ 527.338265][T10467] Buffer I/O error on dev loop6, logical block 0, async page read [ 527.361595][T10471] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 527.371117][T10471] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 527.380289][T10471] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 527.394478][T10471] Buffer I/O error on dev loop6, logical block 3, lost async page write [ 527.404855][T10471] Buffer I/O error on dev loop6, logical block 4, lost async page write [ 527.497605][T10442] chnl_net:caif_netlink_parms(): no params data found [ 527.526771][T10467] loop6: unable to read partition table [ 527.532982][T10467] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 527.759073][T10464] netlink: 'syz.3.1077': attribute type 30 has an invalid length. [ 528.007003][ T5823] Bluetooth: hci5: command tx timeout [ 528.313614][T10442] bridge0: port 1(bridge_slave_0) entered blocking state [ 528.349224][T10442] bridge0: port 1(bridge_slave_0) entered disabled state [ 528.357295][T10442] bridge_slave_0: entered allmulticast mode [ 528.377021][T10442] bridge_slave_0: entered promiscuous mode [ 528.497457][T10442] bridge0: port 2(bridge_slave_1) entered blocking state [ 528.504898][T10442] bridge0: port 2(bridge_slave_1) entered disabled state [ 528.527303][T10480] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 528.582669][T10442] bridge_slave_1: entered allmulticast mode [ 528.730423][T10442] bridge_slave_1: entered promiscuous mode [ 528.784049][T10480] CIFS mount error: No usable UNC path provided in device string! [ 528.784049][T10480] [ 528.823093][ T6860] usb 1-1: 0:2 : does not exist [ 528.838298][T10480] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 528.865299][T10483] veth1_to_bond: entered allmulticast mode [ 528.874946][ T6860] usb 1-1: unit 5: unexpected type 0x0a [ 528.880905][T10486] veth1_to_bond: entered promiscuous mode [ 528.935448][ T6860] usb 1-1: USB disconnect, device number 21 [ 528.943467][T10483] netlink: 'syz.5.1080': attribute type 4 has an invalid length. [ 529.034797][T10479] veth1_to_bond: left promiscuous mode [ 529.046087][T10314] udevd[10314]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 529.065229][T10479] veth1_to_bond: left allmulticast mode [ 529.077443][T10442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 529.120880][T10442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 529.356962][ T6860] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 530.351389][ T5823] Bluetooth: hci5: command tx timeout [ 530.629468][ T6860] usb 1-1: Using ep0 maxpacket: 32 [ 530.636666][ T6860] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.671828][ T6860] usb 1-1: config 0 interface 0 has no altsetting 1 [ 530.780098][ T6860] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 530.821610][ T6860] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.065823][ T6860] usb 1-1: Product: syz [ 531.272687][ T6860] usb 1-1: Manufacturer: syz [ 531.790858][ T6860] usb 1-1: SerialNumber: syz [ 531.808289][ T6860] usb 1-1: config 0 descriptor?? [ 531.818712][ T6860] usb 1-1: bad CDC descriptors [ 531.827494][ T6860] usb 1-1: unsupported MDLM descriptors [ 532.076983][ T6863] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 532.189435][ T6860] usb 1-1: USB disconnect, device number 22 [ 532.195880][T10442] team0: Port device team_slave_0 added [ 532.234694][T10529] netlink: 'syz.5.1091': attribute type 1 has an invalid length. [ 532.254878][T10510] netlink: 'syz.3.1086': attribute type 4 has an invalid length. [ 532.315050][T10527] veth3: entered promiscuous mode [ 532.328953][ T6863] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 532.330807][T10442] team0: Port device team_slave_1 added [ 532.363550][T10527] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1091'. [ 532.384316][ T6863] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 532.423891][ T5823] Bluetooth: hci5: command tx timeout [ 532.432662][ T6863] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 532.565930][ T6863] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 532.643775][T10535] netlink: 'syz.0.1090': attribute type 30 has an invalid length. [ 532.669628][ T6863] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 532.701102][T10442] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 532.746958][T10442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.773723][ T6850] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 532.899462][T10544] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1092'. [ 532.906195][ T6863] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 532.918048][ T6863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.930471][T10520] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 532.939001][T10442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 532.955183][ T6863] hub 3-1:1.0: bad descriptor, ignoring hub [ 532.974409][ T6863] hub 3-1:1.0: probe with driver hub failed with error -5 [ 533.007117][T10442] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 533.017096][ T6850] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 533.032800][ T6850] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 533.046241][ T6850] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 533.046712][ T6863] cdc_wdm 3-1:1.0: skipping garbage [ 533.055676][ T6850] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 533.069417][ T6850] usb 6-1: SerialNumber: syz [ 533.166938][T10442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 533.193447][ T6863] cdc_wdm 3-1:1.0: skipping garbage [ 533.237409][T10442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 533.246306][ T6863] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 533.262852][ T6863] cdc_wdm 3-1:1.0: Unknown control protocol [ 533.354082][ T6863] usb 3-1: USB disconnect, device number 18 [ 533.908852][ T6863] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 533.966479][T10442] hsr_slave_0: entered promiscuous mode [ 533.977761][T10442] hsr_slave_1: entered promiscuous mode [ 533.998768][T10442] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 534.016793][T10442] Cannot create hsr debugfs directory [ 534.100566][ T6863] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 534.116209][ T6863] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 534.159317][ T6863] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 534.183309][ T6863] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 534.374214][ T6863] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 534.386228][ T6863] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 534.395670][ T6863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 534.426231][T10520] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 534.446606][ T6863] hub 3-1:1.0: bad descriptor, ignoring hub [ 534.723940][ T6863] hub 3-1:1.0: probe with driver hub failed with error -5 [ 534.724236][ T5823] Bluetooth: hci5: command tx timeout [ 534.737533][ T6863] cdc_wdm 3-1:1.0: skipping garbage [ 534.745836][ T6863] cdc_wdm 3-1:1.0: skipping garbage [ 534.912680][ T6863] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 534.942256][ T6863] cdc_wdm 3-1:1.0: Unknown control protocol [ 535.020805][ T6863] usb 3-1: USB disconnect, device number 19 [ 535.374420][ T6850] usb 6-1: 0:2 : does not exist [ 535.427179][ T6850] usb 6-1: unit 5: unexpected type 0x0a [ 535.487468][ T6850] usb 6-1: USB disconnect, device number 10 [ 535.513493][T10570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 535.897177][ T5903] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 536.321880][T10314] udevd[10314]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 536.427356][ T5903] usb 3-1: Using ep0 maxpacket: 8 [ 536.885651][ T5903] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 536.903396][ T5903] usb 3-1: config 0 has no interface number 0 [ 536.914851][ T5903] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 536.924876][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.946006][ T5903] usb 3-1: Product: syz [ 536.950395][ T5903] usb 3-1: Manufacturer: syz [ 536.955103][ T5903] usb 3-1: SerialNumber: syz [ 536.962843][ T5903] usb 3-1: config 0 descriptor?? [ 537.194804][T10442] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 537.554251][ T5823] Bluetooth: hci0: unexpected event for opcode 0x1004 [ 537.569907][T10442] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 537.710068][ T5903] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 537.716565][ T5903] usb 3-1: No streaming interface found for terminal 6. [ 537.753218][T10442] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 537.755560][ T5903] usb 3-1: USB disconnect, device number 20 [ 537.964702][T10442] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 538.187346][ T5903] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 538.346987][T10620] netlink: 'syz.5.1105': attribute type 10 has an invalid length. [ 538.503213][T10620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 538.530210][ T5903] usb 4-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 538.580291][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.599186][ T5903] usb 4-1: Product: syz [ 538.603453][ T5903] usb 4-1: Manufacturer: syz [ 538.609186][ T5903] usb 4-1: SerialNumber: syz [ 538.660777][ T5903] usb 4-1: config 0 descriptor?? [ 538.673059][ T5903] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 538.777595][T10628] netlink: 'syz.0.1106': attribute type 30 has an invalid length. [ 539.029807][T10633] xt_hashlimit: size too large, truncated to 1048576 [ 539.120479][T10634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1104'. [ 539.188616][ T5903] gspca_sq905c: sq905c_command: usb_control_msg failed (-110) [ 539.216726][ T5903] sq905c 4-1:0.0: Get version command failed [ 539.248384][ T5903] sq905c 4-1:0.0: probe with driver sq905c failed with error -110 [ 539.267077][T10620] team0: Port device bond0 added [ 541.628354][ T5823] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 541.646147][ T5823] Bluetooth: hci0: Injecting HCI hardware error event [ 541.665012][ T5836] Bluetooth: hci0: hardware error 0x00 [ 542.630775][T10442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.662197][T10442] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.677985][ T3461] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.685181][ T3461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.728896][ T3461] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.736109][ T3461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.933489][ T6863] usb 4-1: USB disconnect, device number 19 [ 543.152238][T10442] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 543.337133][ T6863] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 543.465706][T10442] veth0_vlan: entered promiscuous mode [ 543.482803][T10442] veth1_vlan: entered promiscuous mode [ 543.508884][ T6863] usb 4-1: unable to get BOS descriptor or descriptor too short [ 543.529619][ T6863] usb 4-1: not running at top speed; connect to a high speed hub [ 543.546447][T10442] veth0_macvtap: entered promiscuous mode [ 543.554078][ T6863] usb 4-1: too many endpoints for config 1 interface 0 altsetting 3: 65, using maximum allowed: 30 [ 543.576129][T10442] veth1_macvtap: entered promiscuous mode [ 543.583596][ T6863] usb 4-1: config 1 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 65 [ 543.616020][ T6863] usb 4-1: config 1 interface 0 has no altsetting 0 [ 543.630358][T10442] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 543.644279][ T6863] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 543.656518][ T6863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 543.671103][T10442] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 543.680854][ T6863] usb 4-1: Product: syz [ 543.685151][ T6863] usb 4-1: Manufacturer: à  [ 543.699855][T10442] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.710793][ T6863] usb 4-1: SerialNumber: syz [ 543.716610][T10442] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.735421][T10442] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.760518][T10442] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.874108][ T3563] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.902385][ T3563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 544.250283][ T5836] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 545.987062][ T6084] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 545.995038][ T6084] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.684115][T10695] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1072'. [ 546.708795][T10695] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 546.783839][T10695] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 548.504693][ T6863] usb 4-1: USB disconnect, device number 20 [ 549.564282][T10717] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 552.445412][T10742] netlink: 'syz.0.1129': attribute type 1 has an invalid length. [ 552.454719][T10742] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1129'. [ 553.746479][T10720] batadv0: entered promiscuous mode [ 553.752750][T10720] vlan2: entered promiscuous mode [ 554.366932][ T24] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 554.594345][ T24] usb 4-1: config 54 has an invalid interface number: 154 but max is 0 [ 554.612998][ T24] usb 4-1: config 54 has no interface number 0 [ 554.633943][ T24] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 0.ec [ 554.656999][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.686778][ T24] usb 4-1: Product: syz [ 554.716870][ T24] usb 4-1: Manufacturer: syz [ 554.736756][ T24] usb 4-1: SerialNumber: syz [ 556.080090][ T3461] usb 4-1: Failed to submit usb control message: -71 [ 556.096754][ T24] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 556.151905][ T3461] usb 4-1: unable to send the bmi data to the device: -71 [ 556.172846][ T24] usb 4-1: USB disconnect, device number 21 [ 556.230847][ T3461] usb 4-1: unable to get target info from device [ 556.749878][ T3461] usb 4-1: could not get target info (-71) [ 556.778375][ T6084] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.789711][ T3461] usb 4-1: could not probe fw (-71) [ 557.031505][T10782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1137'. [ 557.139370][T10792] netlink: 'syz.5.1139': attribute type 30 has an invalid length. [ 557.157939][ T6084] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.690304][ T6084] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.118351][ T6084] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.649925][ T5836] Bluetooth: hci4: unexpected event 0x03 length: 31 > 11 [ 559.172266][T10817] hsr0: entered promiscuous mode [ 559.264021][T10820] netlink: 212400 bytes leftover after parsing attributes in process `syz.2.1147'. [ 559.742348][ T6084] bridge_slave_1: left allmulticast mode [ 559.777770][ T6084] bridge_slave_1: left promiscuous mode [ 559.823154][ T6084] bridge0: port 2(bridge_slave_1) entered disabled state [ 559.897363][ T6084] bridge_slave_0: left allmulticast mode [ 559.960793][ T6084] bridge_slave_0: left promiscuous mode [ 559.967277][ T6860] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 559.992583][ T6084] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.146973][ T6860] usb 4-1: Using ep0 maxpacket: 8 [ 560.171688][ T6860] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89 [ 560.223772][ T6860] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 560.257233][ T6860] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 560.281635][ T6860] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.293995][ T6860] usb 4-1: Product: syz [ 560.299434][ T6860] usb 4-1: Manufacturer: syz [ 560.305103][ T6860] usb 4-1: SerialNumber: syz [ 560.356036][ T6860] usb 4-1: config 0 descriptor?? [ 560.415163][ T6860] streamzap 4-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200 [ 560.628253][T10849] netlink: 'syz.5.1154': attribute type 5 has an invalid length. [ 560.831429][T10854] 9pnet_fd: Insufficient options for proto=fd [ 561.904582][ T6084] dvmrp5 (unregistering): left allmulticast mode [ 562.313757][ T6084] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 562.339548][ T6084] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 562.354435][ T6084] bond0 (unregistering): Released all slaves [ 562.494966][ T6084] bond1 (unregistering): Released all slaves [ 562.495994][T10891] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 562.510188][T10891] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 562.519209][T10891] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 562.528910][T10891] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 562.695556][T10842] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 562.723342][ T6084] : left promiscuous mode [ 562.750275][ T24] usb 4-1: USB disconnect, device number 22 [ 562.846729][T10895] binder: 10893:10895 ioctl 40046205 0 returned -22 [ 562.892777][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.899558][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.075351][T10842] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.390966][T10842] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.736068][T10842] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.881030][ T24] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 564.057614][ T6847] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 564.068133][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 564.091084][ T24] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 564.112341][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.130251][ T24] usb 3-1: Product: syz [ 564.140672][ T24] usb 3-1: Manufacturer: syz [ 564.145337][ T24] usb 3-1: SerialNumber: syz [ 564.159808][ T24] usb 3-1: config 0 descriptor?? [ 564.170584][ T6084] hsr_slave_0: left promiscuous mode [ 564.178055][ T24] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 564.199156][ T24] usb 3-1: Detected FT232H [ 564.206460][ T6084] hsr_slave_1: left promiscuous mode [ 564.221160][ T6084] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 564.230281][ T6084] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 564.240161][ T6847] usb 1-1: config 1 interface 0 has no altsetting 0 [ 564.261257][ T6847] usb 1-1: New USB device found, idVendor=056a, idProduct=0302, bcdDevice= 0.40 [ 564.272440][ T6847] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.292217][ T6847] usb 1-1: Product: syz [ 564.297890][ T6847] usb 1-1: Manufacturer: syz [ 564.305010][ T6084] veth1_macvtap: left promiscuous mode [ 564.310941][ T6847] usb 1-1: SerialNumber: syz [ 564.316229][ T6084] veth0_macvtap: left promiscuous mode [ 564.328320][ T6084] veth1_vlan: left promiscuous mode [ 564.333834][ T6084] veth0_vlan: left promiscuous mode [ 564.376697][ T24] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 564.572198][ T6847] usbhid 1-1:1.0: can't add hid device: -71 [ 564.580542][ T6847] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 564.595985][ T6847] usb 1-1: USB disconnect, device number 23 [ 564.824814][ T24] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 564.972049][ T6084] team0 (unregistering): Port device team_slave_1 removed [ 565.011772][ T24] usb 3-1: USB disconnect, device number 21 [ 565.023989][ T6084] team0 (unregistering): Port device team_slave_0 removed [ 565.074546][ T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 565.096137][ T24] ftdi_sio 3-1:0.0: device disconnected [ 565.643510][T10842] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.715037][T10842] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.825777][T10842] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.926709][T10842] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 566.276906][ T6860] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 566.386515][ T6084] IPVS: stop unused estimator thread 0... [ 566.436880][ T6860] usb 1-1: Using ep0 maxpacket: 16 [ 566.454322][ T6860] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 566.496612][ T6860] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 566.532820][ T6860] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 566.567103][ T6860] usb 1-1: config 0 interface 0 has no altsetting 0 [ 566.573811][ T6860] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 566.614877][ T6860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.662145][ T6860] usb 1-1: config 0 descriptor?? [ 566.956942][ T24] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 567.121028][ T6860] hid (null): unknown global tag 0xd [ 567.122724][ T24] usb 7-1: Using ep0 maxpacket: 32 [ 567.137178][ T6860] hid (null): unknown global tag 0xe [ 567.164649][ T6860] hid (null): unknown global tag 0xd [ 567.168935][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.180367][ T6860] hid (null): unknown global tag 0xe [ 567.186494][ T6860] hid (null): unknown global tag 0xe [ 567.197184][ T6860] hid (null): report_id 0 is invalid [ 567.213300][ T6860] hid (null): global environment stack underflow [ 567.218650][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.225835][ T6860] hid (null): invalid report_size 4566 [ 567.269142][ T24] usb 7-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 567.307243][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.341623][ T6860] usb 1-1: USB disconnect, device number 24 [ 567.341796][ T24] usb 7-1: config 0 descriptor?? [ 567.821034][ T24] itetech 0003:258A:6A88.0008: unknown main item tag 0x3 [ 567.837212][ T5903] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 567.867199][ T24] itetech 0003:258A:6A88.0008: hidraw0: USB HID v0.00 Device [HID 258a:6a88] on usb-dummy_hcd.6-1/input0 [ 567.999643][ T5903] usb 4-1: Using ep0 maxpacket: 32 [ 568.035568][ T5903] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 568.058429][ T5903] usb 4-1: config 0 has no interface number 0 [ 568.075280][ T6850] usb 7-1: USB disconnect, device number 2 [ 568.088802][ T5903] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 568.131392][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.186975][ T5903] usb 4-1: Product: syz [ 568.198054][ T5903] usb 4-1: Manufacturer: syz [ 568.213091][ T5903] usb 4-1: SerialNumber: syz [ 568.242240][ T5903] usb 4-1: config 0 descriptor?? [ 568.251765][ T5903] smsc95xx v2.0.0 [ 568.630753][ T6850] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 568.817019][ T6850] usb 3-1: Using ep0 maxpacket: 16 [ 568.823505][T11067] ./file0: Can't lookup blockdev [ 568.839159][ T6850] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 568.860845][ T6850] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 568.898422][ T6850] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 568.944249][ T6850] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.962831][ T6850] usb 3-1: Product: syz [ 568.977503][ T6850] usb 3-1: Manufacturer: syz [ 568.989533][ T6850] usb 3-1: SerialNumber: syz [ 569.073764][ T5903] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 569.116900][ T5903] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 569.127561][ T5903] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 569.157598][ T5903] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 569.198484][ T5903] usb 4-1: USB disconnect, device number 23 [ 569.231681][T11082] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1232'. [ 569.253108][T11082] netlink: 43 bytes leftover after parsing attributes in process `syz.6.1232'. [ 569.272782][T11082] netlink: 'syz.6.1232': attribute type 6 has an invalid length. [ 569.301279][T11082] netlink: 'syz.6.1232': attribute type 5 has an invalid length. [ 569.317224][T11082] netlink: 43 bytes leftover after parsing attributes in process `syz.6.1232'. [ 569.402578][T11085] usb usb8: usbfs: process 11085 (syz.0.1234) did not claim interface 0 before use [ 569.459411][ T6850] usb 3-1: cannot find UAC_HEADER [ 569.570385][ T6850] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 569.606751][ T6850] usb 3-1: USB disconnect, device number 22 [ 569.707330][T11097] 9pnet_fd: Insufficient options for proto=fd [ 569.710836][T10314] udevd[10314]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 570.825030][T11144] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1256'. [ 572.013758][T11185] netlink: 120 bytes leftover after parsing attributes in process `syz.0.1269'. [ 572.055740][T11186] 9pnet: p9_errstr2errno: server reported unknown error 184467440737 [ 573.288227][T11224] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1282'. [ 573.666267][T11237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1285'. [ 575.406441][T11245] netlink: 'syz.3.1287': attribute type 30 has an invalid length. [ 575.737669][T11263] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 577.455472][T11284] pim6reg1: entered promiscuous mode [ 577.475772][T11284] pim6reg1: entered allmulticast mode [ 578.029100][T11303] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1296'. [ 578.386924][ T6847] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 579.227367][ T6847] usb 3-1: Using ep0 maxpacket: 32 [ 579.291411][ T6847] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 579.380128][ T6847] usb 3-1: config 0 has no interface number 0 [ 579.441235][ T6847] usb 3-1: config 0 interface 184 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 579.593711][T11314] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 579.696407][ T6847] usb 3-1: config 0 interface 184 has no altsetting 0 [ 579.765159][ T6847] usb 3-1: New USB device found, idVendor=0425, idProduct=7500, bcdDevice=69.ee [ 579.830199][ T6847] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.886888][ T6847] usb 3-1: Product: syz [ 579.927895][T11327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1299'. [ 579.956573][ T6847] usb 3-1: Manufacturer: syz [ 579.982125][ T6847] usb 3-1: SerialNumber: syz [ 579.991557][ T6847] usb 3-1: config 0 descriptor?? [ 580.193471][T11333] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1301'. [ 580.265372][T11336] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1301'. [ 580.350483][T11337] netlink: 'syz.3.1302': attribute type 30 has an invalid length. [ 580.420991][ T6850] usb 3-1: USB disconnect, device number 23 [ 584.061016][T11369] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 585.227500][T11350] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 585.559864][T11384] netlink: 'syz.3.1313': attribute type 30 has an invalid length. [ 585.597116][T11350] usb 3-1: Using ep0 maxpacket: 16 [ 585.624407][T11350] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 585.643812][T11350] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.667057][T11350] usb 3-1: Product: syz [ 585.671289][T11350] usb 3-1: Manufacturer: syz [ 585.707102][T11350] usb 3-1: SerialNumber: syz [ 585.727998][T11350] usb 3-1: config 0 descriptor?? [ 585.877636][T11350] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 587.321509][T11350] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 587.386128][T11350] usb 3-1: USB disconnect, device number 24 [ 587.412485][T11395] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1315'. [ 587.504936][ T5823] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 587.514888][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 587.531551][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 587.541529][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 587.549986][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 588.012010][T11406] chnl_net:caif_netlink_parms(): no params data found [ 588.501798][T11432] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 588.509125][T11432] IPv6: NLM_F_CREATE should be set when creating new route [ 588.516523][T11432] IPv6: NLM_F_CREATE should be set when creating new route [ 589.780279][ T5823] Bluetooth: hci1: command tx timeout [ 590.565401][T11459] netlink: 'syz.3.1324': attribute type 30 has an invalid length. [ 590.901784][T11406] bridge0: port 1(bridge_slave_0) entered blocking state [ 590.941396][T11406] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.987197][T11406] bridge_slave_0: entered allmulticast mode [ 591.015524][T11406] bridge_slave_0: entered promiscuous mode [ 591.081355][T11406] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.129556][T11406] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.150643][T11406] bridge_slave_1: entered allmulticast mode [ 591.178745][T11406] bridge_slave_1: entered promiscuous mode [ 591.340561][T11406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 591.353634][T11406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 591.428591][ T5903] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 591.441009][T11406] team0: Port device team_slave_0 added [ 591.477302][T11406] team0: Port device team_slave_1 added [ 591.737243][T11406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 591.739690][ T5903] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 591.745797][T11406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.766879][ T5903] usb 4-1: can't read configurations, error -22 [ 591.815722][T11406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 592.010705][ T5823] Bluetooth: hci1: command tx timeout [ 592.451240][T11489] netlink: 'syz.2.1334': attribute type 2 has an invalid length. [ 592.478128][T11489] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1334'. [ 592.548978][T11406] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 592.558275][ T5903] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 592.576510][T11406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.612639][T11406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 592.676286][T11492] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 592.729272][ T5903] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 592.774028][ T5903] usb 4-1: can't read configurations, error -22 [ 592.784147][ T5903] usb usb4-port1: attempt power cycle [ 593.402318][T11498] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 593.426317][T11406] hsr_slave_0: entered promiscuous mode [ 593.441142][T11406] hsr_slave_1: entered promiscuous mode [ 593.457503][ T5903] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 593.478225][T11406] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 593.485854][T11406] Cannot create hsr debugfs directory [ 593.490895][ T5903] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 593.656106][ T5903] usb 4-1: can't read configurations, error -22 [ 594.067140][ T5903] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 594.096662][ T5823] Bluetooth: hci1: command tx timeout [ 594.147688][ T5903] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 594.185353][ T5903] usb 4-1: can't read configurations, error -22 [ 594.241378][ T5903] usb usb4-port1: unable to enumerate USB device [ 594.427413][ T6850] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 595.018546][ T6850] usb 7-1: Using ep0 maxpacket: 16 [ 595.936455][ T6850] usb 7-1: unable to get BOS descriptor or descriptor too short [ 595.945809][ T6850] usb 7-1: config 218 has an invalid interface number: 135 but max is 0 [ 595.957250][ T6850] usb 7-1: config 218 has no interface number 0 [ 595.963587][ T6850] usb 7-1: config 218 interface 135 has no altsetting 0 [ 596.010619][ T6850] usb 7-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=38.d9 [ 596.073750][ T6850] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.115682][ T6850] usb 7-1: Product: syz [ 596.135428][ T6850] usb 7-1: Manufacturer: syz [ 596.137240][T11542] syzkaller1: entered promiscuous mode [ 596.156087][T11542] syzkaller1: entered allmulticast mode [ 596.162365][ T6850] usb 7-1: SerialNumber: syz [ 596.178488][ T5823] Bluetooth: hci1: command tx timeout [ 596.903966][ T6850] usb 7-1: USB disconnect, device number 3 [ 597.064204][T11406] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 597.231088][T11558] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 597.599735][T11406] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 597.907170][T11406] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 597.945111][T11406] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 598.581621][T11406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 598.690357][T11406] 8021q: adding VLAN 0 to HW filter on device team0 [ 598.724897][T11597] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1356'. [ 598.766592][ T6084] bridge0: port 1(bridge_slave_0) entered blocking state [ 598.773866][ T6084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 598.827406][ T6084] bridge0: port 2(bridge_slave_1) entered blocking state [ 598.834660][ T6084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 599.902519][T11617] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 600.802405][T11628] binder: 11622:11628 ioctl c0306201 2000000003c0 returned -14 [ 601.532728][T11406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 602.667143][ T6850] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 602.857016][ T6850] usb 3-1: Using ep0 maxpacket: 8 [ 602.892753][ T6850] usb 3-1: unable to get BOS descriptor or descriptor too short [ 602.939091][ T6850] usb 3-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config [ 603.031467][T11661] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5) [ 603.034307][ T6850] usb 3-1: New USB device found, idVendor=5fc9, idProduct=0061, bcdDevice=69.15 [ 603.038758][T11661] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 603.047346][T11661] vhci_hcd vhci_hcd.0: Device attached [ 603.102996][ T6850] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.133707][ T6850] usb 3-1: Product: syz [ 603.161116][ T6850] usb 3-1: Manufacturer: syz [ 603.186319][ T6850] usb 3-1: SerialNumber: syz [ 603.338274][T11665] vhci_hcd: connection closed [ 603.347277][ T3461] vhci_hcd: stop threads [ 603.367041][ T5890] vhci_hcd: vhci_device speed not set [ 603.372802][ T3461] vhci_hcd: release socket [ 603.394621][ T3461] vhci_hcd: disconnect device [ 603.480335][ T5890] usb 45-1: new full-speed USB device number 2 using vhci_hcd [ 603.527168][ T5890] usb 45-1: enqueue for inactive port 0 [ 603.749127][ T5890] vhci_hcd: vhci_device speed not set [ 604.140464][T11689] netlink: 'syz.6.1371': attribute type 2 has an invalid length. [ 604.201054][T11689] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.1371'. [ 605.060980][T11406] veth0_vlan: entered promiscuous mode [ 605.179677][T11406] veth1_vlan: entered promiscuous mode [ 605.450734][T11707] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 605.489093][T11406] veth0_macvtap: entered promiscuous mode [ 605.522538][ T6850] usb 3-1: USB disconnect, device number 25 [ 605.532704][T11707] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 605.555700][T11406] veth1_macvtap: entered promiscuous mode [ 605.695619][T11713] netlink: 'syz.2.1375': attribute type 1 has an invalid length. [ 605.744153][T11707] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 606.056124][T11406] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 606.246137][T11406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 606.269749][T11406] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.278707][T11406] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.304607][T11406] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.339584][T11406] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 606.493818][T11731] netlink: 'syz.3.1378': attribute type 1 has an invalid length. [ 606.552520][T11731] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1378'. [ 607.179509][ T3563] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 607.346387][ T3563] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.532488][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 607.585330][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.688293][T11766] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1383'. [ 609.459815][T11754] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 609.474214][T11754] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 610.004726][T11754] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 610.052222][T11754] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 610.192834][T11754] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 610.209493][T11754] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 611.347624][ T5823] Bluetooth: hci3: command 0x0406 tx timeout [ 611.777870][T11754] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 611.947516][T11754] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 611.953687][T11754] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 612.033418][T11779] binder: 11769:11779 ioctl c0306201 2000000003c0 returned -14 [ 612.098396][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 612.127987][T11754] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 612.248399][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 612.314247][T11754] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 612.346237][T11754] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 612.474132][T11754] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 612.520416][T11784] netlink: 'syz.0.1386': attribute type 30 has an invalid length. [ 613.235939][T11791] ALSA: seq fatal error: cannot create timer (-19) [ 613.398468][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 613.651378][T11806] netlink: 'syz.3.1392': attribute type 1 has an invalid length. [ 613.707362][T11806] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1392'. [ 614.007051][ T5836] Bluetooth: hci5: command 0x0c1a tx timeout [ 614.381617][ T5836] Bluetooth: hci4: command 0x0406 tx timeout [ 614.388279][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 614.394554][ T5836] Bluetooth: hci2: command 0x0c1a tx timeout [ 614.439571][ C1] hrtimer: interrupt took 53227 ns [ 615.825726][T11822] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 615.938833][T11822] kAFS: No cell specified [ 616.087459][ T5823] Bluetooth: hci5: command 0x0c1a tx timeout [ 616.223282][T11831] binder: 11828:11831 ioctl c0306201 2000000003c0 returned -14 [ 616.407349][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 616.414815][ T5823] Bluetooth: hci2: command 0x0c1a tx timeout [ 617.752490][T11350] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 618.274199][ T5823] Bluetooth: hci5: command 0x0c1a tx timeout [ 618.276874][T11350] usb 7-1: Using ep0 maxpacket: 16 [ 618.307311][T11860] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1403'. [ 618.341182][T11350] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 618.422380][T11350] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 618.436433][T11862] netlink: zone id is out of range [ 618.492897][ T5823] Bluetooth: hci1: command 0x0c1a tx timeout [ 618.580651][T11350] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 618.638447][T11350] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 618.693083][T11350] usb 7-1: SerialNumber: syz [ 618.727597][T11350] cdc_acm 7-1:1.0: skipping garbage [ 618.768903][T11350] cdc_acm 7-1:1.0: invalid descriptor buffer length [ 618.790036][T11350] cdc_acm 7-1:1.0: Control and data interfaces are not separated! [ 618.819191][T11350] cdc_acm 7-1:1.0: This needs exactly 3 endpoints [ 618.850869][T11350] cdc_acm 7-1:1.0: probe with driver cdc_acm failed with error -22 [ 618.962760][ T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 619.147160][ T24] usb 8-1: Using ep0 maxpacket: 32 [ 619.176714][ T24] usb 8-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 619.201244][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 619.255594][ T24] usb 8-1: Product: syz [ 619.288783][ T24] usb 8-1: Manufacturer: syz [ 619.309884][ T24] usb 8-1: SerialNumber: syz [ 619.343314][ T24] usb 8-1: config 0 descriptor?? [ 620.043358][ T24] airspy 8-1:0.0: Board ID: 00 [ 620.066412][ T24] airspy 8-1:0.0: Firmware version: [ 620.096416][T11350] usb 7-1: USB disconnect, device number 4 [ 620.681776][ T24] airspy 8-1:0.0: usb_control_msg() failed -71 request 12 [ 620.722849][ T24] airspy 8-1:0.0: Registered as swradio24 [ 620.735935][ T24] airspy 8-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 620.782277][ T24] usb 8-1: USB disconnect, device number 2 [ 621.808152][T11921] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1418'. [ 622.545385][T11929] netlink: 'syz.3.1420': attribute type 1 has an invalid length. [ 622.553379][T11929] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1420'. [ 623.469398][ T6863] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 624.046339][T11952] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 624.068616][T11952] kAFS: No cell specified [ 624.096206][ T6863] usb 3-1: Using ep0 maxpacket: 16 [ 624.127687][ T6863] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 624.337674][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.353164][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.367709][ T6863] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 624.383144][ T6863] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 624.398408][ T6863] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.406496][ T6863] usb 3-1: Product: syz [ 624.413111][ T6863] usb 3-1: Manufacturer: syz [ 624.420127][ T6863] usb 3-1: SerialNumber: syz [ 626.034672][ T6863] usb 3-1: 0:2 : does not exist [ 626.064323][ T6863] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 626.216329][ T6863] usb 3-1: USB disconnect, device number 26 [ 626.327467][T11988] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1434'. [ 626.421145][T11710] udevd[11710]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 626.713013][T11997] netlink: 'syz.3.1436': attribute type 1 has an invalid length. [ 626.752010][T11997] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1436'. [ 627.100040][T12008] NILFS (nullb0): couldn't find nilfs on the device [ 627.936962][ T6860] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 627.962266][T12027] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 627.981540][T12027] kAFS: No cell specified [ 628.132084][ T6860] usb 7-1: config 160 has an invalid interface number: 200 but max is 0 [ 628.252835][ T6860] usb 7-1: config 160 has no interface number 0 [ 628.335209][ T6860] usb 7-1: config 160 interface 200 has no altsetting 0 [ 628.358895][ T6860] usb 7-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 628.382138][ T6860] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 628.415953][ T6860] usb 7-1: Product: syz [ 628.420718][ T6860] usb 7-1: Manufacturer: syz [ 628.430579][ T6860] usb 7-1: SerialNumber: syz [ 628.838465][ T6860] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 628.851959][ T6860] usb 7-1: MIDIStreaming interface descriptor not found [ 628.966975][ T6850] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 629.375469][ T6860] usb 7-1: USB disconnect, device number 5 [ 629.444626][ T6850] usb 3-1: config 0 has no interfaces? [ 629.893337][T11471] udevd[11471]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 630.173354][ T6850] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 630.353458][ T6850] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 630.757148][ T6850] usb 3-1: Manufacturer: syz [ 631.617668][T12065] openvswitch: netlink: VXLAN extension message has 2 unknown bytes. [ 631.803672][ T6850] usb 3-1: config 0 descriptor?? [ 631.857516][T12073] netlink: 'syz.6.1454': attribute type 1 has an invalid length. [ 631.870822][ T6850] usb 3-1: can't set config #0, error -71 [ 631.880879][T12073] netlink: 228 bytes leftover after parsing attributes in process `syz.6.1454'. [ 631.931988][ T6850] usb 3-1: USB disconnect, device number 27 [ 634.296860][T12101] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1460'. [ 634.904701][T12110] netlink: 'syz.7.1463': attribute type 1 has an invalid length. [ 635.394005][T12114] bridge0: port 3(syz_tun) entered blocking state [ 635.417175][T12114] bridge0: port 3(syz_tun) entered disabled state [ 635.423923][T12114] syz_tun: entered allmulticast mode [ 635.461264][T12118] netlink: 'syz.7.1466': attribute type 1 has an invalid length. [ 635.477423][T12114] syz_tun: entered promiscuous mode [ 635.479307][T12118] netlink: 228 bytes leftover after parsing attributes in process `syz.7.1466'. [ 635.483555][T12114] bridge0: port 3(syz_tun) entered blocking state [ 635.499435][T12114] bridge0: port 3(syz_tun) entered forwarding state [ 636.245364][T12124] binder: 12123:12124 ioctl c0306201 2000000003c0 returned -14 [ 636.476912][ T6849] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 636.657326][ T6849] usb 7-1: device descriptor read/64, error -71 [ 636.907166][ T6849] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 637.107053][ T6849] usb 7-1: device descriptor read/64, error -71 [ 637.260798][ T6849] usb usb7-port1: attempt power cycle [ 637.697385][ T6849] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 637.750350][ T6849] usb 7-1: device descriptor read/8, error -71 [ 638.048175][ T6849] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 638.141367][ T6849] usb 7-1: device descriptor read/8, error -71 [ 638.298799][ T6849] usb usb7-port1: unable to enumerate USB device [ 639.795703][T12141] FAULT_INJECTION: forcing a failure. [ 639.795703][T12141] name failslab, interval 1, probability 0, space 0, times 0 [ 639.814022][T12141] CPU: 0 UID: 0 PID: 12141 Comm: syz.2.1474 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 639.814056][T12141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 639.814070][T12141] Call Trace: [ 639.814078][T12141] [ 639.814088][T12141] dump_stack_lvl+0x189/0x250 [ 639.814126][T12141] ? __pfx____ratelimit+0x10/0x10 [ 639.814156][T12141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 639.814186][T12141] ? __pfx__printk+0x10/0x10 [ 639.814213][T12141] ? __pfx___might_resched+0x10/0x10 [ 639.814248][T12141] should_fail_ex+0x414/0x560 [ 639.814278][T12141] should_failslab+0xa8/0x100 [ 639.814307][T12141] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 639.814333][T12141] ? __alloc_skb+0x112/0x2d0 [ 639.814359][T12141] __alloc_skb+0x112/0x2d0 [ 639.814384][T12141] netlink_sendmsg+0x5c6/0xb30 [ 639.814417][T12141] ? __pfx_netlink_sendmsg+0x10/0x10 [ 639.814448][T12141] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 639.814473][T12141] ? __pfx_netlink_sendmsg+0x10/0x10 [ 639.814496][T12141] __sock_sendmsg+0x219/0x270 [ 639.814530][T12141] ____sys_sendmsg+0x505/0x830 [ 639.814559][T12141] ? __pfx_____sys_sendmsg+0x10/0x10 [ 639.814594][T12141] ? import_iovec+0x74/0xa0 [ 639.814629][T12141] ___sys_sendmsg+0x21f/0x2a0 [ 639.814656][T12141] ? __pfx____sys_sendmsg+0x10/0x10 [ 639.814720][T12141] ? __fget_files+0x2a/0x420 [ 639.814746][T12141] ? __fget_files+0x3a0/0x420 [ 639.814784][T12141] __x64_sys_sendmsg+0x19b/0x260 [ 639.814811][T12141] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 639.814852][T12141] ? __pfx_ksys_write+0x10/0x10 [ 639.814873][T12141] ? rcu_is_watching+0x15/0xb0 [ 639.814908][T12141] ? do_syscall_64+0xbe/0x3b0 [ 639.814942][T12141] do_syscall_64+0xfa/0x3b0 [ 639.814970][T12141] ? lockdep_hardirqs_on+0x9c/0x150 [ 639.814998][T12141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.815019][T12141] ? clear_bhb_loop+0x60/0xb0 [ 639.815045][T12141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.815066][T12141] RIP: 0033:0x7fea63b8e929 [ 639.815084][T12141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 639.815102][T12141] RSP: 002b:00007fea64acb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 639.815123][T12141] RAX: ffffffffffffffda RBX: 00007fea63db5fa0 RCX: 00007fea63b8e929 [ 639.815137][T12141] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 639.815149][T12141] RBP: 00007fea64acb090 R08: 0000000000000000 R09: 0000000000000000 [ 639.815161][T12141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 639.815172][T12141] R13: 0000000000000000 R14: 00007fea63db5fa0 R15: 00007fff38879838 [ 639.815202][T12141] [ 640.263563][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 640.263583][ T30] audit: type=1326 audit(1751427718.132:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 640.355015][T12145] Bluetooth: MGMT ver 1.23 [ 640.557071][ T30] audit: type=1326 audit(1751427718.132:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 640.631264][T12151] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1476'. [ 640.644962][ T30] audit: type=1326 audit(1751427718.182:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 640.668543][T12155] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1477'. [ 640.680205][T12151] openvswitch: netlink: Flow key attr not present in new flow. [ 641.141723][ T30] audit: type=1326 audit(1751427718.182:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 641.281933][ T30] audit: type=1326 audit(1751427718.182:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 641.385861][ T30] audit: type=1326 audit(1751427718.192:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 641.467041][ T30] audit: type=1326 audit(1751427718.192:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 641.746915][ T30] audit: type=1326 audit(1751427718.192:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 641.746973][ T30] audit: type=1326 audit(1751427718.202:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 641.747020][ T30] audit: type=1326 audit(1751427718.202:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12143 comm="syz.6.1475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e098e929 code=0x7ffc0000 [ 642.315642][T12167] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1479'. [ 643.087852][T12182] netlink: 'syz.6.1482': attribute type 1 has an invalid length. [ 643.123480][T12182] netlink: 228 bytes leftover after parsing attributes in process `syz.6.1482'. [ 645.030387][T12198] binder: 12195:12198 ioctl c0306201 2000000003c0 returned -14 [ 645.955814][T12205] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1486'. [ 645.964970][T12205] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 645.974746][T12205] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1486'. [ 648.818679][T12231] netlink: 'syz.6.1494': attribute type 1 has an invalid length. [ 648.826651][T12231] netlink: 228 bytes leftover after parsing attributes in process `syz.6.1494'. [ 649.106336][T12236] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1496'. [ 649.454148][ T6863] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 649.549908][T12239] netlink: 'syz.2.1497': attribute type 4 has an invalid length. [ 649.907158][ T6863] usb 8-1: device descriptor read/64, error -71 [ 651.076950][ T6863] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 651.248674][ T6863] usb 8-1: device descriptor read/64, error -71 [ 651.442393][ T6863] usb usb8-port1: attempt power cycle [ 652.389702][ T6863] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 652.843647][T12277] Cache volume key already in use (9p,(null),) [ 652.953786][ T6863] usb 8-1: device descriptor read/8, error -71 [ 652.977624][T12278] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 653.489840][ T6863] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 653.534020][ T6863] usb 8-1: device descriptor read/8, error -71 [ 653.672428][ T6863] usb usb8-port1: unable to enumerate USB device [ 653.779823][T12264] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1504'. [ 654.088292][T12284] netlink: 'syz.7.1509': attribute type 1 has an invalid length. [ 654.120558][T12284] netlink: 228 bytes leftover after parsing attributes in process `syz.7.1509'. [ 655.154071][T12299] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1512'. [ 655.224064][T12307] program syz.3.1516 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 655.263147][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 655.263167][ T30] audit: type=1326 audit(1751427733.142:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 655.403256][ T30] audit: type=1326 audit(1751427733.172:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 655.587093][ T6863] usb 8-1: new full-speed USB device number 7 using dummy_hcd [ 656.605195][ T30] audit: type=1326 audit(1751427733.182:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 656.607449][ T6863] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 656.897386][ T6863] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 656.998241][ T6863] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 657.147000][ T30] audit: type=1326 audit(1751427733.182:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 657.257436][ T6863] usb 8-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0 [ 657.293697][ T6863] usb 8-1: Manufacturer: syz [ 657.305117][ T30] audit: type=1326 audit(1751427733.182:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 657.323650][ T6863] usb 8-1: config 0 descriptor?? [ 657.345092][ T6863] hub 8-1:0.0: USB hub found [ 657.363588][ T30] audit: type=1326 audit(1751427733.182:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 657.416416][ T30] audit: type=1326 audit(1751427733.182:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 657.473835][ T30] audit: type=1326 audit(1751427733.182:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 657.567634][ T6863] hub 8-1:0.0: 1 port detected [ 657.591984][ T30] audit: type=1326 audit(1751427733.182:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 657.644874][ T30] audit: type=1326 audit(1751427733.182:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12303 comm="syz.0.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc95718e929 code=0x7ffc0000 [ 657.647504][ T6860] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 657.783400][T12304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 657.905434][T12304] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 658.769051][ T6860] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 658.784997][ T6860] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 658.819157][ T6860] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 658.842930][ T6863] usb 8-1: USB disconnect, device number 7 [ 658.867051][ T6860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 658.875108][ T6860] usb 3-1: SerialNumber: syz [ 658.885848][T12339] netlink: 'syz.6.1525': attribute type 1 has an invalid length. [ 658.932569][T12339] netlink: 228 bytes leftover after parsing attributes in process `syz.6.1525'. [ 659.317719][ T6860] usb 3-1: 0:2 : does not exist [ 659.322776][ T6860] usb 3-1: unit 255 not found! [ 659.339713][ T6860] usb 3-1: USB disconnect, device number 28 [ 659.424410][T12054] udevd[12054]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 659.883698][T12355] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1529'. [ 661.129227][ T6860] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 661.678507][ T6863] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 661.707609][ T6860] usb 8-1: Using ep0 maxpacket: 16 [ 661.719848][ T6860] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 661.740725][ T6860] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 661.767497][ T6860] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 661.796989][ T6860] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 661.816945][ T6860] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 661.842908][ T6860] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 661.863074][ T6860] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 661.936823][ T6860] usb 8-1: Manufacturer: syz [ 661.959837][ T6860] usb 8-1: config 0 descriptor?? [ 662.308330][ T6860] rc_core: IR keymap rc-hauppauge not found [ 662.314374][ T6860] Registered IR keymap rc-empty [ 662.339258][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.360221][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.407494][ T6860] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0 [ 662.476875][ T6863] usb 7-1: config 0 has no interfaces? [ 662.483938][ T6860] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input11 [ 662.555869][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.657056][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.681427][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.707207][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.739191][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.787205][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.817289][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.879444][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.919094][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 662.967363][ T6860] mceusb 8-1:0.0: Error: mce write submit urb error = -90 [ 663.053662][ T6860] mceusb 8-1:0.0: Registered  with mce emulator interface version 1 [ 663.073667][ T6860] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 663.167287][ T6860] usb 8-1: USB disconnect, device number 8 [ 663.519224][ T6863] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 663.543444][ T6863] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.552532][T12404] netlink: 'syz.7.1543': attribute type 1 has an invalid length. [ 663.572437][T12404] netlink: 228 bytes leftover after parsing attributes in process `syz.7.1543'. [ 663.583891][ T6863] usb 7-1: Product: syz [ 663.597177][ T6863] usb 7-1: Manufacturer: syz [ 663.616977][ T6863] usb 7-1: SerialNumber: syz [ 663.630770][ T6863] usb 7-1: config 0 descriptor?? [ 664.194131][ T6860] usb 7-1: USB disconnect, device number 10 [ 665.034262][T12413] ref_ctr_offset mismatch. inode: 0xac offset: 0x0 ref_ctr_offset(old): 0x3070 ref_ctr_offset(new): 0x0 [ 666.487281][T12443] binder: 12435:12443 ioctl c0306201 2000000003c0 returned -14 [ 668.867441][T12462] tipc: Started in network mode [ 668.872341][T12462] tipc: Node identity 4, cluster identity 4711 [ 668.878572][T12462] tipc: Node number set to 4 [ 669.911113][T12469] netlink: 'syz.3.1561': attribute type 7 has an invalid length. [ 671.647034][ T6863] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 671.844025][ T6863] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 671.871644][ T6863] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 671.904940][ T6863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.936168][ T6863] usb 4-1: config 0 descriptor?? [ 672.949597][ T6863] ath6kl: Failed to read usb control message: -71 [ 672.956109][ T6863] ath6kl: Unable to read the bmi data from the device: -71 [ 673.115223][ T6863] ath6kl: Unable to recv target info: -71 [ 673.238773][ T6863] ath6kl: Failed to init ath6kl core: -71 [ 673.377663][ T6863] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 673.547196][ T6863] usb 4-1: USB disconnect, device number 28 [ 674.022125][T12499] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1562'. [ 674.290031][T12508] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1568'. [ 674.777814][T12525] syz.7.1572 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 675.748527][T12529] binder: BINDER_SET_CONTEXT_MGR already set [ 675.763397][T12529] binder: 12527:12529 ioctl 4018620d 200000000040 returned -16 [ 675.847820][T12529] binder: 12527:12529 ioctl c0306201 2000000003c0 returned -14 [ 676.847849][T12537] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1575'. [ 676.857223][T12537] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 677.088533][T12537] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 677.948911][T12551] netlink: 'syz.6.1579': attribute type 30 has an invalid length. [ 685.787471][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.794647][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.823943][T12638] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1598'. [ 686.964331][T12644] No such timeout policy "syz1" [ 687.492874][T12655] binder: BINDER_SET_CONTEXT_MGR already set [ 687.499542][T12655] binder: 12650:12655 ioctl 4018620d 200000000040 returned -16 [ 687.565922][T12655] binder: 12650:12655 ioctl c0306201 2000000003c0 returned -14 [ 687.594790][T12659] netlink: 'syz.2.1605': attribute type 1 has an invalid length. [ 687.759079][T12659] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1605'. [ 687.866988][ T5836] Bluetooth: hci1: command 0x0c1a tx timeout [ 692.076595][T12692] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 692.349366][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 692.349387][ T30] audit: type=1326 audit(1751427770.202:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12700 comm="syz.7.1618" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb40e18e929 code=0x0 [ 692.454857][T12704] netlink: 'syz.3.1619': attribute type 1 has an invalid length. [ 692.504141][T12704] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1619'. [ 693.006309][T12712] binder: 12708:12712 ioctl c0306201 2000000003c0 returned -14 [ 693.920792][T12724] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1622'. [ 694.779639][ T6860] libceph: connect (1)[c::]:6789 error -101 [ 694.794448][ T6860] libceph: mon0 (1)[c::]:6789 connect error [ 695.182002][T12725] ceph: No mds server is up or the cluster is laggy [ 695.182314][T11350] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 695.221549][ T6860] libceph: connect (1)[c::]:6789 error -101 [ 695.229376][ T6860] libceph: mon0 (1)[c::]:6789 connect error [ 695.397118][T11350] usb 3-1: Using ep0 maxpacket: 32 [ 695.429510][T11350] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 695.466845][T11350] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 695.507061][T11350] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 695.526833][T11350] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 695.551941][T11350] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 695.576836][ T5903] usb 8-1: new full-speed USB device number 9 using dummy_hcd [ 695.587224][T11350] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 695.596347][T11350] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.616865][T11350] usb 3-1: Product: syz [ 695.621113][T11350] usb 3-1: Manufacturer: syz [ 695.625738][T11350] usb 3-1: SerialNumber: syz [ 695.667305][T11350] usb 3-1: config 0 descriptor?? [ 695.738533][ T5903] usb 8-1: config 150 has an invalid interface number: 204 but max is 1 [ 695.753827][ T5903] usb 8-1: config 150 has no interface number 0 [ 695.787018][ T5903] usb 8-1: config 150 interface 204 has no altsetting 0 [ 695.803856][ T5903] usb 8-1: config 150 interface 1 has no altsetting 0 [ 695.829579][ T5903] usb 8-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 695.849553][ T5903] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.878163][ T5903] usb 8-1: Product: syz [ 695.895594][ T5903] usb 8-1: Manufacturer: syz [ 695.903701][ T5903] usb 8-1: SerialNumber: syz [ 696.436187][ T5903] xr_serial 8-1:150.204: xr_serial converter detected [ 697.006431][T11350] iforce 3-1:0.0: usb_submit_urb failed: -110 [ 697.077813][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.172890][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.203302][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.237371][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.248847][ T5903] xr_serial ttyUSB0: Failed to set reg 0x0d: -71 [ 697.298650][ T5903] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 697.305231][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.325281][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.357013][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.408459][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.411024][ T5903] usb 8-1: USB disconnect, device number 9 [ 697.454779][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.462485][ T5903] xr_serial 8-1:150.204: device disconnected [ 697.477643][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.506562][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.532341][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.548969][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.571488][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.587990][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.607552][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.627927][T12757] openvswitch: netlink: Missing key (keys=40, expected=80) [ 697.636719][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.655750][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.687276][T11350] iforce 3-1:0.0: usb_submit_urb failed: -32 [ 697.693382][T11350] input input12: Timeout waiting for response from device. [ 697.913826][T11350] usb 3-1: USB disconnect, device number 29 [ 698.530398][T12764] binder: 12760:12764 ioctl c0306201 2000000003c0 returned -14 [ 700.312945][T12788] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 701.929625][ T5823] Bluetooth: hci4: unexpected event 0x03 length: 31 > 11 [ 704.276942][T11350] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 704.536185][T11350] usb 7-1: New USB device found, idVendor=041e, idProduct=4011, bcdDevice=af.98 [ 704.574526][T11350] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 704.814594][T11350] usb 7-1: config 0 descriptor?? [ 704.847124][T11350] pwc: Creative Labs Webcam Pro Ex detected. [ 705.238270][T12839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.249605][T12839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.356713][T12839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.415513][T12839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.438949][T12839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.479797][T12839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.558368][T12839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.618088][T12839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.717889][T12839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 705.757509][T12839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 705.869324][T11350] pwc: Failed to set LED on/off time (-71) [ 705.885509][T11350] pwc: send_video_command error -71 [ 705.915864][T11350] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 705.940215][T11350] Philips webcam 7-1:0.0: probe with driver Philips webcam failed with error -71 [ 705.972126][T11350] usb 7-1: USB disconnect, device number 11 [ 706.703895][T12864] binder: 12862:12864 ioctl c0306201 2000000003c0 returned -14 [ 706.715814][T12864] binder_alloc: 12862: binder_alloc_buf, no vma [ 710.537217][T12903] netlink: 'syz.0.1673': attribute type 30 has an invalid length. [ 710.710301][T12909] CIFS: Unable to determine destination address [ 710.881349][ T6850] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 711.150052][ T6850] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 711.159767][T12915] netlink: 'syz.6.1678': attribute type 4 has an invalid length. [ 711.643413][T12918] fido_id[12918]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 712.577652][T11350] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 712.736982][T11350] usb 3-1: Using ep0 maxpacket: 32 [ 713.066153][T12938] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1682'. [ 713.359486][T12944] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1684'. [ 713.373204][T11350] usb 3-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=e0.b8 [ 713.391811][T11350] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.458700][T11350] usb 3-1: Product: syz [ 713.488842][T11350] usb 3-1: Manufacturer: syz [ 713.546834][T11350] usb 3-1: SerialNumber: syz [ 713.562699][T11350] usb 3-1: config 0 descriptor?? [ 713.604602][T11350] empeg 3-1:0.0: empeg converter detected [ 713.799483][T11350] usb 3-1: active config #0 != 1 ?? [ 714.040243][T12926] vcan0: entered promiscuous mode [ 714.107064][T12926] A link change request failed with some changes committed already. Interface vcan0 may have been left with an inconsistent configuration, please check. [ 714.261020][T12947] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1680'. [ 714.301919][T11350] usb 3-1: USB disconnect, device number 30 [ 714.651983][T12957] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1688'. [ 714.713910][T12956] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 714.721263][T12956] IPv6: NLM_F_CREATE should be set when creating new route [ 714.728733][T12956] IPv6: NLM_F_CREATE should be set when creating new route [ 715.518691][T12966] FAULT_INJECTION: forcing a failure. [ 715.518691][T12966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 715.534297][T12966] CPU: 0 UID: 0 PID: 12966 Comm: syz.2.1691 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 715.534327][T12966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 715.534346][T12966] Call Trace: [ 715.534354][T12966] [ 715.534364][T12966] dump_stack_lvl+0x189/0x250 [ 715.534399][T12966] ? __pfx____ratelimit+0x10/0x10 [ 715.534429][T12966] ? __pfx_dump_stack_lvl+0x10/0x10 [ 715.534459][T12966] ? __pfx__printk+0x10/0x10 [ 715.534494][T12966] should_fail_ex+0x414/0x560 [ 715.534524][T12966] _copy_from_user+0x2d/0xb0 [ 715.534556][T12966] sctp_setsockopt+0x19f/0x1200 [ 715.534578][T12966] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 715.534613][T12966] do_sock_setsockopt+0x25a/0x3e0 [ 715.534639][T12966] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 715.534667][T12966] ? __fget_files+0x2a/0x420 [ 715.534704][T12966] __x64_sys_setsockopt+0x18b/0x220 [ 715.534733][T12966] do_syscall_64+0xfa/0x3b0 [ 715.534763][T12966] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.534783][T12966] ? asm_sysvec_call_function_single+0x1a/0x20 [ 715.534805][T12966] ? clear_bhb_loop+0x60/0xb0 [ 715.534830][T12966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.534850][T12966] RIP: 0033:0x7fea63b8e929 [ 715.534869][T12966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.534886][T12966] RSP: 002b:00007fea64aaa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 715.534907][T12966] RAX: ffffffffffffffda RBX: 00007fea63db6080 RCX: 00007fea63b8e929 [ 715.534921][T12966] RDX: 0000000000000010 RSI: 0000000000000084 RDI: 0000000000000006 [ 715.534933][T12966] RBP: 00007fea64aaa090 R08: 000000000000000c R09: 0000000000000000 [ 715.534945][T12966] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 715.534958][T12966] R13: 0000000000000000 R14: 00007fea63db6080 R15: 00007fff38879838 [ 715.534989][T12966] [ 718.411174][ T31] INFO: task syz.5.1204:10978 blocked for more than 143 seconds. [ 718.467753][ T31] Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 [ 718.522900][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 718.570224][ T31] task:syz.5.1204 state:D stack:25880 pid:10978 tgid:10977 ppid:9169 task_flags:0x400140 flags:0x00004006 [ 718.612920][ T31] Call Trace: [ 718.616361][ T31] [ 718.623822][ T31] __schedule+0x16a2/0x4cb0 [ 718.629821][ T31] ? do_raw_spin_lock+0x121/0x290 [ 718.635029][ T31] ? schedule+0x165/0x360 [ 718.780589][ T31] ? __lock_acquire+0xab9/0xd20 [ 718.785530][ T31] ? __pfx___schedule+0x10/0x10 [ 718.791681][ T31] ? schedule+0x91/0x360 [ 719.139437][ T31] schedule+0x165/0x360 [ 719.143702][ T31] netfs_wait_for_request+0x1f0/0x600 [ 719.149374][ T31] ? __pfx_netfs_write_collection+0x10/0x10 [ 719.155422][ T31] ? __pfx_netfs_wait_for_request+0x10/0x10 [ 719.161517][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 719.167761][ T31] netfs_unbuffered_write_iter_locked+0x52a/0x910 [ 719.174263][ T31] netfs_unbuffered_write_iter+0x4c4/0x660 [ 719.180476][ T31] do_iter_readv_writev+0x56e/0x7f0 [ 719.185736][ T31] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 719.191616][ T31] ? rcu_read_lock_any_held+0xb3/0x120 [ 719.205921][ T31] vfs_writev+0x31a/0x960 [ 719.216908][ T31] ? __lock_acquire+0xab9/0xd20 [ 719.221842][ T31] ? __pfx_vfs_writev+0x10/0x10 [ 719.237048][ T31] ? __fget_files+0x2a/0x420 [ 719.241725][ T31] ? __fget_files+0x3a0/0x420 [ 719.246457][ T31] ? __fget_files+0x2a/0x420 [ 719.251446][ T31] do_writev+0x14d/0x2d0 [ 719.255743][ T31] ? __pfx_do_writev+0x10/0x10 [ 719.260692][ T31] ? rcu_is_watching+0x15/0xb0 [ 719.270791][ T31] ? do_syscall_64+0xbe/0x3b0 [ 719.275546][ T31] do_syscall_64+0xfa/0x3b0 [ 719.280227][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 719.285482][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.295583][ T31] ? clear_bhb_loop+0x60/0xb0 [ 719.301316][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.313516][ T31] RIP: 0033:0x7f6588d8e929 [ 719.319141][ T31] RSP: 002b:00007f6586bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 719.331703][ T31] RAX: ffffffffffffffda RBX: 00007f6588fb5fa0 RCX: 00007f6588d8e929 [ 719.342892][ T31] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000007 [ 719.356357][ T31] RBP: 00007f6588e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 719.365635][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 719.381037][ T31] R13: 0000000000000000 R14: 00007f6588fb5fa0 R15: 00007ffe13d9c888 [ 719.393971][ T31] [ 719.399075][ T31] [ 719.399075][ T31] Showing all locks held in the system: [ 719.413159][ T31] 1 lock held by khungtaskd/31: [ 719.420042][ T31] #0: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 719.433534][ T31] 2 locks held by getty/5580: [ 719.450851][ T31] #0: ffff888035c2a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 719.471667][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 719.492719][ T31] 3 locks held by syz.5.1204/10978: [ 719.499840][ T31] #0: ffff8880329227f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 719.525811][ T31] #1: ffff888027ad0428 (sb_writers#25){.+.+}-{0:0}, at: vfs_writev+0x288/0x960 [ 719.544218][ T31] #2: ffff888078b087b8 (&sb->s_type->i_mutex_key#27){++++}-{4:4}, at: netfs_start_io_direct+0x1ef/0x230 [ 719.556132][ T31] 1 lock held by syz.3.1689/12958: [ 719.566527][ T31] #0: ffffffff8e144800 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 719.584597][ T31] 4 locks held by syz.3.1689/12974: [ 719.590238][ T31] 2 locks held by dhcpcd/12992: [ 719.595193][ T31] #0: ffff88807f5f0258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 719.614231][ T31] #1: ffffffff8e144938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 719.628852][ T31] 1 lock held by dhcpcd/12997: [ 719.633756][ T31] #0: ffff888029366258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 719.683198][ T31] [ 719.685787][ T31] ============================================= [ 719.685787][ T31] [ 719.705420][ T31] NMI backtrace for cpu 0 [ 719.705438][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 719.705471][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 719.705484][ T31] Call Trace: [ 719.705492][ T31] [ 719.705501][ T31] dump_stack_lvl+0x189/0x250 [ 719.705535][ T31] ? __wake_up_klogd+0xd9/0x110 [ 719.705560][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 719.705590][ T31] ? __pfx__printk+0x10/0x10 [ 719.705625][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 719.705654][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 719.705675][ T31] ? _printk+0xcf/0x120 [ 719.705700][ T31] ? __pfx__printk+0x10/0x10 [ 719.705723][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 719.705752][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 719.705780][ T31] watchdog+0xfee/0x1030 [ 719.705809][ T31] ? watchdog+0x1de/0x1030 [ 719.705843][ T31] kthread+0x711/0x8a0 [ 719.705868][ T31] ? __pfx_watchdog+0x10/0x10 [ 719.705893][ T31] ? __pfx_kthread+0x10/0x10 [ 719.705916][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 719.705943][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 719.705969][ T31] ? __pfx_kthread+0x10/0x10 [ 719.705991][ T31] ret_from_fork+0x3fc/0x770 [ 719.706022][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 719.706057][ T31] ? __switch_to_asm+0x39/0x70 [ 719.706075][ T31] ? __switch_to_asm+0x33/0x70 [ 719.706093][ T31] ? __pfx_kthread+0x10/0x10 [ 719.706119][ T31] ret_from_fork_asm+0x1a/0x30 [ 719.706156][ T31] [ 719.706196][ T31] Sending NMI from CPU 0 to CPUs 1: [ 719.867119][ C1] NMI backtrace for cpu 1 [ 719.867136][ C1] CPU: 1 UID: 0 PID: 3563 Comm: kworker/u8:7 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 719.867157][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 719.867169][ C1] Workqueue: bat_events batadv_nc_worker [ 719.867196][ C1] RIP: 0010:rcu_is_watching+0x67/0xb0 [ 719.867231][ C1] Code: 89 f7 e8 0c 93 7a 00 48 c7 c3 58 ef 9a 92 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 79 ad f2 10 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f e9 97 af bb 09 cc e8 e1 83 [ 719.867247][ C1] RSP: 0018:ffffc9000c617a00 EFLAGS: 00000286 [ 719.867261][ C1] RAX: 0000000001e9f67c RBX: ffff8880b8732f58 RCX: 33f1a87603e44c00 [ 719.867274][ C1] RDX: ffff8880316a5a00 RSI: ffffffff8be1b920 RDI: ffffffff8be1b8e0 [ 719.867287][ C1] RBP: fffffffffffffe38 R08: 0000000000000000 R09: ffffffff8b2da912 [ 719.867299][ C1] R10: dffffc0000000000 R11: ffffffff8b2da840 R12: dffffc0000000000 [ 719.867312][ C1] R13: ffffffff8b2da912 R14: ffffffff8db92c68 R15: dffffc0000000000 [ 719.867325][ C1] FS: 0000000000000000(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000 [ 719.867339][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 719.867352][ C1] CR2: 000055556728b5c8 CR3: 00000000339b2000 CR4: 00000000003526f0 [ 719.867367][ C1] Call Trace: [ 719.867373][ C1] [ 719.867381][ C1] batadv_nc_worker+0x208/0x610 [ 719.867404][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 719.867431][ C1] process_scheduled_works+0xae1/0x17b0 [ 719.867471][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 719.867504][ C1] worker_thread+0x8a0/0xda0 [ 719.867530][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 719.867558][ C1] ? __kthread_parkme+0x7b/0x200 [ 719.867589][ C1] kthread+0x711/0x8a0 [ 719.867608][ C1] ? __pfx_worker_thread+0x10/0x10 [ 719.867632][ C1] ? __pfx_kthread+0x10/0x10 [ 719.867650][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 719.867671][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 719.867693][ C1] ? __pfx_kthread+0x10/0x10 [ 719.867711][ C1] ret_from_fork+0x3fc/0x770 [ 719.867736][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 719.867761][ C1] ? __switch_to_asm+0x39/0x70 [ 719.867780][ C1] ? __switch_to_asm+0x33/0x70 [ 719.867795][ C1] ? __pfx_kthread+0x10/0x10 [ 719.867812][ C1] ret_from_fork_asm+0x1a/0x30 [ 719.867838][ C1] [ 720.039211][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 720.039239][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 720.039264][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 720.039277][ T31] Call Trace: [ 720.039286][ T31] [ 720.039296][ T31] dump_stack_lvl+0x99/0x250 [ 720.039332][ T31] ? __asan_memcpy+0x40/0x70 [ 720.039353][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 720.039383][ T31] ? __pfx__printk+0x10/0x10 [ 720.039416][ T31] panic+0x2db/0x790 [ 720.039451][ T31] ? __pfx_panic+0x10/0x10 [ 720.039478][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 720.039513][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 720.039539][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 720.039572][ T31] watchdog+0x102d/0x1030 [ 720.039600][ T31] ? watchdog+0x1de/0x1030 [ 720.039633][ T31] kthread+0x711/0x8a0 [ 720.039660][ T31] ? __pfx_watchdog+0x10/0x10 [ 720.039685][ T31] ? __pfx_kthread+0x10/0x10 [ 720.039710][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 720.039737][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 720.039764][ T31] ? __pfx_kthread+0x10/0x10 [ 720.039787][ T31] ret_from_fork+0x3fc/0x770 [ 720.039817][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 720.039851][ T31] ? __switch_to_asm+0x39/0x70 [ 720.039869][ T31] ? __switch_to_asm+0x33/0x70 [ 720.039887][ T31] ? __pfx_kthread+0x10/0x10 [ 720.039910][ T31] ret_from_fork_asm+0x1a/0x30 [ 720.039946][ T31] [ 720.040302][ T31] Kernel Offset: disabled